CVE-2025-11234

Summary

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.

Affected Software

VendorProductVersion RangeStatus
2.6.0 < 10.1.2affected
Red HatRed Hat Enterprise Linux 1018:10.0.0-14.el10_1.5 < *unaffected
Red HatRed Hat Enterprise Linux 88100020251120003312.489197e6 < *unaffected
Red HatRed Hat Enterprise Linux 88100020251202222937.489197e6 < *unaffected
Red HatRed Hat Enterprise Linux 917:10.1.0-17.el9_8 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions17:6.2.0-11.el9_0.10 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions17:7.2.0-14.el9_2.24 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support17:8.2.0-11.el9_4.18 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support17:8.2.0-11.el9_4.19 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.16416.94.202601071926-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.17417.94.202601120213-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.18418.94.202601071817-0 < *unaffected

Weaknesses

  • CWE-416: Use After Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References