Launchpad CVE tracker

CVE 2023-6683

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.

Related bugs and status

CVE-2023-6683 (Candidate) is related to these bugs:

Bug #2045063: Demote glusterfs for noble

		In	Importance	Status
2045063	Demote glusterfs for noble	glusterfs (Ubuntu)	High	Fix Released
2045063	Demote glusterfs for noble	qemu (Ubuntu)	High	Fix Released
2045063	Demote glusterfs for noble	samba (Ubuntu)	High	Fix Released
2045063	Demote glusterfs for noble	ubuntu-release-upgrader (Ubuntu)	High	Opinion
2045063	Demote glusterfs for noble	Release Notes for Ubuntu	Undecided	Fix Released

Bug #2045594: Enable/disable extra features on microvm variant

Summary				In	Importance	Status
	2045594	Enable/disable extra features on microvm variant		qemu (Ubuntu)	High	Fix Released

Bug #2048776: FTBFS noble: error: "_FORTIFY_SOURCE" redefined

Summary				In	Importance	Status
	2048776	FTBFS noble: error: "_FORTIFY_SOURCE" redefined		qemu (Ubuntu)	High	Fix Released

Bug #2048802: Merge qemu from Debian unstable for noble

Summary				In	Importance	Status
	2048802	Merge qemu from Debian unstable for noble		qemu (Ubuntu)	High	Fix Released

Bug #2049703: [24.04 FEAT] [VS2212] KVM: Enhanced and dynamic CPU topology for KVM guests (qemu)

Summary				In	Importance	Status
	2049703	[24.04 FEAT] [VS2212] KVM: Enhanced and dynamic CPU topology for KVM guests (qemu)		qemu (Ubuntu)	Undecided	Fix Released
	2049703	[24.04 FEAT] [VS2212] KVM: Enhanced and dynamic CPU topology for KVM guests (qemu)		Ubuntu on IBM z Systems	High	Fix Released

Bug #2051883: Merge qemu from Debian unstable for noble

Summary				In	Importance	Status
	2051883	Merge qemu from Debian unstable for noble		qemu (Ubuntu)	Undecided	Fix Released

Bug #2061005: Merge qemu from Debian unstable for noble

Summary				In	Importance	Status
	2061005	Merge qemu from Debian unstable for noble		qemu (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-6683

References