QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2020-25650

Back to search

CVE-2020-25650

Published: Nov 25, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.

VendorProductVersions

n/a

spice-vdagent

affected
spice-vdagent versions prior and including 0.20

Weaknesses (CWE)

CWE-770

References

FEDORA-2021-09ce0cdfac
vendor-advisory
x_refsource_FEDORA
FEDORA-2021-510977db25
vendor-advisory
x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now