CVE-2023-3354

NameCVE-2023-3354
DescriptionA flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3759-1, ELA-1063-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu (PTS)jessie, jessie (lts)1:2.1+dfsg-12+deb8u23vulnerable
stretch (security)1:2.8+dfsg-6+deb9u17vulnerable
stretch (lts), stretch1:2.8+dfsg-6+deb9u19fixed
buster (security), buster, buster (lts)1:3.1+dfsg-8+deb10u12fixed
bullseye1:5.2+dfsg-11+deb11u3fixed
bullseye (security)1:5.2+dfsg-11+deb11u2vulnerable
bookworm1:7.2+dfsg-7+deb12u7fixed
sid, trixie1:9.2.0+ds-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qemusourcestretch1:2.8+dfsg-6+deb9u19ELA-1063-1
qemusourcebuster1:3.1+dfsg-8+deb10u12DLA-3759-1
qemusourcebullseye1:5.2+dfsg-11+deb11u3
qemusourcebookworm1:7.2+dfsg-7+deb12u2
qemusource(unstable)1:8.0.4+dfsg-1

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=2216478
https://lists.nongnu.org/archive/html/qemu-devel/2023-07/msg01014.html
Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62 (v8.0.4)
[jessie] - qemu <postponed> (Minor issue, DoS)

Search for package or bug name: Reporting problems