CVE-2023-6683

Qemu: vnc: null pointer dereference in qemu_clipboard_request()

Published: 1/12/2024 Last updated: 2/25/2026 Reserved: 12/11/2023

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.5	Medium	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (13)

Product	Vendor	Version
Red Hat Enterprise Linux 6	Red Hat	< 56d78b5495ebecbb9395101f3be177cd0a52450b
Red Hat Enterprise Linux 7	Red Hat	< 30187be29052bba9203b0ae2bdd815e0bc2faaab
Red Hat Enterprise Linux 6	Red Hat	22.0 ap368026
Red Hat Enterprise Linux 7	Red Hat	22.0 ap363521
Red Hat Enterprise Linux 9	Red Hat	< 335a47ed71e332c82339d1aec0c7f6caccfcda13
Red Hat Enterprise Linux 7	Red Hat	< dcd85e3c929368076a7592b27f541e0da8b427f5
Red Hat Enterprise Linux 7	Red Hat	< 6.0.6003.21446
Red Hat Enterprise Linux 8 Advanced Virtualization	Red Hat	22.0 ap364199
Red Hat Enterprise Linux 8 Advanced Virtualization	Red Hat	< 8e44dc3f96e903815dab1d74fff8faafdc6feb61
Red Hat Enterprise Linux 8	Red Hat	< b49c6e5dd236787f13a062ec528d724169f11152
Red Hat Enterprise Linux 8	Red Hat	22.0 ap362328
Red Hat Enterprise Linux 8	Red Hat	< ed790bd0903ed3352ebf7f650d910f49b7319b34
Red Hat Enterprise Linux 8	Red Hat	22.0 ap363332

References (18)

Credits (2)

Red Hat would like to thank Fiona Ebner (Proxmox) and Markus Frank (Proxmox) for reporting this issue.
Red Hat would like to thank Fiona Ebner (Proxmox) and Markus Frank (Proxmox) for reporting this issue.