Описание
Security update for qemu
This update for qemu fixes the following issues:
- CVE-2026-2243: incorrect bounds check leads to heap out-of-bounds read and a 12-byte information leak when processing specially crafted VMDK files (bsc#1258509).
- CVE-2026-3195: heap buffer overflow when reading input audio in the virtio-snd device input callback due to
insufficient checks in
virtio_snd_pcm_in_cb(bsc#1259080). - CVE-2026-3196: integer overflow in the virtio-snd device via PCM_INFO requests from the guest leads to unbounded memory allocation and host denial-of-service (bsc#1259079).
- CVE-2026-3842: hyperv/syndbg: missing mapped-length guard after cpu_physical_memory_map causes host OOB write (bsc#1262089).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP7
qemu-img-9.2.4-150700.3.20.1
qemu-pr-helper-9.2.4-150700.3.20.1
qemu-tools-9.2.4-150700.3.20.1
qemu-vmsr-helper-9.2.4-150700.3.20.1
SUSE Linux Enterprise Module for Package Hub 15 SP7
qemu-SLOF-9.2.4-150700.3.20.1
qemu-accel-qtest-9.2.4-150700.3.20.1
qemu-arm-9.2.4-150700.3.20.1
qemu-audio-jack-9.2.4-150700.3.20.1
qemu-audio-oss-9.2.4-150700.3.20.1
qemu-block-dmg-9.2.4-150700.3.20.1
qemu-extra-9.2.4-150700.3.20.1
qemu-hw-s390x-virtio-gpu-ccw-9.2.4-150700.3.20.1
qemu-hw-usb-smartcard-9.2.4-150700.3.20.1
qemu-ivshmem-tools-9.2.4-150700.3.20.1
qemu-linux-user-9.2.4-150700.3.20.1
qemu-microvm-9.2.4-150700.3.20.1
qemu-ppc-9.2.4-150700.3.20.1
qemu-s390x-9.2.4-150700.3.20.1
qemu-skiboot-9.2.4-150700.3.20.1
qemu-vhost-user-gpu-9.2.4-150700.3.20.1
SUSE Linux Enterprise Module for Server Applications 15 SP7
qemu-9.2.4-150700.3.20.1
qemu-SLOF-9.2.4-150700.3.20.1
qemu-accel-tcg-x86-9.2.4-150700.3.20.1
qemu-arm-9.2.4-150700.3.20.1
qemu-audio-alsa-9.2.4-150700.3.20.1
qemu-audio-dbus-9.2.4-150700.3.20.1
qemu-audio-pa-9.2.4-150700.3.20.1
qemu-audio-pipewire-9.2.4-150700.3.20.1
qemu-audio-spice-9.2.4-150700.3.20.1
qemu-block-curl-9.2.4-150700.3.20.1
qemu-block-iscsi-9.2.4-150700.3.20.1
qemu-block-nfs-9.2.4-150700.3.20.1
qemu-block-rbd-9.2.4-150700.3.20.1
qemu-block-ssh-9.2.4-150700.3.20.1
qemu-chardev-baum-9.2.4-150700.3.20.1
qemu-chardev-spice-9.2.4-150700.3.20.1
qemu-guest-agent-9.2.4-150700.3.20.1
qemu-headless-9.2.4-150700.3.20.1
qemu-hw-display-qxl-9.2.4-150700.3.20.1
qemu-hw-display-virtio-gpu-9.2.4-150700.3.20.1
qemu-hw-display-virtio-gpu-pci-9.2.4-150700.3.20.1
qemu-hw-display-virtio-vga-9.2.4-150700.3.20.1
qemu-hw-s390x-virtio-gpu-ccw-9.2.4-150700.3.20.1
qemu-hw-usb-host-9.2.4-150700.3.20.1
qemu-hw-usb-redirect-9.2.4-150700.3.20.1
qemu-ipxe-9.2.4-150700.3.20.1
qemu-ksm-9.2.4-150700.3.20.1
qemu-lang-9.2.4-150700.3.20.1
qemu-ppc-9.2.4-150700.3.20.1
qemu-s390x-9.2.4-150700.3.20.1
qemu-seabios-9.2.41.16.3_3_g3d33c746-150700.3.20.1
qemu-skiboot-9.2.4-150700.3.20.1
qemu-spice-9.2.4-150700.3.20.1
qemu-ui-curses-9.2.4-150700.3.20.1
qemu-ui-dbus-9.2.4-150700.3.20.1
qemu-ui-gtk-9.2.4-150700.3.20.1
qemu-ui-opengl-9.2.4-150700.3.20.1
qemu-ui-spice-app-9.2.4-150700.3.20.1
qemu-ui-spice-core-9.2.4-150700.3.20.1
qemu-vgabios-9.2.41.16.3_3_g3d33c746-150700.3.20.1
qemu-x86-9.2.4-150700.3.20.1
Ссылки
- Link for SUSE-SU-2026:2385-1
- E-Mail link for SUSE-SU-2026:2385-1
- SUSE Security Ratings
- SUSE Bug 1199023
- SUSE Bug 1258509
- SUSE Bug 1259079
- SUSE Bug 1259080
- SUSE Bug 1262089
- SUSE CVE CVE-2026-2243 page
- SUSE CVE CVE-2026-3195 page
- SUSE CVE CVE-2026-3196 page
- SUSE CVE CVE-2026-3842 page
Описание
A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition (DoS).
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP7:qemu-img-9.2.4-150700.3.20.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:qemu-pr-helper-9.2.4-150700.3.20.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:qemu-tools-9.2.4-150700.3.20.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:qemu-vmsr-helper-9.2.4-150700.3.20.1
Ссылки
- CVE-2026-2243
- SUSE Bug 1258509
Описание
unknown
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP7:qemu-img-9.2.4-150700.3.20.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:qemu-pr-helper-9.2.4-150700.3.20.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:qemu-tools-9.2.4-150700.3.20.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:qemu-vmsr-helper-9.2.4-150700.3.20.1
Ссылки
- CVE-2026-3195
- SUSE Bug 1259080
Описание
unknown
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP7:qemu-img-9.2.4-150700.3.20.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:qemu-pr-helper-9.2.4-150700.3.20.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:qemu-tools-9.2.4-150700.3.20.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:qemu-vmsr-helper-9.2.4-150700.3.20.1
Ссылки
- CVE-2026-3196
- SUSE Bug 1259079
Описание
unknown
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP7:qemu-img-9.2.4-150700.3.20.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:qemu-pr-helper-9.2.4-150700.3.20.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:qemu-tools-9.2.4-150700.3.20.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:qemu-vmsr-helper-9.2.4-150700.3.20.1
Ссылки
- CVE-2026-3842
- SUSE Bug 1262089