A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.
1:4.0+dfsg-0ubuntu101:4.0+dfsg-0ubuntu91:4.2-1ubuntu11:4.2-1ubuntu21:4.2-3ubuntu11:4.2-3ubuntu21:4.2-3ubuntu31:4.2-3ubuntu41:4.2-3ubuntu51:4.2-3ubuntu6+27 more1:6.2+dfsg-2ubuntu6.281:8.2.2+ds-0ubuntu1.131:10.1.0+ds-5ubuntu2.41.5.0+dfsg-3ubuntu51.5.0+dfsg-3ubuntu61.6.0+dfsg-2ubuntu11.6.0+dfsg-2ubuntu21.6.0+dfsg-2ubuntu31.6.0+dfsg-2ubuntu41.7.0+dfsg-2ubuntu11.7.0+dfsg-2ubuntu21.7.0+dfsg-2ubuntu31.7.0+dfsg-2ubuntu4+64 more1:2.3+dfsg-5ubuntu101:2.3+dfsg-5ubuntu91:2.4+dfsg-4ubuntu11:2.4+dfsg-4ubuntu21:2.4+dfsg-4ubuntu31:2.4+dfsg-5ubuntu31:2.5+dfsg-1ubuntu21:2.5+dfsg-1ubuntu31:2.5+dfsg-1ubuntu41:2.5+dfsg-1ubuntu5+53 more1:2.10+dfsg-0ubuntu31:2.10+dfsg-0ubuntu41:2.10+dfsg-0ubuntu51:2.11+dfsg-1ubuntu11:2.11+dfsg-1ubuntu21:2.11+dfsg-1ubuntu41:2.11+dfsg-1ubuntu51:2.11+dfsg-1ubuntu61:2.11+dfsg-1ubuntu71:2.11+dfsg-1ubuntu7.1+39 moreExploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:NI:NA:HCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H