A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1886366 | Issue Tracking Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/ | |
https://www.openwall.com/lists/oss-security/2020/11/04/1 | Exploit Mailing List Third Party Advisory |
Configurations
History
07 Nov 2023, 03:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-11-26 02:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-25652
Mitre link : CVE-2020-25652
CVE.ORG link : CVE-2020-25652
JSON object : View
Products Affected
fedoraproject
- fedora
debian
- debian_linux
spice-space
- spice-vdagent
CWE
CWE-770
Allocation of Resources Without Limits or Throttling