Bug 1203788 - (CVE-2022-3165) VUL-0: CVE-2022-3165: qemu,kvm: integer underflow in vnc_client_cut_text_ext() leads to CPU exhaustion
VUL-0: CVE-2022-3165: qemu,kvm: integer underflow in vnc_client_cut_text_ext(...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2022-09-27 11:12 UTC by Carlos López
Modified: 2023-03-08 12:32 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-09-27 11:12:54 UTC

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format [1]. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service condition.

[1] https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst#extended-clipboard-pseudo-encoding

Comment 1 Carlos López 2022-09-27 11:16:47 UTC
Clipboard support was added in 0bf41cab93e5c72dcda7 ("ui/vnc: clipboard support"), which is only present in SUSE:SLE-15-SP4:Update and Factory, so only those are affected.

Proposed patch (not merged yet):
Comment 4 Thomas Leroy 2022-12-27 13:30:57 UTC
Any update please? :)
Comment 8 OBSbugzilla Bot 2023-02-10 19:45:05 UTC
This is an autogenerated message for OBS integration:
This bug (1203788) was mentioned in
https://build.opensuse.org/request/show/1064332 Factory / qemu
Comment 11 Dario Faggioli 2023-03-07 09:22:21 UTC
I think this is done, isn't it? Reassigning
Comment 13 Maintenance Automation 2023-03-08 12:30:01 UTC
SUSE-SU-2023:0671-1: An update that solves three vulnerabilities and has two fixes can now be installed.

Category: security (important)
Bug References: 1197653, 1202364, 1203788, 1205808, 1206527
CVE References: CVE-2022-1050, CVE-2022-3165, CVE-2022-4144
Sources used:
openSUSE Leap Micro 5.3 (src): qemu-6.2.0-150400.37.11.1
openSUSE Leap 15.4 (src): qemu-6.2.0-150400.37.11.1, qemu-linux-user-6.2.0-150400.37.11.1, qemu-testsuite-6.2.0-150400.37.11.2
SUSE Linux Enterprise Micro for Rancher 5.3 (src): qemu-6.2.0-150400.37.11.1
SUSE Linux Enterprise Micro 5.3 (src): qemu-6.2.0-150400.37.11.1
Basesystem Module 15-SP4 (src): qemu-6.2.0-150400.37.11.1
Server Applications Module 15-SP4 (src): qemu-6.2.0-150400.37.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Carlos López 2023-03-08 12:32:03 UTC
Done, closing.