Vulnerability CVE-2020-25653: Information
Description
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| spice-vdagent | sisyphus | 0.21.0-alt1 | 0.22.1-alt1.1 | ALT-PU-2021-1106-1 | 265014 | Fixed |
| spice-vdagent | p10 | 0.21.0-alt1 | 0.22.1-alt1.1 | ALT-PU-2021-1106-1 | 265014 | Fixed |
| spice-vdagent | p9 | 0.21.0-alt1 | 0.21.0-alt1 | ALT-PU-2021-1155-1 | 265015 | Fixed |
| spice-vdagent | c10f1 | 0.21.0-alt1 | 0.21.0-alt3 | ALT-PU-2021-1106-1 | 265014 | Fixed |
| spice-vdagent | c9f2 | 0.21.0-alt3 | 0.21.0-alt3 | ALT-PU-2023-1838-1 | 321199 | Fixed |
| spice-vdagent | p11 | 0.21.0-alt1 | 0.22.1-alt1.1 | ALT-PU-2021-1106-1 | 265014 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1886372 |
|
| https://www.openwall.com/lists/oss-security/2020/11/04/1 |
|
| [debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update |
|
| FEDORA-2021-09ce0cdfac | |
| FEDORA-2021-510977db25 |