ГлавнаяУязвимости → CVE-2025-11234
7.5высокая

CVE-2025-11234

Описание

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.

CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Источники
https://access.redhat.com/errata/RHSA-2025:23228https://access.redhat.com/errata/RHSA-2026:0326https://access.redhat.com/errata/RHSA-2026:0332https://access.redhat.com/errata/RHSA-2026:0702https://access.redhat.com/errata/RHSA-2026:1831https://access.redhat.com/errata/RHSA-2026:18772https://access.redhat.com/errata/RHSA-2026:22147https://access.redhat.com/errata/RHSA-2026:3077