CVE-2016-0749

Properties

Published:
08.06.2016
Updated:
15.07.2016
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Product:
redhat: enterprise_linux_workstation
redhat: enterprise_linux_workstation
redhat: enterprise_linux

Vulnerability description

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.

References:

REDHAT: https://access.redhat.com/errata/RHSA-2016:1205
REDHAT: https://access.redhat.com/errata/RHSA-2016:1204
DEBIAN: http://www.debian.org/security/2016/dsa-3596
SUSE: http://lists.opensuse.org/opensuse-updates/2016-07/msg00004.html
SUSE: http://lists.opensuse.org/opensuse-updates/2016-07/msg00003.html