1. Home
  2. CVE Database
  3. CVE-2016-2150
HIGH · 7.1

CVE-2016-2150

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

Vulnerability Description

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

CVSS Score

7.1

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
RedhatEnterprise Linux7.0
RedhatEnterprise Linux Desktop7.0
RedhatEnterprise Linux Hpc Node Eus7.2
RedhatEnterprise Linux Server7.0
RedhatEnterprise Linux Server Aus7.2
RedhatEnterprise Linux Server Eus7.2
RedhatEnterprise Linux Workstation7.0
MicrosoftWindowsAll versions
OpensuseLeap42.1
OpensuseOpensuse13.2
DebianDebian Linux8.0
Spice ProjectSpice-

Related Weaknesses (CWE)

CWE-284

References

FAQ

What is CVE-2016-2150?

CVE-2016-2150 is a vulnerability with a CVSS score of 7.1 (HIGH). SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

How severe is CVE-2016-2150?

CVE-2016-2150 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2150?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node Eus, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.