vulnerability
Oracle Linux: CVE-2025-11234: ELSA-2026-1831: qemu-kvm security update (MODERATE)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Sep 30, 2025 | Feb 5, 2026 | Feb 5, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Sep 30, 2025
Added
Feb 5, 2026
Modified
Feb 5, 2026
Description
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.
Solutions
oracle-linux-upgrade-qemu-guest-agentoracle-linux-upgrade-qemu-imgoracle-linux-upgrade-qemu-kvmoracle-linux-upgrade-qemu-kvm-audio-paoracle-linux-upgrade-qemu-kvm-block-blkiooracle-linux-upgrade-qemu-kvm-block-curloracle-linux-upgrade-qemu-kvm-block-rbdoracle-linux-upgrade-qemu-kvm-commonoracle-linux-upgrade-qemu-kvm-coreoracle-linux-upgrade-qemu-kvm-device-display-virtio-gpuoracle-linux-upgrade-qemu-kvm-device-display-virtio-gpu-pcioracle-linux-upgrade-qemu-kvm-device-display-virtio-vgaoracle-linux-upgrade-qemu-kvm-device-usb-hostoracle-linux-upgrade-qemu-kvm-device-usb-redirectoracle-linux-upgrade-qemu-kvm-docsoracle-linux-upgrade-qemu-kvm-toolsoracle-linux-upgrade-qemu-kvm-ui-egl-headlessoracle-linux-upgrade-qemu-kvm-ui-opengloracle-linux-upgrade-qemu-pr-helper
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.