CVE-2015-3247

CWE-119 — Buffer Overflow CWE-362 — Race Condition9 documents8 sources

Severity

6.9MEDIUM

EPSS

0.8%

top 26.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux Redhat Enterprise Linux Desktop Redhat Enterprise Linux HPC Node +3 more

Timeline

PublishedSep 8

Latest updateMay 14

Description

Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages6 packages

▶Debianspice< 0.12.5-1.2+3

▶NVDspice_project/spice0.12.4

▶NVDredhat/enterprise_linux_server6.0, 7.0+1

▶NVDredhat/enterprise_linux_desktop6.0, 7.0+1

▶NVDredhat/enterprise_linux_hpc_node6, 7.0+1

Also affects: Enterprise Linux 6.0, 7.0

🔴Vulnerability Details

GHSA

GHSA-jcpp-w729-jxmc: Race condition in the worker_update_monitors_config function in SPICE 0↗2022-05-14

▶

OSV

CVE-2015-3247: Race condition in the worker_update_monitors_config function in SPICE 0↗2015-09-08

▶

CVEList

CVE-2015-3247: Race condition in the worker_update_monitors_config function in SPICE 0↗2015-09-08

▶

📋Vendor Advisories

Ubuntu

Spice vulnerability↗2015-09-08

▶

Red Hat

spice: memory corruption in worker_update_monitors_config()↗2015-09-03

▶

Debian

CVE-2015-3247: spice - Race condition in the worker_update_monitors_config function in SPICE 0.12.4 all...↗2015

▶

💬Community

Bugzilla

CVE-2015-3247 spice: memory corruption in worker_update_monitors_config() [fedora-all]↗2015-09-07

▶

Bugzilla

CVE-2015-3247 spice: memory corruption in worker_update_monitors_config()↗2015-06-18

▶