Bug 1214684 (CVE-2020-23793)

Summary: VUL-0: CVE-2020-23793: spice,spice-gtk: improper input validation in function async_READ_handler
Product: [Novell Products] SUSE Security Incidents Reporter: Carlos López <carlos.lopez>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: carnold, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/375985/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-23793:8.6:(AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Carlos López 2023-08-28 10:59:36 UTC 
CVE-2020-23793

An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects.

References:

https://github.com/zelat/spice-security-issues

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23793
https://bugzilla.redhat.com/show_bug.cgi?id=2234984
https://www.cve.org/CVERecord?id=CVE-2020-23793
https://github.com/zelat/spice-security-issues
Comment 1 Charles Arnold 2023-08-28 17:18:08 UTC 
The recommended fix given in redhat bug,

https://bugzilla.redhat.com/show_bug.cgi?id=2234984

is already in our older distros and is part of the newer distro tarballs.
See bsc#1023079 (CVE-2016-9578) for the patch for the older distros.


Fix is part of the tarball:
SLE-15-SP1/SP2/SP3/SP4/SP5

Patch CVE-2016-9578-remote-dos-via-crafted-message.patch already included for:
SLE-12-SP1/SP2/SP3/SP4/SP5, SLE11-SP4

I don't think there is anything more to be done.
Comment 2 Carlos López 2023-08-30 13:11:01 UTC 
Closing this since it was already fixed.