Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2026:20567-1

Опубликовано: 20 апр. 2026
Источник: suse-cvrf

Описание

Security update for qemu

This update for qemu fixes the following issues:

Update to version 10.0.9.

Security issues fixed:

  • CVE-2026-3196: unbounded memory allocation and host denial-of-service via PCM_INFO requests sent from the guest (bsc#1259079).
  • CVE-2026-3195: heap out-of-bounds write when reading input audio in the virtio-snd device input callback (bsc#1259080).
  • CVE-2026-2243: heap out-of-bounds read and 12-byte information leak when processing specially crafted VMDK files with qemu-img (bsc#1258509).

Other updates and bugfixes:

  • Version 10.0.9:

    • Full backport list: https://lore.kernel.org/qemu-devel/20260318045608.7E1B513DFF6@think4mjt.localdomain/
    • hyperv/syndbg: check length returned by cpu_physical_memory_map()
    • fuse: Copy write buffer content before polling
    • target/loongarch: Avoid recursive PNX exception on CSR_BADI fetch
    • target/loongarch: Preserve PTE permission bits in LDPTE
    • hw/net/npcm_gmac: Catch accesses off the end of the register array
    • linux-user: fix TIOCGSID ioctl
    • tests/tcg/multiarch/test-mmap: Check mmaps beyond reserved_va
    • bsd-user: Deal with mmap where start > reserved_va
    • linux-user: Deal with mmap where start > reserved_va
    • hw/net/xilinx_ethlite: Check for oversized TX packets
    • virtio-gpu: Ensure BHs are invoked only from main-loop thread
    • block/nfs: Do not enter coroutine from CB
    • block: Never drop BLOCK_IO_ERROR with action=stop for rate limiting
    • block/throttle-groups: fix deadlock with iolimits and muliple iothreads
    • mirror: Fix missed dirty bitmap writes during startup
    • block/curl: fix concurrent completion handling
    • block/vmdk: fix OOB read in vmdk_read_extent()
    • hw/net/smc91c111: Don't allow negative-length packets
    • io: fix cleanup for websock I/O source data on cancellation
    • io: fix cleanup for TLS I/O source data on cancellation
    • io: separate freeing of tasks from marking them as complete
    • target/i386/hvf/x86_mmu: Fix compiler warning
    • hw/i386/vmmouse: Fix hypercall clobbers
    • tests/docker: upgrade most non-lcitool debian tests to debian 13
    • hw/9pfs: fix missing EOPNOTSUPP on Twstat and Trenameat for fs synth driver
    • hw/9pfs: fix data race in v9fs_mark_fids_unreclaim()

  • Add support for AMD-Turn CPUs (jsc#PED-13174)

    • target/i386: Add support for EPYC-Turin model (jsc#PED-13174)
    • target/i386: Update EPYC-Genoa for Cache property, perfmon-v2, RAS and SVM feature bits (jsc#PED-13174)
    • target/i386: Add couple of feature bits in CPUID_Fn80000021_EAX (jsc#PED-13174)
    • target/i386: Update EPYC-Milan CPU model for Cache property, RAS, SVM feature bits (jsc#PED-13174)
    • target/i386: Update EPYC-Rome CPU model for Cache property, RAS, SVM feature bits (jsc#PED-13174)
    • target/i386: Update EPYC CPU model for Cache property, RAS, SVM feature bits (jsc#PED-13174)

Список пакетов

openSUSE Leap 16.0
qemu-10.0.9-160000.1.1
qemu-SLOF-10.0.9-160000.1.1
qemu-accel-qtest-10.0.9-160000.1.1
qemu-arm-10.0.9-160000.1.1
qemu-audio-alsa-10.0.9-160000.1.1
qemu-audio-dbus-10.0.9-160000.1.1
qemu-audio-jack-10.0.9-160000.1.1
qemu-audio-oss-10.0.9-160000.1.1
qemu-audio-pa-10.0.9-160000.1.1
qemu-audio-pipewire-10.0.9-160000.1.1
qemu-audio-spice-10.0.9-160000.1.1
qemu-block-curl-10.0.9-160000.1.1
qemu-block-dmg-10.0.9-160000.1.1
qemu-block-iscsi-10.0.9-160000.1.1
qemu-block-nfs-10.0.9-160000.1.1
qemu-block-rbd-10.0.9-160000.1.1
qemu-block-ssh-10.0.9-160000.1.1
qemu-chardev-baum-10.0.9-160000.1.1
qemu-chardev-spice-10.0.9-160000.1.1
qemu-doc-10.0.9-160000.1.1
qemu-extra-10.0.9-160000.1.1
qemu-guest-agent-10.0.9-160000.1.1
qemu-headless-10.0.9-160000.1.1
qemu-hw-display-qxl-10.0.9-160000.1.1
qemu-hw-display-virtio-gpu-10.0.9-160000.1.1
qemu-hw-display-virtio-gpu-pci-10.0.9-160000.1.1
qemu-hw-display-virtio-vga-10.0.9-160000.1.1
qemu-hw-s390x-virtio-gpu-ccw-10.0.9-160000.1.1
qemu-hw-usb-host-10.0.9-160000.1.1
qemu-hw-usb-redirect-10.0.9-160000.1.1
qemu-hw-usb-smartcard-10.0.9-160000.1.1
qemu-img-10.0.9-160000.1.1
qemu-ipxe-10.0.9-160000.1.1
qemu-ivshmem-tools-10.0.9-160000.1.1
qemu-ksm-10.0.9-160000.1.1
qemu-lang-10.0.9-160000.1.1
qemu-linux-user-10.0.9-160000.1.1
qemu-microvm-10.0.9-160000.1.1
qemu-ppc-10.0.9-160000.1.1
qemu-pr-helper-10.0.9-160000.1.1
qemu-s390x-10.0.9-160000.1.1
qemu-seabios-10.0.91.16.3_3_g3d33c746-160000.1.1
qemu-skiboot-10.0.9-160000.1.1
qemu-spice-10.0.9-160000.1.1
qemu-tools-10.0.9-160000.1.1
qemu-ui-curses-10.0.9-160000.1.1
qemu-ui-dbus-10.0.9-160000.1.1
qemu-ui-gtk-10.0.9-160000.1.1
qemu-ui-opengl-10.0.9-160000.1.1
qemu-ui-spice-app-10.0.9-160000.1.1
qemu-ui-spice-core-10.0.9-160000.1.1
qemu-vgabios-10.0.91.16.3_3_g3d33c746-160000.1.1
qemu-vhost-user-gpu-10.0.9-160000.1.1
qemu-vmsr-helper-10.0.9-160000.1.1
qemu-x86-10.0.9-160000.1.1

Ссылки

Описание

A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition (DoS).

Затронутые продукты
openSUSE Leap 16.0:qemu-10.0.9-160000.1.1
openSUSE Leap 16.0:qemu-SLOF-10.0.9-160000.1.1
openSUSE Leap 16.0:qemu-accel-qtest-10.0.9-160000.1.1
openSUSE Leap 16.0:qemu-arm-10.0.9-160000.1.1
Ссылки

Описание

unknown

Затронутые продукты
openSUSE Leap 16.0:qemu-10.0.9-160000.1.1
openSUSE Leap 16.0:qemu-SLOF-10.0.9-160000.1.1
openSUSE Leap 16.0:qemu-accel-qtest-10.0.9-160000.1.1
openSUSE Leap 16.0:qemu-arm-10.0.9-160000.1.1
Ссылки

Описание

unknown

Затронутые продукты
openSUSE Leap 16.0:qemu-10.0.9-160000.1.1
openSUSE Leap 16.0:qemu-SLOF-10.0.9-160000.1.1
openSUSE Leap 16.0:qemu-accel-qtest-10.0.9-160000.1.1
openSUSE Leap 16.0:qemu-arm-10.0.9-160000.1.1
Ссылки
Уязвимость openSUSE-SU-2026:20567-1