SUSE-SU-2024:1438-1
Advisory lineage Upstream: 4 Downstream: 0
Published: 25 Apr 2024, 21:40
Last modified:04 Feb 2026, 02:36
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
25 Apr 2024, 21:40
Published
Vulnerability first disclosed
04 Feb 2026, 02:36
Last Modified
Vulnerability information updated
Description
Security update for qemu This update for qemu fixes the following issues: - CVE-2024-3447: Fixed heap buffer overflow in sdhci_write_dataport() (bsc#1222845) - CVE-2023-6683: Fixed NULL pointer dereference in qemu_clipboard_request() (bsc#1218889) - CVE-2024-3446: Fixed DMA reentrancy issue leads to double free vulnerability (bsc#1222843) - CVE-2023-3019: Fixed heap use-after-free in e1000e_write_packet_to_guest() (bsc#1213269)
Affected Systems
- opensuse•qemu&distro=openSUSE Leap 15.5
< 7.1.0-150500.49.15.1
- suse•qemu&distro=SUSE Linux Enterprise Micro 5.5
< 7.1.0-150500.49.15.1
- suse•qemu&distro=SUSE Linux Enterprise Module for Basesystem 15 SP5
< 7.1.0-150500.49.15.1
- suse•qemu&distro=SUSE Linux Enterprise Module for Package Hub 15 SP5
< 7.1.0-150500.49.15.1
- suse•qemu&distro=SUSE Linux Enterprise Module for Server Applications 15 SP5
< 7.1.0-150500.49.15.1
References (9)
- https://www.suse.com/support/update/announcement/2024/suse-su-20241438-1/
- https://bugzilla.suse.com/1213269
- https://bugzilla.suse.com/1218889
- https://bugzilla.suse.com/1222843
- https://bugzilla.suse.com/1222845
- https://www.suse.com/security/cve/CVE-2023-3019
- https://www.suse.com/security/cve/CVE-2023-6683
- https://www.suse.com/security/cve/CVE-2024-3446
- https://www.suse.com/security/cve/CVE-2024-3447