|
|
Log in / Subscribe / Register

qspice: denial of service

Package(s):qspice CVE #(s):CVE-2010-0428 CVE-2010-0429
Created:August 20, 2010 Updated:August 27, 2010
Description: From the Red Hat advisory:

It was found that the libspice component of QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0428)

It was found that the libspice component of QEMU-KVM on the host could be forced to perform certain memory management operations on memory addresses controlled by a guest. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-0429)

Alerts:
CentOS CESA-2010:0633 qspice 2010-08-27
Red Hat RHSA-2010:0633-01 qspice 2010-08-19
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds