qemu: fix CVE-2023-3354 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2023-09-13 08:02:28 +0000
committer	Steve Sakoman <steve@sakoman.com>	2023-09-20 05:23:02 -1000
commit	190a134f8ed22b4d033231e0dd5b7390b6030b10 (patch)
tree	cff8036fd7217b445b547d011932f74e542a3f71 /documentation/dev-manual/python-development-shell.rst
parent	6ebb52f0270981488022c81a4264bd7030b1ec6d (diff)
download	poky-190a134f8ed22b4d033231e0dd5b7390b6030b10.tar.gz

qemu: fix CVE-2023-3354

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service. Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-3354 (From OE-Core rev: 8f0b34f7ad5ef842d60c9b93ce2c6142d3249890) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'documentation/dev-manual/python-development-shell.rst')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: