Red Hat Product Errata RHSA-2026:18772 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:18772 - Security Advisory Overview Updated Packages Synopsis Moderate: qemu-kvm security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): qemu-kvm: VNC WebSocket handshake use-after-free (CVE-2025-11234) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes linked from the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Fixes BZ - 2401209 - CVE-2025-11234 qemu-kvm: VNC WebSocket handshake use-after-free RHEL-120257 - Backport fixes for PDCM and ARCH_CAPABILITIES migration incompatibility RHEL-119369 - [rhel9] Backport "arm/kvm: report registers we failed to set" RHEL-126593 - [RHEL 9.8] VFIO migration using multifd should be disabled by default RHEL-129949 - [rhel9] Fix the typo under vfio-pci device's enable-migration option RHEL-131144 - qemu crash after hot-unplug disk from the multifunction enabled bus [RHEL.9.8] RHEL-139057 - [qemu, rhel-9] increase default TSEG size RHEL-67115 - [network-storage][rbd][core-dump]installation of guest failed sometimes with multiqueue enabled[rhel9.6] RHEL-151679 - [rhel-9.8] Regression in BLOCK_IO_ERROR event delivery with (w|r)error setting of 'stop' or 'enospc' due to event rate limiting CVEs CVE-2025-11234 References https://access.redhat.com/security/updates/classification/#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.8_release_notes/index Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM qemu-kvm-10.1.0-17.el9_8.src.rpm SHA-256: f4f16ebe1493104e8ec24994d77075576b56638fa70edec8d534b6210aef3ed3 x86_64 qemu-guest-agent-10.1.0-17.el9_8.x86_64.rpm SHA-256: 76ea7f8187c40fde2c0b071368506c85466a04ca42fb2cdf11210dcdfbcbd836 qemu-guest-agent-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: 3d294af4976dbe84dc800f31de0a473ef72aeab83ab7fa0e8a073a6312e54bc8 qemu-img-10.1.0-17.el9_8.x86_64.rpm SHA-256: 9724143cb769995c45b90ee00ba5a6121d5c7632f9d857e2be590f692dd2d171 qemu-img-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: 255577f4f15ccf9c851713b4b5b90e2d55683800ba11475614e84a1688efc1d5 qemu-kvm-10.1.0-17.el9_8.x86_64.rpm SHA-256: facdecedb5d9e0592f4d9c353a14810b71919742ce3006235bddcccd09c4f9ef qemu-kvm-audio-dbus-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: b1971d7dfd63063446c93d1ee9b54a6ab4ce37c3b46b0ca31748ff2216ccbd11 qemu-kvm-audio-pa-10.1.0-17.el9_8.x86_64.rpm SHA-256: 896dbb0eec1c011035085b261bfb0eed693c9338bf9ae43c399450163a859f05 qemu-kvm-audio-pa-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: daaa416afb01d4b1e4972304d5ac8e9a3f56f8b5734250114f37168a1f9a017c qemu-kvm-block-blkio-10.1.0-17.el9_8.x86_64.rpm SHA-256: c4d246cf208ed4e669d958e9f9dbb9a07afa61c78c009cfdc5c3c2d2f65ab327 qemu-kvm-block-blkio-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: db2aa25fe9fc2c4f95e03f3fdda0095d56761cf70546fd3a55be00bd20751a8d qemu-kvm-block-curl-10.1.0-17.el9_8.x86_64.rpm SHA-256: f2d7cff3b72c14d55fc05f0c7cee52768c5a96293068e8ca156381cf6530061c qemu-kvm-block-curl-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: 5639fed3b9c4fda13a889d1f929fb77b368956850a45445288cdd69a31896306 qemu-kvm-block-rbd-10.1.0-17.el9_8.x86_64.rpm SHA-256: 3dbbcf467a99373ccb13140b09a49230722c10b74b806a72902ad19be15ff656 qemu-kvm-block-rbd-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: 9526eebc29713d83775edc8946129bcf7eeb1fe053727d416bf448f4e5c53d08 qemu-kvm-common-10.1.0-17.el9_8.x86_64.rpm SHA-256: b3f51cd0130e7a17c6879ec1f4f21ed3df35037c3c69f96d40c7f13b2f490ae0 qemu-kvm-common-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: af38f56ae9f2ccb0863ffffb5bc3089f2b47295447e8e2b15a36d5259b0afce5 qemu-kvm-core-10.1.0-17.el9_8.x86_64.rpm SHA-256: 7b5cb0f2f0212e2362b93d290d11a2eb524eac53bb6f866b66e5df983b2f1bcd qemu-kvm-core-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: 88ca11bd03bfefbcdf67033773bc36f2d59feff9d2a4752fd4710d83b8c92ec5 qemu-kvm-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: 8a0a82d3dab5d904738f2bbe158f2e553da06642f58ed24b4319441cb46dd443 qemu-kvm-debugsource-10.1.0-17.el9_8.x86_64.rpm SHA-256: e00a843c8df481f4eeb13672250a3df80b27b0d6bcb76a710660f66dad0b49f7 qemu-kvm-device-display-virtio-gpu-10.1.0-17.el9_8.x86_64.rpm SHA-256: a5c3b85a91c97dae33c7e5ebfc1fa229e5a4d70924a07961d125a6768dd1173b qemu-kvm-device-display-virtio-gpu-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: 946b06e84b84f5ec05456dba717eec1f4b81c32466cf761ebd652d963cd68cc9 qemu-kvm-device-display-virtio-gpu-pci-10.1.0-17.el9_8.x86_64.rpm SHA-256: 0d6196d2aa050179b9d3f89924236d987feb422857531d69a734324a77573221 qemu-kvm-device-display-virtio-gpu-pci-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: fb4c50a41849de1618bb75485d9c56def0027424fd5e65ef5919271593bcab40 qemu-kvm-device-display-virtio-vga-10.1.0-17.el9_8.x86_64.rpm SHA-256: ec9ac99990f4e697daec6b3970b88a3efb0588690ae11ee0264bebd73e4953b7 qemu-kvm-device-display-virtio-vga-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: d1670f3131d439a2bc1777997bb3a99b1279a94ac9307538047edc7fdc609c29 qemu-kvm-device-usb-host-10.1.0-17.el9_8.x86_64.rpm SHA-256: 57b88be5c426b9d6953dab7ead5d83fd3b4b10abf144453f21b017f1d45a14ff qemu-kvm-device-usb-host-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: cf85e81156c9b15658cfac2b7a8c80a093aa15aef306693d8b8d6342ad12af20 qemu-kvm-device-usb-redirect-10.1.0-17.el9_8.x86_64.rpm SHA-256: 83cd2e7b0bf122dc86353b4396bbabdef391f8523e2d5ece4098731c4e16c759 qemu-kvm-device-usb-redirect-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: 18804ee310719cf5d22059c44b4dad1a9517bb469a1cd13d9dc9fe8779c2572a qemu-kvm-docs-10.1.0-17.el9_8.x86_64.rpm SHA-256: 9a2f46da03afc4fb1b33b47521eee1c197af4db31888096e61b94ccae7004440 qemu-kvm-tests-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: 1bcd3d3907b48e6a0f687c180771930912b9990c5e099270d01a866ce59320a9 qemu-kvm-tools-10.1.0-17.el9_8.x86_64.rpm SHA-256: 2777286fcc5d017f1113fa4f64c4bb674ef8c5024cc26472f449961e0737e0aa qemu-kvm-tools-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: 93fc107f81a262dfad0ae71dbdfc69d9f466005140af592f6304f0bde774a91a qemu-kvm-ui-dbus-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: f01cacb85dc14707be8c251f07b7f341904b280822b8b5eeb3b99cb4ed0b806d qemu-kvm-ui-egl-headless-10.1.0-17.el9_8.x86_64.rpm SHA-256: 108bd2a85bb5b3a401e358a11f1c5de1f5562ee75f7abed4efa624caabe38661 qemu-kvm-ui-egl-headless-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: 65c16db5dc0a1dd9656658031441ec7d7a5172dedb5d495543c476470e4b99d7 qemu-kvm-ui-opengl-10.1.0-17.el9_8.x86_64.rpm SHA-256: 4d86d5a16164dadcda7a368d7f1f2345cb17861d4f744fb1d021cea1bb35a903 qemu-kvm-ui-opengl-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: 6e6d113f8904e7bedb7fe25b65c0fa6ac25ac59cdf0798b24b599772719d4ee5 qemu-pr-helper-10.1.0-17.el9_8.x86_64.rpm SHA-256: 3ea054b30cc4d9927d679dc033879c7dbf6349c1ed71a35db9cd3c2b2cdc54e3 qemu-pr-helper-debuginfo-10.1.0-17.el9_8.x86_64.rpm SHA-256: 6e11047dc2184730c83f9a1d37bbda7fe21ce3c6ba623a24831e2e67df72ed65 Red Hat Enterprise Linux for IBM z Systems 9 SRPM qemu-kvm-10.1.0-17.el9_8.src.rpm SHA-256: f4f16ebe1493104e8ec24994d77075576b56638fa70edec8d534b6210aef3ed3 s390x qemu-guest-agent-10.1.0-17.el9_8.s390x.rpm SHA-256: a3adf5ac3d8141b609028d2cfe58f51be71ff4641813854277f5a1a81caf5916 qemu-guest-agent-debuginfo-10.1.0-17.el9_8.s390x.rpm SHA-256: 797432116fc89b5c2b879fe40c74b1ab8c23c6d0fefec67978568640799a374b qemu-img-10.1.0-17.el9_8.s390x.rpm SHA-256: d2c4e43616caf49ac00f91fb364a9941ee539b92e4ea3e78cba5742ecf3835d4 qemu-img-debuginfo-10.1.0-17.el9_8.s390x.rpm SHA-256: 58cbe0eb14ecf7ec1e0348abed39765c2964afa405044b69d0756a6942727766 qemu-kvm-10.1.0-17.el9_8.s390x.rpm SHA-256: d849b462cd86c4038df1894e9861216de7b8f3b6bfc26337d83351cc31e9dd5a qemu-kvm-audio-dbus-debuginfo-10.1.0-17.el9_8.s390x.rpm SHA-256: 4a7944035a858df987f0b17639f439d42528662b8d2ec8f5e1a1f5d36002a119 qemu-kvm-audio-pa-10.1.0-17.el9_8.s390x.rpm SHA-256: 9db14d04440c7d960abdd40b80e298df05c03126a91186315250a2b9ebc330c9 qemu-kvm-audio-pa-debuginfo-10.1.0-17.el9_8.s390x.rpm SHA-256: 4971539ffd8420e386351d3c3a367e22e5ffad4d0633a6f4d7f8753b6cdc08df qemu-kvm-block-blkio-10.1.0-17.el9_8.s390x.rpm SHA-256: 019ff992b37f865c7b1c4aedc97b998c0637998e7fe7a2796b7c6de099a28665 qemu-kvm-block-blkio-debuginfo-10.1.0-17.el9_8.s390x.rpm SHA-256: f6663624ab44fc7d34353ba7f2a1be2b9f0635291f0c5990db89ea55e7b9914e qemu-kvm-block-curl-10.1.0-17.el9_8.s390x.rpm SHA-256: 510afcb3a6bfd937cdf187722030357e0ed1540008d2270481ec775fdee65894 qemu-kvm-block-curl-debuginfo-10.1.0-17.el9_8.s390x.rpm SHA-256: b146da841cd11c99c552ace5a20987efdec67cea02798d160c1cfa308b356927 qemu-kvm-block-rbd-10.1.0-17.el9_8.s390x.rpm SHA-256: ddee49ac41f2458fcdf7aad7823847e0832d4c832845c128d39e018a4870fcde qemu-kvm-block-rbd-debuginfo-10.1.0-17.el9_8.s390