CVE-2025-11234

Published: Oct 3, 2025

Modified: Jun 1, 2026

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.

Vendor	Product	Versions
Unknown	qemu	affected `2.6.0 - < 10.1.2`
Red Hat	Red Hat Enterprise Linux 10	unaffected `18:10.0.0-14.el10_1.5 - < *`
Red Hat	Red Hat Enterprise Linux 8	unaffected `8100020251120003312.489197e6 - < *`
Red Hat	Red Hat Enterprise Linux 8	unaffected `8100020251202222937.489197e6 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `17:10.1.0-17.el9_8 - < *`
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	unaffected `17:6.2.0-11.el9_0.10 - < *`
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	unaffected `17:7.2.0-14.el9_2.24 - < *`
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	unaffected `17:8.2.0-11.el9_4.18 - < *`
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	unaffected `17:8.2.0-11.el9_4.19 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.16	unaffected `416.94.202601071926-0 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.17	unaffected `417.94.202601120213-0 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.18	unaffected `418.94.202601071817-0 - < *`
Red Hat	Red Hat Enterprise Linux 6	All versions
Red Hat	Red Hat Enterprise Linux 7	All versions
Red Hat	Red Hat Enterprise Linux 7	All versions