CVE-2016-0749 (debian_linux, enterprise_linux, enterprise_linux_desktop, enterprise_linux_hpc_node_eus, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_workstation, spice)
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.