RHSA-2026:5578 Red Hat Security Advisory: virt:rhel and virt-devel:rhel security update
Details
CVSS v3
7.5
NVD published
2025-10-03 11:15:30
EPSS
0.1% probability · 33.1th percentile — 2026-03-24
Affected versions
Not available in our cache.
Summary
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.