CVE-2020-25650

Summary

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path /run/spice-vdagentd/spice-vdagent-sock could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.

Affected Software

VendorProductVersion RangeStatus
n/aspice-vdagentspice-vdagent versions prior and including 0.20affected

Weaknesses

  • CWE-770: CWE-770

ADP Enrichment

CVE Program Container

Additional References

References