SUSE: CVE-2023-6683: SUSE Linux Security Advisory

SUSE: CVE-2023-6683: SUSE Linux Security Advisory

Severity

7

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:C)

Published

01/12/2024

Created

04/24/2024

Added

04/24/2024

Modified

01/28/2025

Description

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.

Solution(s)

• suse-upgrade-qemu
• suse-upgrade-qemu-accel-qtest
• suse-upgrade-qemu-accel-tcg-x86
• suse-upgrade-qemu-arm
• suse-upgrade-qemu-audio-alsa
• suse-upgrade-qemu-audio-dbus
• suse-upgrade-qemu-audio-jack
• suse-upgrade-qemu-audio-pa
• suse-upgrade-qemu-audio-spice
• suse-upgrade-qemu-block-curl
• suse-upgrade-qemu-block-dmg
• suse-upgrade-qemu-block-gluster
• suse-upgrade-qemu-block-iscsi
• suse-upgrade-qemu-block-nfs
• suse-upgrade-qemu-block-rbd
• suse-upgrade-qemu-block-ssh
• suse-upgrade-qemu-chardev-baum
• suse-upgrade-qemu-chardev-spice
• suse-upgrade-qemu-extra
• suse-upgrade-qemu-guest-agent
• suse-upgrade-qemu-hw-display-qxl
• suse-upgrade-qemu-hw-display-virtio-gpu
• suse-upgrade-qemu-hw-display-virtio-gpu-pci
• suse-upgrade-qemu-hw-display-virtio-vga
• suse-upgrade-qemu-hw-s390x-virtio-gpu-ccw
• suse-upgrade-qemu-hw-usb-host
• suse-upgrade-qemu-hw-usb-redirect
• suse-upgrade-qemu-hw-usb-smartcard
• suse-upgrade-qemu-ipxe
• suse-upgrade-qemu-ivshmem-tools
• suse-upgrade-qemu-ksm
• suse-upgrade-qemu-kvm
• suse-upgrade-qemu-lang
• suse-upgrade-qemu-microvm
• suse-upgrade-qemu-ppc
• suse-upgrade-qemu-s390x
• suse-upgrade-qemu-seabios
• suse-upgrade-qemu-sgabios
• suse-upgrade-qemu-skiboot
• suse-upgrade-qemu-slof
• suse-upgrade-qemu-tools
• suse-upgrade-qemu-ui-curses
• suse-upgrade-qemu-ui-dbus
• suse-upgrade-qemu-ui-gtk
• suse-upgrade-qemu-ui-opengl
• suse-upgrade-qemu-ui-spice-app
• suse-upgrade-qemu-ui-spice-core
• suse-upgrade-qemu-vgabios
• suse-upgrade-qemu-vhost-user-gpu
• suse-upgrade-qemu-x86

References

• https://attackerkb.com/topics/cve-2023-6683
• CVE - 2023-6683