CVE-2023-6683

Qemu: vnc: null pointer dereference in qemu_clipboard_request()

Published: 1/12/2024 Last updated: 2/25/2026 Reserved: 12/11/2023

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.5	Medium	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (6)

Product	Vendor	Version
Red Hat Enterprise Linux 6	Red Hat	22.0 ap368026
Red Hat Enterprise Linux 7	Red Hat	22.0 ap363521
Red Hat Enterprise Linux 7	Red Hat	< 6.0.6003.21446
Red Hat Enterprise Linux 8 Advanced Virtualization	Red Hat	22.0 ap364199
Red Hat Enterprise Linux 8	Red Hat	22.0 ap362328
Red Hat Enterprise Linux 8	Red Hat	22.0 ap363332

References (18)

Credits (2)

Red Hat would like to thank Fiona Ebner (Proxmox) and Markus Frank (Proxmox) for reporting this issue.
Red Hat would like to thank Fiona Ebner (Proxmox) and Markus Frank (Proxmox) for reporting this issue.