CVE-2023-3354: Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service
First published: Wed Jun 21 2023(Updated: )
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QEMU qemu | ||
| Redhat Openstack Platform | =13.0 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =9.0 | |
| QEMU qemu | <8.1.0 | |
| QEMU qemu | =8.1.0-rc0 | |
| QEMU qemu | =8.1.0-rc1 | |
| Fedoraproject Fedora | =38 | |
| ubuntu/qemu | <1:4.2-3ubuntu6.28 | 1:4.2-3ubuntu6.28 |
| ubuntu/qemu | <1:6.2+dfsg-2ubuntu6.16 | 1:6.2+dfsg-2ubuntu6.16 |
| ubuntu/qemu | <1:7.2+dfsg-5ubuntu2.4 | 1:7.2+dfsg-5ubuntu2.4 |
| debian/qemu | <=1:3.1+dfsg-8+deb10u8<=1:5.2+dfsg-11+deb11u2 | 1:3.1+dfsg-8+deb10u12 1:5.2+dfsg-11+deb11u3 1:7.2+dfsg-7+deb12u5 1:8.2.3+ds-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2216478
- https://access.redhat.com/security/cve/CVE-2023-3354
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2218149
- https://lists.nongnu.org/archive/html/qemu-devel/2023-07/msg01014.html
- https://lists.nongnu.org/archive/html/qemu-devel/2023-07/msg02668.html
- https://access.redhat.com/errata/RHSA-2023:5094
- https://access.redhat.com/errata/RHSA-2023:5239
- https://access.redhat.com/errata/RHSA-2023:5264
- https://access.redhat.com/errata/RHSA-2023:5587
- https://access.redhat.com/errata/RHSA-2023:5796
- https://access.redhat.com/errata/RHSA-2023:6227
- https://paybyplatema.site/
- https://lowescomsurvey.online/
- https://access.redhat.com/errata/RHSA-2024:0404
- https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html
- https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62
- https://security-tracker.debian.org/tracker/CVE-2023-3354
- https://launchpad.net/bugs/cve/CVE-2023-3354
- https://ubuntu.com/security/notices/USN-6567-1
- https://www.cve.org/CVERecord?id=CVE-2023-3354
- https://nvd.nist.gov/vuln/detail/CVE-2023-3354
- https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4
- https://ubuntu.com/security/CVE-2023-3354
Frequently Asked Questions
What is CVE-2023-3354?
CVE-2023-3354 is a vulnerability found in the QEMU built-in VNC server that allows an attacker to cause denial of service or potentially execute arbitrary code.
How does CVE-2023-3354 affect QEMU?
CVE-2023-3354 affects the QEMU built-in VNC server, specifically when a client connects to the server.
What is the severity of CVE-2023-3354?
The severity of CVE-2023-3354 is rated as high.
What is the impact of CVE-2023-3354?
CVE-2023-3354 can result in denial of service or potentially allow an attacker to execute arbitrary code.
How can I mitigate CVE-2023-3354?
To mitigate CVE-2023-3354, it is recommended to update QEMU to a patched version provided by the vendor or apply the recommended security patches.
- collector/nvd-latest
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/remedy
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-3354
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/references
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/nvd-cve
- collector/launchpad-cve
- source/Launchpad
- agent/event
- collector/usn-cve
- source/Ubuntu
- vendor/qemu
- canonical/qemu qemu
- vendor/redhat
- canonical/redhat openstack platform
- version/redhat openstack platform/13.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/9.0
- version/qemu qemu/8.1.0-rc0
- version/qemu qemu/8.1.0-rc1
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/38
- package-manager/debian
- package-manager/ubuntu