Bug 2216478 (CVE-2023-3354)
| Summary: | CVE-2023-3354 QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | allupdates7, ddepaula, dhughes, eglynn, jen, jferlan, jjoyce, jmaloy, knoel, lhh, mburns, mgarciac, mkenneth, mrezanin, mst, murtaza.8060, pbonzini, pgrist, virt-maint, ymankad |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2216502, 2216503, 2216504, 2216505, 2216506, 2216507, 2216508, 2216509, 2216510, 2216511, 2216517, 2216518, 2216519, 2218149 | ||
| Bug Blocks: | 2216474 | ||
|
Description
Mauro Matteo Cascella
2023-06-21 14:50:09 UTC
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 2218149] This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5094 https://access.redhat.com/errata/RHSA-2023:5094 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:5239 https://access.redhat.com/errata/RHSA-2023:5239 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5264 https://access.redhat.com/errata/RHSA-2023:5264 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:5587 https://access.redhat.com/errata/RHSA-2023:5587 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:5796 https://access.redhat.com/errata/RHSA-2023:5796 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:6227 https://access.redhat.com/errata/RHSA-2023:6227 Have you ever heard of PaybyPlateMa? It is a new and innovative way to pay bills online. Instead of sending your invoice by mail. https://paybyplatema.site/ i have fixed this bug on my website https://lowescomsurvey.online/ This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0404 https://access.redhat.com/errata/RHSA-2024:0404 |