CVE-2015-3247
published 2015-09-08CVE-2015-3247: Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based…
medium6.9CVSS 3.1
AVLACMAuNCCICAC
Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | spice | < spice 0.12.5-1.2 (bookworm) | spice 0.12.5-1.2 (bookworm) |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_hpc_node | — | — |
| redhat | enterprise_linux_hpc_node | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
| spice_project | spice | — | — |
| spice_project | spice | >= 0 < 0.12.5-1.2 | 0.12.5-1.2 |
| spice_project | spice | >= 0 < 0.12.5-1.2 | 0.12.5-1.2 |
| spice_project | spice | >= 0 < 0.12.5-1.2 | 0.12.5-1.2 |
| spice_project | spice | >= 0 < 0.12.5-1.2 | 0.12.5-1.2 |
CVSS provenance
nvd6.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM