CVE-2016-0749: The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors…

CVE-2016-0749 [CRITICAL] CWE-119 GHSA-jvcp-p6pm-47gg: The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code vi The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.

CVE-2016-0749 [CRITICAL] spice vulnerabilities spice vulnerabilities Jing Zhao discovered that the Spice smartcard support incorrectly handled memory. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-0749) Frediano Ziglio discovered that Spice incorrectly handled certain primary surface parameters. A malicious guest operating system could potentially exploit this issue to escape virtualization. (CVE-2016-2150)

CVE-2016-0749 [CRITICAL] CVE-2016-0749: The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code vi The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.

CVE-2016-0749 [CRITICAL] Spice vulnerabilities Title: Spice vulnerabilities Summary: Several security issues were fixed in Spice. Jing Zhao discovered that the Spice smartcard support incorrectly handled memory. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-0749) Frediano Ziglio discovered that Spice incorrectly handled certain primary surface parameters. A malicious guest operating system could potentially exploit this issue to escape virtualization. (CVE-2016-2150) Instructions: After a standard system update you need to restart qemu guests to make all the necessary changes.

CVE-2016-0749 [CRITICAL] CWE-131 spice: heap-based memory corruption within smartcard handling spice: heap-based memory corruption within smartcard handling The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow. A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash the QEMU-KVM process or execute arbitrary code with the privileges of the host's QEMU-KVM process. Package: rhev-hypervisor (Red Hat Enterprise Virtualization 3) - Affected

CVE-2016-0749 [CRITICAL] CVE-2016-0749: spice - The smartcard interaction in SPICE allows remote attackers to cause a denial of ... The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 0.12.6-4.1) bullseye: resolved (fixed in 0.12.6-4.1) forky: resolved (fixed in 0.12.6-4.1) sid: resolved (fixed in 0.12.6-4.1) trixie: resolved (fixed in 0.12.6-4.1)

CVE-2016-0749 [CRITICAL] CVE-2016-0749 spice: heap-based memory corruption within smartcard handling [fedora-all] CVE-2016-0749 spice: heap-based memory corruption within smartcard handling [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported v

CVE-2016-0749 [CRITICAL] CVE-2016-0749 spice: heap-based memory corruption within smartcard handling CVE-2016-0749 spice: heap-based memory corruption within smartcard handling A memory allocation flaw, leading to a heap-based buffer overflow was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM via spice could possibly exploit this flaw to crash the QEMU-KVM process, or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. Acknowledgements: Name: Jing Zhao (Red Hat) Discussion: The RHEL7.3 bug is bug#1287969, the RHEL6 one is bug#1297786. Should they block this bug too? --- Created spice tracking bugs for this issue: Affects: fedora-all [bug 1343137] --- This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1205 https://access.redh