CVE-2015-3247
spice - security update
EPSS 0.77%
Description
Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.
How to fix CVE-2015-3247
To remediate CVE-2015-3247, upgrade the affected package to a fixed version below.
- Debian/spice—upgrade to 0.12.5-1.2 or later
- Debian/spice—upgrade to 0.12.5-1+deb8u1 or later
Is CVE-2015-3247 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.12.5-1.2
- from 0, < 0.12.5-1+deb8u1