Integer Overflow Vulnerability in spice-vdagent Affects Red Hat Products
CVE-2026-57965

5.1MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 29 June 2026

What is CVE-2026-57965?

A vulnerability has been identified in spice-vdagent, where a malicious or compromised SPICE host could exploit the system by sending a specially crafted message. This exploitation may trigger an integer overflow, leading to a subsequent heap buffer overflow. As a result, the spice-vdagent daemon may crash, effectively causing a Denial of Service (DoS) to the affected virtual machine. Successful exploitation relies on the SPICE host being untrusted or previously compromised.

References

https://access.redhat.com/security/cve/CVE-2026-57965

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2493581

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
Jun 26, 2026

Credit

Red Hat would like to thank Ashish Kunwar for reporting this issue.

CVE-2026-57965 Data

JSON