Описание
Security update for qemu
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2023-1544: out-of-bounds read in VMWare's paravirtual RDMA device operations can be exploited through a malicious guest driver to crash the QEMU process on the host (bsc#1209554).
- CVE-2024-6505: heap-based buffer overflow in the virtio-net device operations can be exploited by a malicious privileged user to crash the QEMU process on the host (bsc#1227397).
- CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host (bsc#1253002).
Other updates and bugfixes:
- [openSUSE][RPM] spec: require qemu-hw-display-virtio-gpu-pci for x86 too.
- [openSUSE][RPM} spec: delete old specfile constructs.
- block/curl: fix curl internal handles handling (bsc#1252768).
- [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
qemu-6.2.0-150400.37.46.1
qemu-accel-tcg-x86-6.2.0-150400.37.46.1
qemu-arm-6.2.0-150400.37.46.1
qemu-audio-alsa-6.2.0-150400.37.46.1
qemu-audio-pa-6.2.0-150400.37.46.1
qemu-audio-spice-6.2.0-150400.37.46.1
qemu-block-curl-6.2.0-150400.37.46.1
qemu-block-iscsi-6.2.0-150400.37.46.1
qemu-block-rbd-6.2.0-150400.37.46.1
qemu-block-ssh-6.2.0-150400.37.46.1
qemu-chardev-baum-6.2.0-150400.37.46.1
qemu-chardev-spice-6.2.0-150400.37.46.1
qemu-guest-agent-6.2.0-150400.37.46.1
qemu-hw-display-qxl-6.2.0-150400.37.46.1
qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1
qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1
qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1
qemu-hw-usb-host-6.2.0-150400.37.46.1
qemu-hw-usb-redirect-6.2.0-150400.37.46.1
qemu-ipxe-1.0.0+-150400.37.46.1
qemu-ksm-6.2.0-150400.37.46.1
qemu-kvm-6.2.0-150400.37.46.1
qemu-lang-6.2.0-150400.37.46.1
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1
qemu-sgabios-8-150400.37.46.1
qemu-tools-6.2.0-150400.37.46.1
qemu-ui-curses-6.2.0-150400.37.46.1
qemu-ui-gtk-6.2.0-150400.37.46.1
qemu-ui-opengl-6.2.0-150400.37.46.1
qemu-ui-spice-app-6.2.0-150400.37.46.1
qemu-ui-spice-core-6.2.0-150400.37.46.1
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1
qemu-x86-6.2.0-150400.37.46.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
qemu-6.2.0-150400.37.46.1
qemu-accel-tcg-x86-6.2.0-150400.37.46.1
qemu-arm-6.2.0-150400.37.46.1
qemu-audio-alsa-6.2.0-150400.37.46.1
qemu-audio-pa-6.2.0-150400.37.46.1
qemu-audio-spice-6.2.0-150400.37.46.1
qemu-block-curl-6.2.0-150400.37.46.1
qemu-block-iscsi-6.2.0-150400.37.46.1
qemu-block-rbd-6.2.0-150400.37.46.1
qemu-block-ssh-6.2.0-150400.37.46.1
qemu-chardev-baum-6.2.0-150400.37.46.1
qemu-chardev-spice-6.2.0-150400.37.46.1
qemu-guest-agent-6.2.0-150400.37.46.1
qemu-hw-display-qxl-6.2.0-150400.37.46.1
qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1
qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1
qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1
qemu-hw-usb-host-6.2.0-150400.37.46.1
qemu-hw-usb-redirect-6.2.0-150400.37.46.1
qemu-ipxe-1.0.0+-150400.37.46.1
qemu-ksm-6.2.0-150400.37.46.1
qemu-kvm-6.2.0-150400.37.46.1
qemu-lang-6.2.0-150400.37.46.1
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1
qemu-sgabios-8-150400.37.46.1
qemu-tools-6.2.0-150400.37.46.1
qemu-ui-curses-6.2.0-150400.37.46.1
qemu-ui-gtk-6.2.0-150400.37.46.1
qemu-ui-opengl-6.2.0-150400.37.46.1
qemu-ui-spice-app-6.2.0-150400.37.46.1
qemu-ui-spice-core-6.2.0-150400.37.46.1
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1
qemu-x86-6.2.0-150400.37.46.1
SUSE Linux Enterprise Micro 5.3
qemu-6.2.0-150400.37.46.1
qemu-accel-tcg-x86-6.2.0-150400.37.46.1
qemu-arm-6.2.0-150400.37.46.1
qemu-audio-spice-6.2.0-150400.37.46.1
qemu-chardev-spice-6.2.0-150400.37.46.1
qemu-guest-agent-6.2.0-150400.37.46.1
qemu-hw-display-qxl-6.2.0-150400.37.46.1
qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1
qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1
qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1
qemu-hw-usb-redirect-6.2.0-150400.37.46.1
qemu-ipxe-1.0.0+-150400.37.46.1
qemu-s390x-6.2.0-150400.37.46.1
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1
qemu-sgabios-8-150400.37.46.1
qemu-tools-6.2.0-150400.37.46.1
qemu-ui-opengl-6.2.0-150400.37.46.1
qemu-ui-spice-core-6.2.0-150400.37.46.1
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1
qemu-x86-6.2.0-150400.37.46.1
SUSE Linux Enterprise Micro 5.4
qemu-6.2.0-150400.37.46.1
qemu-accel-tcg-x86-6.2.0-150400.37.46.1
qemu-arm-6.2.0-150400.37.46.1
qemu-audio-spice-6.2.0-150400.37.46.1
qemu-chardev-spice-6.2.0-150400.37.46.1
qemu-guest-agent-6.2.0-150400.37.46.1
qemu-hw-display-qxl-6.2.0-150400.37.46.1
qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1
qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1
qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1
qemu-hw-usb-redirect-6.2.0-150400.37.46.1
qemu-ipxe-1.0.0+-150400.37.46.1
qemu-s390x-6.2.0-150400.37.46.1
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1
qemu-sgabios-8-150400.37.46.1
qemu-tools-6.2.0-150400.37.46.1
qemu-ui-opengl-6.2.0-150400.37.46.1
qemu-ui-spice-core-6.2.0-150400.37.46.1
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1
qemu-x86-6.2.0-150400.37.46.1
SUSE Linux Enterprise Server 15 SP4-LTSS
qemu-6.2.0-150400.37.46.1
qemu-SLOF-6.2.0-150400.37.46.1
qemu-accel-tcg-x86-6.2.0-150400.37.46.1
qemu-arm-6.2.0-150400.37.46.1
qemu-audio-alsa-6.2.0-150400.37.46.1
qemu-audio-pa-6.2.0-150400.37.46.1
qemu-audio-spice-6.2.0-150400.37.46.1
qemu-block-curl-6.2.0-150400.37.46.1
qemu-block-iscsi-6.2.0-150400.37.46.1
qemu-block-rbd-6.2.0-150400.37.46.1
qemu-block-ssh-6.2.0-150400.37.46.1
qemu-chardev-baum-6.2.0-150400.37.46.1
qemu-chardev-spice-6.2.0-150400.37.46.1
qemu-guest-agent-6.2.0-150400.37.46.1
qemu-hw-display-qxl-6.2.0-150400.37.46.1
qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1
qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1
qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1
qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.46.1
qemu-hw-usb-host-6.2.0-150400.37.46.1
qemu-hw-usb-redirect-6.2.0-150400.37.46.1
qemu-ipxe-1.0.0+-150400.37.46.1
qemu-ksm-6.2.0-150400.37.46.1
qemu-kvm-6.2.0-150400.37.46.1
qemu-lang-6.2.0-150400.37.46.1
qemu-ppc-6.2.0-150400.37.46.1
qemu-s390x-6.2.0-150400.37.46.1
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1
qemu-sgabios-8-150400.37.46.1
qemu-skiboot-6.2.0-150400.37.46.1
qemu-tools-6.2.0-150400.37.46.1
qemu-ui-curses-6.2.0-150400.37.46.1
qemu-ui-gtk-6.2.0-150400.37.46.1
qemu-ui-opengl-6.2.0-150400.37.46.1
qemu-ui-spice-app-6.2.0-150400.37.46.1
qemu-ui-spice-core-6.2.0-150400.37.46.1
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1
qemu-x86-6.2.0-150400.37.46.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
qemu-6.2.0-150400.37.46.1
qemu-SLOF-6.2.0-150400.37.46.1
qemu-accel-tcg-x86-6.2.0-150400.37.46.1
qemu-audio-alsa-6.2.0-150400.37.46.1
qemu-audio-pa-6.2.0-150400.37.46.1
qemu-audio-spice-6.2.0-150400.37.46.1
qemu-block-curl-6.2.0-150400.37.46.1
qemu-block-iscsi-6.2.0-150400.37.46.1
qemu-block-rbd-6.2.0-150400.37.46.1
qemu-block-ssh-6.2.0-150400.37.46.1
qemu-chardev-baum-6.2.0-150400.37.46.1
qemu-chardev-spice-6.2.0-150400.37.46.1
qemu-guest-agent-6.2.0-150400.37.46.1
qemu-hw-display-qxl-6.2.0-150400.37.46.1
qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1
qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1
qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1
qemu-hw-usb-host-6.2.0-150400.37.46.1
qemu-hw-usb-redirect-6.2.0-150400.37.46.1
qemu-ipxe-1.0.0+-150400.37.46.1
qemu-ksm-6.2.0-150400.37.46.1
qemu-kvm-6.2.0-150400.37.46.1
qemu-lang-6.2.0-150400.37.46.1
qemu-ppc-6.2.0-150400.37.46.1
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1
qemu-sgabios-8-150400.37.46.1
qemu-skiboot-6.2.0-150400.37.46.1
qemu-tools-6.2.0-150400.37.46.1
qemu-ui-curses-6.2.0-150400.37.46.1
qemu-ui-gtk-6.2.0-150400.37.46.1
qemu-ui-opengl-6.2.0-150400.37.46.1
qemu-ui-spice-app-6.2.0-150400.37.46.1
qemu-ui-spice-core-6.2.0-150400.37.46.1
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1
qemu-x86-6.2.0-150400.37.46.1
SUSE Manager Proxy LTS 4.3
qemu-6.2.0-150400.37.46.1
qemu-accel-tcg-x86-6.2.0-150400.37.46.1
qemu-audio-alsa-6.2.0-150400.37.46.1
qemu-audio-pa-6.2.0-150400.37.46.1
qemu-audio-spice-6.2.0-150400.37.46.1
qemu-block-curl-6.2.0-150400.37.46.1
qemu-block-iscsi-6.2.0-150400.37.46.1
qemu-block-rbd-6.2.0-150400.37.46.1
qemu-block-ssh-6.2.0-150400.37.46.1
qemu-chardev-baum-6.2.0-150400.37.46.1
qemu-chardev-spice-6.2.0-150400.37.46.1
qemu-guest-agent-6.2.0-150400.37.46.1
qemu-hw-display-qxl-6.2.0-150400.37.46.1
qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1
qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1
qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1
qemu-hw-usb-host-6.2.0-150400.37.46.1
qemu-hw-usb-redirect-6.2.0-150400.37.46.1
qemu-ipxe-1.0.0+-150400.37.46.1
qemu-ksm-6.2.0-150400.37.46.1
qemu-kvm-6.2.0-150400.37.46.1
qemu-lang-6.2.0-150400.37.46.1
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1
qemu-sgabios-8-150400.37.46.1
qemu-tools-6.2.0-150400.37.46.1
qemu-ui-curses-6.2.0-150400.37.46.1
qemu-ui-gtk-6.2.0-150400.37.46.1
qemu-ui-opengl-6.2.0-150400.37.46.1
qemu-ui-spice-app-6.2.0-150400.37.46.1
qemu-ui-spice-core-6.2.0-150400.37.46.1
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1
qemu-x86-6.2.0-150400.37.46.1
SUSE Manager Server LTS 4.3
qemu-6.2.0-150400.37.46.1
qemu-SLOF-6.2.0-150400.37.46.1
qemu-accel-tcg-x86-6.2.0-150400.37.46.1
qemu-audio-alsa-6.2.0-150400.37.46.1
qemu-audio-pa-6.2.0-150400.37.46.1
qemu-audio-spice-6.2.0-150400.37.46.1
qemu-block-curl-6.2.0-150400.37.46.1
qemu-block-iscsi-6.2.0-150400.37.46.1
qemu-block-rbd-6.2.0-150400.37.46.1
qemu-block-ssh-6.2.0-150400.37.46.1
qemu-chardev-baum-6.2.0-150400.37.46.1
qemu-chardev-spice-6.2.0-150400.37.46.1
qemu-guest-agent-6.2.0-150400.37.46.1
qemu-hw-display-qxl-6.2.0-150400.37.46.1
qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1
qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1
qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1
qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.46.1
qemu-hw-usb-host-6.2.0-150400.37.46.1
qemu-hw-usb-redirect-6.2.0-150400.37.46.1
qemu-ipxe-1.0.0+-150400.37.46.1
qemu-ksm-6.2.0-150400.37.46.1
qemu-kvm-6.2.0-150400.37.46.1
qemu-lang-6.2.0-150400.37.46.1
qemu-ppc-6.2.0-150400.37.46.1
qemu-s390x-6.2.0-150400.37.46.1
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1
qemu-sgabios-8-150400.37.46.1
qemu-skiboot-6.2.0-150400.37.46.1
qemu-tools-6.2.0-150400.37.46.1
qemu-ui-curses-6.2.0-150400.37.46.1
qemu-ui-gtk-6.2.0-150400.37.46.1
qemu-ui-opengl-6.2.0-150400.37.46.1
qemu-ui-spice-app-6.2.0-150400.37.46.1
qemu-ui-spice-core-6.2.0-150400.37.46.1
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1
qemu-x86-6.2.0-150400.37.46.1
Ссылки
- Link for SUSE-SU-2026:0043-1
- E-Mail link for SUSE-SU-2026:0043-1
- SUSE Security Ratings
- SUSE Bug 1209554
- SUSE Bug 1227397
- SUSE Bug 1252768
- SUSE Bug 1253002
- SUSE Bug 1254286
- SUSE CVE CVE-2023-1544 page
- SUSE CVE CVE-2024-6505 page
- SUSE CVE CVE-2025-12464 page
Описание
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:qemu-6.2.0-150400.37.46.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:qemu-accel-tcg-x86-6.2.0-150400.37.46.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:qemu-arm-6.2.0-150400.37.46.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:qemu-audio-alsa-6.2.0-150400.37.46.1
Ссылки
- CVE-2023-1544
- SUSE Bug 1209554
Описание
A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:qemu-6.2.0-150400.37.46.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:qemu-accel-tcg-x86-6.2.0-150400.37.46.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:qemu-arm-6.2.0-150400.37.46.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:qemu-audio-alsa-6.2.0-150400.37.46.1
Ссылки
- CVE-2024-6505
- SUSE Bug 1227397
Описание
A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This could lead to a buffer overrun in the e1000_receive_iov() function via the loopback code path. A malicious guest user could use this vulnerability to crash the QEMU process on the host, resulting in a denial of service.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:qemu-6.2.0-150400.37.46.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:qemu-accel-tcg-x86-6.2.0-150400.37.46.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:qemu-arm-6.2.0-150400.37.46.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:qemu-audio-alsa-6.2.0-150400.37.46.1
Ссылки
- CVE-2025-12464
- SUSE Bug 1253002