CVE-2016-2150

Properties

Published:
08.06.2016
Updated:
15.07.2016
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:L/AC:L/Au:N/C:P/I:P/A:N)
    Product:
    redhat: enterprise_linux_workstation
    redhat: enterprise_linux_workstation
    redhat: enterprise_linux

    Vulnerability description

    SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

    References:

    CONFIRM: https://bugzilla.redhat.com/show_bug.cgi?id=1313496
    REDHAT: https://access.redhat.com/errata/RHSA-2016:1205
    REDHAT: https://access.redhat.com/errata/RHSA-2016:1204
    DEBIAN: http://www.debian.org/security/2016/dsa-3596
    SUSE: http://lists.opensuse.org/opensuse-updates/2016-07/msg00004.html
    SUSE: http://lists.opensuse.org/opensuse-updates/2016-07/msg00003.html