OPENSUSE-SU-2025:20171-1

Description

Security update for qemu This update for qemu fixes the following issues: Update to version 10.0.7. Security issues fixed: - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host (bsc#1253002). - CVE-2025-11234: use-after-free in WebSocket handshake operations can be exploited by a malicious client with network access to the VNC WebSocket port to cause a denial-of-service (bsc#1250984). Other updates and bugfixes: - Version 10.0.7: * kvm: Fix kvm_vm_ioctl() and kvm_device_ioctl() return value * docs/devel: Update URL for make-pullreq script * target/arm: Fix assert on BRA. * hw/aspeed/{xdma, rtc, sdhci}: Fix endianness to DEVICE_LITTLE_ENDIAN * hw/core/machine: Provide a description for aux-ram-share property * hw/pci: Make msix_init take a uint32_t for nentries * block/io_uring: avoid potentially getting stuck after resubmit at the end of ioq_submit() * block-backend: Fix race when resuming queued requests * ui/vnc: Fix qemu abort when query vnc info * chardev/char-pty: Do not ignore chr_write() failures * hw/display/exynos4210_fimd: Account for zero length in fimd_update_memory_section() * hw/arm/armv7m: Disable reentrancy guard for v7m_sysreg_ns_ops MRs * hw/arm/aspeed: Fix missing SPI IRQ connection causing DMA interrupt failure * migration: Fix transition to COLO state from precopy * Full backport list: https://lore.kernel.org/qemu-devel/1765037524.347582.2700543.nullmailer@tls.msk.ru/ - Version 10.0.6: * linux-user/microblaze: Fix little-endianness binary * target/hppa: correct size bit parity for fmpyadd * target/i386: user: do not set up a valid LDT on reset * async: access bottom half flags with qatomic_read * target/i386: fix x86_64 pushw op * i386/tcg/smm_helper: Properly apply DR values on SMM entry / exit * i386/cpu: Prevent delivering SIPI during SMM in TCG mode * i386/kvm: Expose ARCH_CAP_FB_CLEAR when invulnerable to MDS * target/i386: Fix CR2 handling for non-canonical addresses * block/curl.c: Use explicit long constants in curl_easy_setopt calls * pcie_sriov: Fix broken MMIO accesses from SR-IOV VFs * target/riscv: rvv: Fix vslide1[up|down].vx unexpected result when XLEN2 and SEWd * target/riscv: Fix ssamoswap error handling * Full backport list: https://lore.kernel.org/qemu-devel/1761022287.744330.6357.nullmailer@tls.msk.ru/ - Version 10.0.5: * tests/functional/test_aarch64_sbsaref_freebsd: Fix the URL of the ISO image * tests/functional/test_ppc_bamboo: Replace broken link with working assets * physmem: Destroy all CPU AddressSpaces on unrealize * memory: New AS helper to serialize destroy+free * include/system/memory.h: Clarify address_space_destroy() behaviour * migration: Fix state transition in postcopy_start() error handling * target/riscv: rvv: Modify minimum VLEN according to enabled vector extensions * target/riscv: rvv: Replace checking V by checking Zve32x * target/riscv: Fix endianness swap on compressed instructions * hw/riscv/riscv-iommu: Fixup PDT Nested Walk * Full backport list: https://lore.kernel.org/qemu-devel/1759986125.676506.643525.nullmailer@tls.msk.ru/ - [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286). - [openSUSE][RPM] spec: make glusterfs support conditional (bsc#1254494).

Affected Systems

• opensuse•qemu-linux-user&distro=openSUSE Leap 16.0

  < 10.0.7-160000.1.1

• opensuse•qemu&distro=openSUSE Leap 16.0

  < 10.0.7-160000.1.1

References (7)

• https://bugzilla.suse.com/1230042
• https://bugzilla.suse.com/1250984
• https://bugzilla.suse.com/1253002
• https://bugzilla.suse.com/1254286
• https://bugzilla.suse.com/1254494
• https://www.suse.com/security/cve/CVE-2025-11234
• https://www.suse.com/security/cve/CVE-2025-12464