Vulnerability Details : CVE-2015-5261
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2015-5261
Probability of exploitation activity in the next 30 days: 0.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 27 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-5261
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
3.6
|
LOW | AV:L/AC:L/Au:N/C:P/I:P/A:N |
3.9
|
4.9
|
NIST |
7.1
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
1.8
|
5.2
|
NIST |
CWE ids for CVE-2015-5261
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5261
-
http://www.debian.org/security/2015/dsa-3371
Debian -- Security Information -- DSA-3371-1 spice
-
https://security.gentoo.org/glsa/201606-05
spice: Multiple vulnerabilities (GLSA 201606-05) — Gentoo security
-
https://bugzilla.redhat.com/show_bug.cgi?id=1261889
1261889 – (CVE-2015-5261) CVE-2015-5261 spice: host memory access from guest using crafted images
-
http://www.openwall.com/lists/oss-security/2015/10/06/4
oss-security - Fwd: [vs-plain] CVE-2015-5261
-
http://www.ubuntu.com/usn/USN-2766-1
USN-2766-1: Spice vulnerabilities | Ubuntu security notices
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015
-
http://www.securitytracker.com/id/1033753
Spice Race Condition and Buffer Overflows Let Local Guest System Users Crash the Host or Execute Arbitrary Code on the Host System - SecurityTracker
-
http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html
[Spice-devel] Announcing spice 0.12.6
-
http://rhn.redhat.com/errata/RHSA-2015-1890.html
RHSA-2015:1890 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2015-1889.html
RHSA-2015:1889 - Security Advisory - Red Hat Customer Portal
Products affected by CVE-2015-5261
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:a:spice_project:spice:*:*:*:*:*:*:*:*