CVE-2026-57965

Public on 2026-06-29
Modified on 2026-07-01
Description
A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service (DoS) for the virtual machine. This issue requires the SPICE host to be untrusted or compromised for exploitation.
Severity
Medium severity
Medium
See what this means
CVSS v3 Base Score
5.1
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core spice-vdagent Not Affected
Amazon Linux 2023 spice-vdagent Pending Fix

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H