CVE-2015-3247

Impact:
Important
Public Date:
2015-09-03
CWE:
CWE-362
Bugzilla:
1233238: CVE-2015-3247 spice: memory corruption in worker_update_monitors_config()
A race condition flaw, leading to a heap-based memory corruption, was found in spice's worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process.

Find out more about CVE-2015-3247 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 7.7
Base Metrics AV:A/AC:L/Au:S/C:C/I:C/A:C
Access Vector Adjacent Network
Access Complexity Low
Authentication Single
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (spice-server) RHSA-2015:1715 2015-09-03
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (rhev-hypervisor7) RHSA-2015:1713 2015-09-03
Red Hat Enterprise Linux 7 (spice) RHSA-2015:1714 2015-09-03
RHEV Hypervisor for RHEL-6 RHSA-2015:1713 2015-09-03

Acknowledgements

This issue was discovered by Frediano Ziglio of Red Hat.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.