A memory allocation flaw, leading to a heap-based buffer overflow was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM via spice could possibly exploit this flaw to crash the QEMU-KVM process, or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. Acknowledgements: Name: Jing Zhao (Red Hat)
The RHEL7.3 bug is bug#1287969, the RHEL6 one is bug#1297786. Should they block this bug too?
Created spice tracking bugs for this issue: Affects: fedora-all [bug 1343137]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1205 https://access.redhat.com/errata/RHSA-2016:1205
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:1204 https://access.redhat.com/errata/RHSA-2016:1204