Описание
Security update for qemu
This update for qemu fixes the following issues:
- CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto (bsc#1255400).
- CVE-2026-0665: out-of-bounds heap access can lead to a denial of service or potential memory corruption (bsc#1256484).
Список пакетов
openSUSE Leap 15.6
qemu-8.2.10-150600.3.46.1
qemu-SLOF-8.2.10-150600.3.46.1
qemu-accel-qtest-8.2.10-150600.3.46.1
qemu-accel-tcg-x86-8.2.10-150600.3.46.1
qemu-arm-8.2.10-150600.3.46.1
qemu-audio-alsa-8.2.10-150600.3.46.1
qemu-audio-dbus-8.2.10-150600.3.46.1
qemu-audio-jack-8.2.10-150600.3.46.1
qemu-audio-pa-8.2.10-150600.3.46.1
qemu-audio-pipewire-8.2.10-150600.3.46.1
qemu-audio-spice-8.2.10-150600.3.46.1
qemu-block-curl-8.2.10-150600.3.46.1
qemu-block-dmg-8.2.10-150600.3.46.1
qemu-block-gluster-8.2.10-150600.3.46.1
qemu-block-iscsi-8.2.10-150600.3.46.1
qemu-block-nfs-8.2.10-150600.3.46.1
qemu-block-rbd-8.2.10-150600.3.46.1
qemu-block-ssh-8.2.10-150600.3.46.1
qemu-chardev-baum-8.2.10-150600.3.46.1
qemu-chardev-spice-8.2.10-150600.3.46.1
qemu-doc-8.2.10-150600.3.46.1
qemu-extra-8.2.10-150600.3.46.1
qemu-guest-agent-8.2.10-150600.3.46.1
qemu-headless-8.2.10-150600.3.46.1
qemu-hw-display-qxl-8.2.10-150600.3.46.1
qemu-hw-display-virtio-gpu-8.2.10-150600.3.46.1
qemu-hw-display-virtio-gpu-pci-8.2.10-150600.3.46.1
qemu-hw-display-virtio-vga-8.2.10-150600.3.46.1
qemu-hw-s390x-virtio-gpu-ccw-8.2.10-150600.3.46.1
qemu-hw-usb-host-8.2.10-150600.3.46.1
qemu-hw-usb-redirect-8.2.10-150600.3.46.1
qemu-hw-usb-smartcard-8.2.10-150600.3.46.1
qemu-img-8.2.10-150600.3.46.1
qemu-ipxe-8.2.10-150600.3.46.1
qemu-ivshmem-tools-8.2.10-150600.3.46.1
qemu-ksm-8.2.10-150600.3.46.1
qemu-lang-8.2.10-150600.3.46.1
qemu-linux-user-8.2.10-150600.3.46.1
qemu-microvm-8.2.10-150600.3.46.1
qemu-ppc-8.2.10-150600.3.46.1
qemu-pr-helper-8.2.10-150600.3.46.1
qemu-s390x-8.2.10-150600.3.46.1
qemu-seabios-8.2.101.16.3_3_ga95067eb-150600.3.46.1
qemu-skiboot-8.2.10-150600.3.46.1
qemu-spice-8.2.10-150600.3.46.1
qemu-tools-8.2.10-150600.3.46.1
qemu-ui-curses-8.2.10-150600.3.46.1
qemu-ui-dbus-8.2.10-150600.3.46.1
qemu-ui-gtk-8.2.10-150600.3.46.1
qemu-ui-opengl-8.2.10-150600.3.46.1
qemu-ui-spice-app-8.2.10-150600.3.46.1
qemu-ui-spice-core-8.2.10-150600.3.46.1
qemu-vgabios-8.2.101.16.3_3_ga95067eb-150600.3.46.1
qemu-vhost-user-gpu-8.2.10-150600.3.46.1
qemu-x86-8.2.10-150600.3.46.1
Ссылки
- Link for SUSE-SU-2026:0662-1
- E-Mail link for SUSE-SU-2026:0662-1
- SUSE Security Ratings
- SUSE Bug 1255400
- SUSE Bug 1256484
- SUSE CVE CVE-2025-14876 page
- SUSE CVE CVE-2026-0665 page
Описание
A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service (DoS) on the host system by causing the QEMU process to terminate unexpectedly.
Затронутые продукты
openSUSE Leap 15.6:qemu-8.2.10-150600.3.46.1
openSUSE Leap 15.6:qemu-SLOF-8.2.10-150600.3.46.1
openSUSE Leap 15.6:qemu-accel-qtest-8.2.10-150600.3.46.1
openSUSE Leap 15.6:qemu-accel-tcg-x86-8.2.10-150600.3.46.1
Ссылки
- CVE-2025-14876
- SUSE Bug 1255400
Описание
An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption.
Затронутые продукты
openSUSE Leap 15.6:qemu-8.2.10-150600.3.46.1
openSUSE Leap 15.6:qemu-SLOF-8.2.10-150600.3.46.1
openSUSE Leap 15.6:qemu-accel-qtest-8.2.10-150600.3.46.1
openSUSE Leap 15.6:qemu-accel-tcg-x86-8.2.10-150600.3.46.1
Ссылки
- CVE-2026-0665
- SUSE Bug 1256484