View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-2150 severity important: SUSE including 38 source package names (libspice-server-devel, libspice-server-devel-0.12.4-8.9.1, …), 98 product×package rows across 61 product lines (HPE Helion OpenStack 8, SUSE Liberty Linux 7, … (61 product lines)): Fixed 50, Known Not Affected 48.
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.