CVE-2023-6683: 
NixOS vulnerability analysis and mitigation

CVE-2023-6683 is a vulnerability discovered in the QEMU built-in VNC server that was disclosed on January 12, 2024. The vulnerability affects the processing of ClientCutText messages, where the qemu_clipboard_request() function can be accessed before proper initialization of the clipboard peer through vnc_server_cut_text_caps(), leading to a NULL pointer dereference (NVD).

The vulnerability occurs when a client sends a VNC_MSG_CLIENT_CUT_TEXT message before sending a VNC_MSG_CLIENT_SET_ENCODINGS message with VNC_ENCODING_CLIPBOARD_EXT for configuring the clipboard extension. This premature message sequence causes qemu_clipboard_request() to be reached via vnc_client_cut_text_ext() before vnc_server_cut_text_caps() initializes the clipboard peer, resulting in a NULL pointer dereference when info->owner->request is accessed. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat).

When successfully exploited, this vulnerability allows a malicious authenticated VNC client to crash QEMU and trigger a denial of service condition. The impact is limited to availability, with no direct effect on confidentiality or integrity of the system (NVD, NetApp).

The vulnerability has been fixed in various QEMU versions through security updates. Red Hat has addressed this issue in Red Hat Enterprise Linux 8 and 9 through security advisories RHSA-2024:2962 and RHSA-2024:2135 respectively. The fix was implemented in upstream QEMU through commit 405484b29f6548c7b86549b0f961b906337aa68a (Red Hat, Red Hat).