Description
A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service (DoS) for the virtual machine. This issue requires the SPICE host to be untrusted or compromised for exploitation.
Published: 2026-06-29
Score: 5.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow in spice‑vdagent’s udscs_write() can be triggered by a specially crafted message sent by a SPICE host. The overflow corrupts heap memory, causing the spice‑vdagent daemon to crash and rendering the virtual machine unavailable. The flaw is a CWE‑190 integer‑overflow error and presents a moderate severity denial of service risk to the guest system.

Affected Systems

Red Hat Enterprise Linux 6, 7, 8, 9 and 10 are affected, as the vulnerable spice‑vdagent package is shipped with all these distributions.

Risk and Exploitability

The CVSS score of 5.1 indicates a moderate severity. No EPSS score is available, so the probability of exploitation at this time is uncertain. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires a malicious or compromised SPICE host; the attacker must control or influence the host that communicates with the guest to trigger the overflow.

Generated by OpenCVE AI on June 29, 2026 at 09:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Red Hat update for the spice‑vdagent package that contains the integer‑overflow fix (CWE‑190).
  • Restart the spice‑vdagent service so that the patched binary is in use.
  • Ensure that only trusted SPICE hosts are allowed to connect to the virtual machine; restrict or filter SPICE host connectivity to mitigate risk until a patch is deployed.

Generated by OpenCVE AI on June 29, 2026 at 09:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 29 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service (DoS) for the virtual machine. This issue requires the SPICE host to be untrusted or compromised for exploitation.
Title Spice-vdagent: integer overflow in udscs_write() leading to heap buffer overflow
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-190
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-29T10:44:51.594Z

Reserved: 2026-06-26T15:48:49.151Z

Link: CVE-2026-57965

cve-icon Vulnrichment

Updated: 2026-06-29T10:44:45.589Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T10:00:11Z

Weaknesses
  • CWE-190

    Integer Overflow or Wraparound