Debian 9 LTS DLA-2524-1 Critical: Spice-Vdagent Multiple Risks
debian lts
January 13, 2021
Several vulnerabilities were discovered in spice-vdagent, a spice guest agent for enchancing SPICE integeration and experience
Summary
spice-vdagent does not properly escape save directory before
passing to shell, allowing local attacker with access to the
session the agent runs in to inject arbitrary commands to be
executed.
CVE-2020-25650
A flaw was found in the way the spice-vdagentd daemon handled file
transfers from the host system to the virtual machine. Any
unprivileged local guest user with access to the UNIX domain
socket path `/run/spice-vdagentd/spice-vdagent-sock` could use
this flaw to perform a memory denial of service for spice-vdagentd
or even other processes in the VM system. The highest threat from
this vulnerability is to system availability. This flaw affects
spice-vdagent versions 0.20 and previous versions.
CVE-2020-25651
A flaw was found in the SPICE file transfer protocol. File data
from the host system can end up in full or in parts in the client
connection of an illegitimate local user in the VM system. Active
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: spice-vdagent
Version: 0.17.0-1+deb9u1
CVE ID: CVE-2017-15108 CVE-2020-25650 CVE-2020-25651 CVE-2020-25652
Debian Bug: 883238 973769
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!