Bug 1886359 (CVE-2020-25651)
Summary: | CVE-2020-25651 spice-vdagent: possible file transfer DoS and information leak via active_xfers hash map | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | alon, cfergeau, hdegoede, marcandre.lureau, rh-spice-bugs, security-response-team, uril |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | spice-vdagent 0.21.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the SPICE file transfer protocol. File data from the host system can partially or fully end up in the client connection of an unauthorized local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to confidentiality as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-05-18 14:35:39 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1886434, 1894434 | ||
Bug Blocks: | 1882815 |
Description
Mauro Matteo Cascella
2020-10-08 09:34:33 UTC
Acknowledgments: Name: Matthias Gerstner (SUSE Security Team) External References: https://www.openwall.com/lists/oss-security/2020/11/04/1 Created spice-vdagent tracking bugs for this issue: Affects: fedora-all [bug 1894434] Upstream commits: https://github.com/freedesktop/spice-vd_agent/commit/e4bfd1b632b6c14e8411dbe3565115a78cd3d256 https://github.com/freedesktop/spice-vd_agent/commit/b7db1c20c9f80154fb54392eb44add3486d3e427 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-25651 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1791 https://access.redhat.com/errata/RHSA-2021:1791 |