Description

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.

INFO

Published Date :

2025-10-03T10:30:34.427Z

Last Modified :

2026-03-24T10:57:21.980Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-11234 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Openshift
  • Rhel E4s
  • Rhel Eus

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact