Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service
CVE-2023-3354

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Qemu; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 11 July 2023

Summary

A vulnerability has been identified within the built-in VNC server of QEMU, where improper handling of client connections can lead to a NULL pointer dereference. When multiple clients connect to the VNC server, QEMU attempts to manage the number of connections by cleaning up previous connections. If a previous connection is in the handshake phase and subsequently fails, QEMU may attempt to clean up this connection again, resulting in this security flaw. This may allow a remote unauthenticated attacker to exploit this issue and trigger a denial of service.

References

https://access.redhat.com/security/cve/CVE-2023-3354

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2216478

issue-trackingx_refsource_REDHAT

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
Jun 21, 2023

Credit

Red Hat would like to thank jiangyegen (Huawei Vulnerability Management Center) and yexiao7 (Huawei Vulnerability Management Center) for reporting this issue.