Frediano Ziglio of Red Hat discovered a race condition flaw in spice"s worker_update_monitors_config function, leading to a heap-based memory corruption. A malicious user in a guest can take advantage of this flaw to cause a denial of service or, potentially execute arbitrary code on the host with the privileges of the hosting QEMU process.