CVE-2015-3247
Published: 3 September 2015
Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.
Priority
Status
Package | Release | Status |
---|---|---|
spice Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(code not present)
|
trusty |
Released
(0.12.4-0nocelt2ubuntu1.1)
|
|
upstream |
Needs triage
|
|
vivid |
Released
(0.12.5-1ubuntu0.1)
|
|
Patches: vendor: https://git.centos.org/blob/rpms!spice.git/11e32f6dd156a3c4847da29d989837437e973ccc/SOURCES!0038-Avoid-race-conditions-reading-monitor-configs-from-g.patch other: http://lists.freedesktop.org/archives/spice-devel/2015-September/021868.html |