High severity7.8NVD Advisory· Published Jan 20, 2018· Updated Jun 17, 2026
CVE-2017-15108
CVE-2017-15108
Description
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- Range: <=0.17.0
- osv-coords8 versionspkg:rpm/opensuse/spice-vdagent&distro=openSUSE%20Tumbleweedpkg:rpm/suse/spice-vdagent&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/spice-vdagent&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/spice-vdagent&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/spice-vdagent&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/spice-vdagent&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/spice-vdagent&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/spice-vdagent&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
< 0.21.0-1.7+ 7 more
- (no CPE)range: < 0.21.0-1.7
- (no CPE)range: < 0.16.0-8.5.15
- (no CPE)range: < 0.16.0-8.5.15
- (no CPE)range: < 0.16.0-8.5.15
- (no CPE)range: < 0.16.0-8.5.15
- (no CPE)range: < 0.16.0-8.5.15
- (no CPE)range: < 0.16.0-8.5.15
- (no CPE)range: < 0.16.0-8.5.15
- Red Hat, Inc./spice-vdagentv5Range: up to and including 0.17.0
Patches
Vulnerability mechanics
References
3- cgit.freedesktop.org/spice/linux/vd_agent/commit/nvdPatchThird Party Advisory
- lists.debian.org/debian-lts-announce/2021/01/msg00012.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/201804-09nvdThird Party Advisory
News mentions
0No linked articles in our index yet.