Unrated severityNVD Advisory· Published Jan 12, 2024· Updated Feb 25, 2026

Qemu: vnc: null pointer dereference in qemu_clipboard_request()

CVE-2023-6683

Description

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.

Affected products

Red Hat/Red Hat Enterprise Linux 8 Advanced Virtualizationv5
cpe:/a:redhat:advanced_virtualization:8::el8
Red Hat/Enterprise Linuxcpe-rescue4 versions
cpe:/a:redhat:enterprise_linux:8::appstream+ 3 more
- cpe:/a:redhat:enterprise_linux:8::appstreamrange: 8100020240314161907.e155f54d
- cpe:/a:redhat:enterprise_linux:9::appstreamrange: 17:8.2.0-11.el9_4
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7
osv-coords35 versions
pkg:rpm/almalinux/qemu-guest-agent pkg:rpm/almalinux/qemu-img pkg:rpm/almalinux/qemu-kvm pkg:rpm/almalinux/qemu-kvm-audio-pa pkg:rpm/almalinux/qemu-kvm-block-blkio pkg:rpm/almalinux/qemu-kvm-block-curl pkg:rpm/almalinux/qemu-kvm-block-rbd pkg:rpm/almalinux/qemu-kvm-common pkg:rpm/almalinux/qemu-kvm-core pkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpu pkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpu-ccw pkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpu-pci pkg:rpm/almalinux/qemu-kvm-device-display-virtio-vga pkg:rpm/almalinux/qemu-kvm-device-usb-host pkg:rpm/almalinux/qemu-kvm-device-usb-redirect pkg:rpm/almalinux/qemu-kvm-docs pkg:rpm/almalinux/qemu-kvm-tools pkg:rpm/almalinux/qemu-kvm-ui-egl-headless pkg:rpm/almalinux/qemu-kvm-ui-opengl pkg:rpm/almalinux/qemu-pr-helper pkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%20Micro%205.3 pkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%20Micro%205.4 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/qemu&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/qemu&distro=SUSE%20Manager%20Server%204.3
< 17:8.2.0-11.el9_4+ 34 more
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 7.1.0-150500.49.15.1
- (no CPE)range: < 6.2.0-150400.37.29.1
- (no CPE)range: < 6.2.0-150400.37.29.1
- (no CPE)range: < 6.2.0-150400.37.29.1
- (no CPE)range: < 6.2.0-150400.37.29.1
- (no CPE)range: < 6.2.0-150400.37.29.1
- (no CPE)range: < 6.2.0-150400.37.29.1
- (no CPE)range: < 7.1.0-150500.49.15.1
- (no CPE)range: < 7.1.0-150500.49.15.1
- (no CPE)range: < 7.1.0-150500.49.15.1
- (no CPE)range: < 7.1.0-150500.49.15.1
- (no CPE)range: < 6.2.0-150400.37.29.1
- (no CPE)range: < 6.2.0-150400.37.29.1
- (no CPE)range: < 6.2.0-150400.37.29.1
- (no CPE)range: < 6.2.0-150400.37.29.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2024:2135mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:2962mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/security/cve/CVE-2023-6683mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000