CVE-2016-2150

CWE-284Improper Access Control10 documents8 sources
Severity
7.1HIGH
EPSS
0.1%
top 77.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Debian Debian LinuxOpensuse LeapOpensuse Opensuse+7 more
Timeline
PublishedJun 9
Latest updateMay 14

Description

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages7 packages

Debianspice< 0.12.6-4.1+3
NVDopensuse/leap42.1

Also affects: Debian Linux 8.0, Enterprise Linux 6.0, 7.0, 7.2

🔴Vulnerability Details

4
GHSA
GHSA-xcwp-848r-pq94: SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to2022-05-14
OSV
spice vulnerabilities2016-06-21
CVEList
CVE-2016-2150: SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to2016-06-09
OSV
CVE-2016-2150: SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to2016-06-09

📋Vendor Advisories

3
Ubuntu
Spice vulnerabilities2016-06-21
Red Hat
spice: Host memory access from guest with invalid primary surface parameters2016-06-06
Debian
CVE-2016-2150: spice - SPICE allows local guest OS users to read from or write to arbitrary host memory...2016

💬Community

2
Bugzilla
CVE-2016-2150 spice: Host memory access from guest with invalid primary surface parameters [fedora-all]2016-06-06
Bugzilla
CVE-2016-2150 spice: Host memory access from guest with invalid primary surface parameters2016-03-01
CVE-2016-2150 (HIGH CVSS 7.1) | SPICE allows local guest OS users t | cvebase.io