CVE-2023-6683

Qemu: vnc: null pointer dereference in qemu_clipboard_request()

Published: 1/12/2024 Last updated: 11/8/2025 Reserved: 12/11/2023

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.5	Medium	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (14)

Product	Vendor	Version
Red Hat Enterprise Linux 6	Red Hat	< 10.0.17763.3406
Red Hat Enterprise Linux 7	Red Hat	< 2.10.0
Red Hat Enterprise Linux 9	Red Hat	>= 8.1.4
Red Hat Enterprise Linux 6	Red Hat	Android kernel
Red Hat Enterprise Linux 7	Red Hat	8.1 for x64-based systems
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	unspecified
Red Hat Enterprise Linux 7	Red Hat	n/a
Red Hat Enterprise Linux 8 Advanced Virtualization	Red Hat	>= 8.1.5
Red Hat Enterprise Linux 8 Advanced Virtualization	Red Hat	<= 5.8.4
Red Hat Enterprise Linux 8	Red Hat	< 1.36.2
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	< 1.30.8
Red Hat Enterprise Linux 8	Red Hat	8.1 for 32-bit systems

References (18)

Credits (2)

Red Hat would like to thank Fiona Ebner (Proxmox) and Markus Frank (Proxmox) for reporting this issue.
Red Hat would like to thank Fiona Ebner (Proxmox) and Markus Frank (Proxmox) for reporting this issue.