CVE-2016-2150

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

References

http://lists.opensuse.org/opensuse-updates/2016-07/msg00003.html

http://lists.opensuse.org/opensuse-updates/2016-07/msg00004.html

http://www.debian.org/security/2016/dsa-3596

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.ubuntu.com/usn/USN-3014-1

https://access.redhat.com/errata/RHSA-2016:1204

https://access.redhat.com/errata/RHSA-2016:1205

https://bugzilla.redhat.com/show_bug.cgi?id=1313496

https://security.gentoo.org/glsa/201606-05

Details

Source: MITRE

Published: 2016-06-09

Updated: 2019-04-22

Type: CWE-284

Risk Information

CVSS v2

Base Score: 3.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Impact Score: 5.2

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
150653SUSE SLES11 Security Update : spice (SUSE-SU-2021:14744-1)NessusSuSE Local Security Checks
medium
93032Fedora 23 : spice (2016-a7322c9fd1)NessusFedora Local Security Checks
critical
92443Fedora 24 : spice (2016-6b9c658707)NessusFedora Local Security Checks
critical
91944openSUSE Security Update : spice (openSUSE-2016-824)NessusSuSE Local Security Checks
critical
91943openSUSE Security Update : spice (openSUSE-2016-823)NessusSuSE Local Security Checks
critical
91859Debian DLA-531-1 : spice security updateNessusDebian Local Security Checks
high
91758Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : spice vulnerabilities (USN-3014-1)NessusUbuntu Local Security Checks
critical
91661SUSE SLED12 / SLES12 Security Update : spice (SUSE-SU-2016:1561-1)NessusSuSE Local Security Checks
critical
91659SUSE SLED12 / SLES12 Security Update : spice (SUSE-SU-2016:1559-1)NessusSuSE Local Security Checks
critical
91647Scientific Linux Security Update : spice-server on SL6.x x86_64 (20160606)NessusScientific Linux Local Security Checks
critical
91638GLSA-201606-05 : spice: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
91514Scientific Linux Security Update : spice on SL7.x x86_64 (20160606)NessusScientific Linux Local Security Checks
critical
91504CentOS 7 : spice (CESA-2016:1205)NessusCentOS Local Security Checks
critical
91503CentOS 6 : spice-server (CESA-2016:1204)NessusCentOS Local Security Checks
critical
91496RHEL 7 : spice (RHSA-2016:1205)NessusRed Hat Local Security Checks
critical
91495RHEL 6 : spice-server (RHSA-2016:1204)NessusRed Hat Local Security Checks
critical
91494Oracle Linux 7 : spice (ELSA-2016-1205)NessusOracle Linux Local Security Checks
critical
91493Oracle Linux 6 : spice-server (ELSA-2016-1204)NessusOracle Linux Local Security Checks
critical
91490Debian DSA-3596-1 : spice - security updateNessusDebian Local Security Checks
critical