SUSE-SU-2024:3948-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 08 Nov 2024, 07:28
Last modified:04 Feb 2026, 03:10
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
08 Nov 2024, 07:28
Published
Vulnerability first disclosed
04 Feb 2026, 03:10
Last Modified
Vulnerability information updated
Description
Security update for qemu This update for qemu fixes the following issues: - CVE-2024-8354: Fixed assertion failure in usb_ep_get() (bsc#1230834). - CVE-2024-8612: Fixed nformation leak in virtio devices (bsc#1230915). - CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007).
Affected Systems
- opensuse•qemu&distro=openSUSE Leap 15.5
< 7.1.0-150500.49.24.1
- opensuse•qemu&distro=openSUSE Leap Micro 5.5
< 7.1.0-150500.49.24.1
- suse•qemu&distro=SUSE Linux Enterprise Micro 5.5
< 7.1.0-150500.49.24.1
- suse•qemu&distro=SUSE Linux Enterprise Module for Basesystem 15 SP5
< 7.1.0-150500.49.24.1
- suse•qemu&distro=SUSE Linux Enterprise Module for Package Hub 15 SP5
< 7.1.0-150500.49.24.1
- suse•qemu&distro=SUSE Linux Enterprise Module for Server Applications 15 SP5
< 7.1.0-150500.49.24.1
References (7)
- https://www.suse.com/support/update/announcement/2024/suse-su-20243948-1/
- https://bugzilla.suse.com/1229007
- https://bugzilla.suse.com/1230834
- https://bugzilla.suse.com/1230915
- https://www.suse.com/security/cve/CVE-2024-7409
- https://www.suse.com/security/cve/CVE-2024-8354
- https://www.suse.com/security/cve/CVE-2024-8612