qemu-kvm: VNC WebSocket handshake use-after-free

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...

CLSA-2026-1779581056 qemu-kvm: Fix of CVE-2025-11234

CVE-2025-11234: fix use-after-free in QIOChannelWebsock handshake by tracking the handshake GSource id and removing it on close/finalize...

qemu-kvm: VNC WebSocket handshake use-after-free

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...

CVE-2025-11234

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...

UBUNTU-CVE-2025-11234

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...

CVE-2025-11234

Summary (CVE-2025-11234) : A flaw in QEMU allows a use-after-free via the QIOChannelWebsock object during handshake when freed, enabling a network-adjacent attacker to cause denial of service on the VNC WebSocket port before authentication. Affected component is the QEMU WebSocket handshake flow;...

CVE-2025-11234

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...

PT-2025-40465

Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description A flaw exists in QEMU where freeing the QIOChannelWebsock object during a handshake process results in a GSource leak. This leak can cause a use-after-free condition when the callback attempts t...

Fedora 39 : libvirt (2024-c2e7b82022)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c2e7b82022 advisory. Fix crash in event loop CVE-2024-4418 Fix I/O stall when multiple threads issue RPC calls Fix leak of GSource object Fix leak of udev object referen...

Fedora 40 : libvirt (2024-ee96e0c470)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ee96e0c470 advisory. Fix crash in event loop CVE-2024-4418 Fix leak of GSource object Fix leak of udev object reference Tenable has extracted the preceding description...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libvirt (SUSE-SU-2024:1962-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1962-1 advisory. - CVE-2024-4418: Fixed a stack use-after-free by ensuring temporary GSource is removed from client event...

SUSE-SU-2024:1962-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2024-4418: Fixed a stack use-after-free by ensuring temporary GSource is removed from client event loop. bsc1223849...