Описание
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| qemu | fixed | 1:10.1.3+ds-1 | package | |
| qemu | fixed | 1:10.0.7+ds-0+deb13u1 | trixie | package |
| qemu | fixed | 1:7.2+dfsg-7+deb12u18 | bookworm | package |
| qemu | no-dsa | bullseye | package |
Примечания
https://lists.nongnu.org/archive/html/qemu-devel/2025-09/msg06566.html
Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/b7a1f2ca45c7865b9e98e02ae605a65fc9458ae9 (v10.2.0-rc1)
Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/a2b7a95350c23b484543001734e1f22be6fe87f8 (v10.1.3)
Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/e21ef56b4b9213f8a86c5601b385b48f39339aba (v10.0.7)
Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/cebdbd038e44af56e74272924dc2bf595a51fd8f (v7.2.22)
EPSS
Связанные уязвимости
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.
EPSS