Matthias Gerstner discovered that SPICE vdagent incorrectly handled the active_xfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service. (CVE-2020-25650) Matthias Gerstner discovered that SPICE vdagent incorrectly handled the active_xfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service, or obtain sensitive file contents. (CVE-2020-25651) Matthias Gerstner discovered that SPICE vdagent incorrectly handled a large number of client connections. A local attacker could possibly use this issue to cause SPICE vdagent to consume resources, resulting in a denial of service. (CVE-2020-25652) Matthias Gerstner discovered that SPICE vdagent incorrectly handled client connections. A local attacker could possibly use this issue to obtain sensitive information, paste clipboard contents, and transfer files into the active session. (CVE-2020-25653)
Continue reading...
Continue reading...
