SUSE-SU-2024:4304-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 12 Dec 2024, 13:22
Last modified:04 Feb 2026, 03:16
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
12 Dec 2024, 13:22
Published
Vulnerability first disclosed
04 Feb 2026, 03:16
Last Modified
Vulnerability information updated
Description
Security update for qemu This update for qemu fixes the following issues: - CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007) - CVE-2024-8354: Fixed assertion failure in usb_ep_get() in usb (bsc#1230834) - CVE-2024-8612: Fixed information leak in virtio devices (bsc#1230915)
Affected Systems
- suse•qemu&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
< 6.2.0-150400.37.37.3
- suse•qemu&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
< 6.2.0-150400.37.37.3
- suse•qemu&distro=SUSE Linux Enterprise Micro 5.3
< 6.2.0-150400.37.37.3
- suse•qemu&distro=SUSE Linux Enterprise Micro 5.4
< 6.2.0-150400.37.37.3
- suse•qemu&distro=SUSE Linux Enterprise Server 15 SP4-LTSS
< 6.2.0-150400.37.37.3
- suse•qemu&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4
< 6.2.0-150400.37.37.3
- suse•qemu&distro=SUSE Manager Proxy 4.3
< 6.2.0-150400.37.37.3
- suse•qemu&distro=SUSE Manager Server 4.3
< 6.2.0-150400.37.37.3
References (7)
- https://www.suse.com/support/update/announcement/2024/suse-su-20244304-1/
- https://bugzilla.suse.com/1229007
- https://bugzilla.suse.com/1230834
- https://bugzilla.suse.com/1230915
- https://www.suse.com/security/cve/CVE-2024-7409
- https://www.suse.com/security/cve/CVE-2024-8354
- https://www.suse.com/security/cve/CVE-2024-8612