EUVD-2025-32560CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4Description
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.
Analysis
A flaw was found in QEMU.
Technical Context
A use-after-free vulnerability occurs when a program continues to use a pointer after the referenced memory has been freed, leading to undefined behavior. This vulnerability is classified as Use After Free (CWE-416).
Affected Products
Affected: QEMU
Remediation
Use memory-safe languages. Implement proper object lifecycle management. Use static and dynamic analysis tools to detect UAF patterns.
Priority Score
Vendor Status
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| upstream | needs-triage | - |
| bionic | needed | - |
| focal | needed | - |
| trusty | needed | - |
| xenial | needed | - |
| plucky | ignored | end of life, was needed |
| jammy | released | 1:6.2+dfsg-2ubuntu6.28 |
| noble | released | 1:8.2.2+ds-0ubuntu1.13 |
| questing | released | 1:10.1.0+ds-5ubuntu2.4 |
Debian
Bug #1117153| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | vulnerable | 1:5.2+dfsg-11+deb11u3 | - |
| bullseye (security) | vulnerable | 1:5.2+dfsg-11+deb11u5 | - |
| bookworm | fixed | 1:7.2+dfsg-7+deb12u18 | - |
| bookworm (security) | vulnerable | 1:7.2+dfsg-7+deb12u15 | - |
| trixie | fixed | 1:10.0.7+ds-0+deb13u1 | - |
| trixie (security) | vulnerable | 1:10.0.2+ds-2+deb13u1 | - |
| forky, sid | fixed | 1:10.2.1+ds-1 | - |
| (unstable) | fixed | 1:10.1.3+ds-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today