Vulnerability CVE-2020-25650

Vulnerability Name:

CVE-2020-25650 (CCN-191193)

Assigned:

2020-11-03

Published:

2020-11-03

Updated:

2021-02-19

Summary:

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

3.3 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
2.9 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-770

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-25650

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1886345

Source: CCN
Type: Bugzilla Bug 1173749
AUDIT-0: spice-vdagent: spice-vdagentd.service can be implicitly started by default

Source: XF
Type: UNKNOWN
spice-vdagent-cve202025650-dos(191193)

Source: CCN
Type: vd_agent GitLab Web site
vd_agent

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update

Source: FEDORA
Type: Third Party Advisory
FEDORA-2021-510977db25

Source: FEDORA
Type: Third Party Advisory
FEDORA-2021-09ce0cdfac

Source: CCN
Type: oss-sec Mailing List, Wed, 4 Nov 2020 10:17:05 +0100
Security Issues in the spice-vdagentd daemon

Source: MISC
Type: Exploit, Mailing List, Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/11/04/1

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-25650

Vulnerable Configuration:

Configuration 1:

cpe:/a:spice-space:spice-vdagent:*:*:*:*:*:*:*:* (Version <= 0.20.0)

Configuration 2:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202025650	V	CVE-2020-25650	2023-06-22
oval:org.opensuse.security:def:7977	P	spice-vdagent-0.22.1-150500.2.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3354	P	rpm-32bit-4.11.2-16.21.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94984	P	spice-vdagent-0.21.0-3.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2909	P	dnsmasq-2.86-150400.14.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94749	P	libzzip-0-13-0.13.69-3.10.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2919	P	file-5.32-7.14.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:363	P	spice-vdagent-0.21.0-3.3.1 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:99725	P	(Important)	2022-03-30
oval:org.opensuse.security:def:113449	P	spice-vdagent-0.21.0-1.7 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:49303	P	Security update for python-Babel (Important)	2021-12-22
oval:org.opensuse.security:def:100035	P	(Important)	2021-12-22
oval:org.opensuse.security:def:93279	P	(Moderate)	2021-12-16
oval:org.opensuse.security:def:49458	P	Security update for php74 (Moderate)	2021-12-06
oval:org.opensuse.security:def:64808	P	Security update for webkit2gtk3 (Important)	2021-12-02
oval:org.opensuse.security:def:106849	P	spice-vdagent-0.21.0-1.7 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:96617	P	libXrender-devel-0.9.10-1.30 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:70482	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:73696	P	Security update for wireshark (Moderate)	2021-09-13
oval:org.opensuse.security:def:64564	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:99134	P	(Moderate)	2021-08-23
oval:org.opensuse.security:def:9577	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:99327	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:92973	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:70281	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:8828	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:92377	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:69527	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:9776	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:99526	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:93126	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:70467	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:9023	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:98939	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:92576	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:69717	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:10141	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:91989	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:9387	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:92775	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:69916	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:10327	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:8642	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:92184	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:32980	P	Security update for spice-vdagent (Moderate)	2021-08-17
oval:org.opensuse.security:def:87444	P	Security update for spice-vdagent (Moderate)	2021-08-17
oval:org.opensuse.security:def:34510	P	Security update for spice-vdagent (Moderate)	2021-08-17
oval:org.opensuse.security:def:58803	P	Security update for spice-vdagent (Moderate)	2021-08-17
oval:org.opensuse.security:def:60333	P	Security update for spice-vdagent (Moderate)	2021-08-17
oval:org.opensuse.security:def:2264	P	libvirglrenderer0-0.6.0-4.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2271	P	openslp-server-2.0.0-6.15.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2269	P	nginx-1.19.8-1.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2259	P	libshibsp-lite8-3.1.0-1.30 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2240	P	gnuplot-5.2.2-3.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2233	P	davfs2-1.5.4-3.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2230	P	apache2-mod_wsgi-python3-4.5.18-2.27 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:74366	P	Security update for spice-vdagent (Important)	2021-08-05
oval:org.opensuse.security:def:111650	P	Security update for spice-vdagent (Important)	2021-08-05
oval:org.opensuse.security:def:101713	P	Security update for spice-vdagent (Important)	2021-08-05
oval:org.opensuse.security:def:4209	P	Security update for spice-vdagent (Important)	2021-08-05
oval:org.opensuse.security:def:65298	P	Security update for spice-vdagent (Important)	2021-08-05
oval:org.opensuse.security:def:101462	P	Security update for cryptctl (Important)	2021-06-23
oval:org.opensuse.security:def:67126	P	Security update for MozillaThunderbird (Moderate)	2021-06-04
oval:org.opensuse.security:def:64701	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:64700	P	Security update for bind (Important)	2021-06-01
oval:org.opensuse.security:def:73817	P	Security update for libX11 (Moderate)	2021-05-26
oval:com.redhat.rhsa:def:20211791	P	RHSA-2021:1791: spice-vdagent security and bug fix update (Moderate)	2021-05-18
oval:org.opensuse.security:def:70374	P	Security update for OpenIPMI (Moderate)	2021-04-01
oval:org.opensuse.security:def:67031	P	Security update for slurm_20_11 and pdsh (Important)	2021-02-18
oval:org.opensuse.security:def:49912	P	terraform on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64235	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63859	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:64006	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:51354	P	Security update for spice-vdagent (Important)	2020-12-01
oval:org.opensuse.security:def:64968	P	Security update for qemu (Moderate)	2020-12-01
oval:org.opensuse.security:def:49780	P	cups-ddk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:75155	P	Security update for spice-vdagent (Important)	2020-12-01
oval:org.opensuse.security:def:50016	P	libupsclient1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49847	P	log4j12-javadoc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49691	P	libraptor-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51292	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:49943	P	dhcp-relay on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:75022	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:64910	P	Security update for libjpeg-turbo (Important)	2020-12-01
oval:org.opensuse.security:def:65080	P	Security update for postgresql12 (Important)	2020-12-01
oval:org.opensuse.security:def:49208	P	libopus0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:110850	P	Security update for spice-vdagent (Important)	2020-11-11
oval:org.opensuse.security:def:117642	P	Security update for spice-vdagent (Important)	2020-11-10
oval:org.opensuse.security:def:108128	P	Security update for spice-vdagent (Important)	2020-11-10

BACK