CLSA-2026-1779581056 qemu-kvm: Fix of CVE-2025-11234

CVE-2025-11234: fix use-after-free in QIOChannelWebsock handshake by tracking the handshake GSource id and removing it on close/finalize...

SUSE CVE-2025-11234

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...

UBUNTU-CVE-2025-11234

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...

PT-2025-40465

Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description A flaw exists in QEMU where freeing the QIOChannelWebsock object during a handshake process results in a GSource leak. This leak can cause a use-after-free condition when the callback attempts t...

CVE-2008-3248

qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System VxFS on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating and then reading file...