[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2025:20011-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":22,"duplicates":23,"related":24,"reserved_at":9,"published_at":29,"modified_at":30,"state":9,"summary":31,"references_raw":33,"kevs":90,"epss":9,"epss_history":91,"metrics":92,"affected":93},"SUSE-SU-2025:20011-1","Security update for qemu\n\nThis update for qemu fixes the following issues:\n\n- Update to version 8.2.5:\n  * target/loongarch: fix a wrong print in cpu dump\n  * ui/sdl2: Allow host to power down screen\n  * target/i386: fix SSE and SSE2 feature check\n  * target/i386: fix xsave.flat from kvm-unit-tests\n  * disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs\n  * target/riscv/kvm.c: Fix the hart bit setting of AIA\n  * target/riscv: rvzicbo: Fixup CBO extension register calculation\n  * target/riscv: do not set mtval2 for non guest-page faults\n  * target/riscv: prioritize pmp errors in raise_mmu_exception()\n  * target/riscv: rvv: Remove redudant SEW checking for vector fp narrow/widen instructions\n  * target/riscv: rvv: Check single width operator for vfncvt.rod.f.f.w\n  * target/riscv: rvv: Check single width operator for vector fp widen instructions\n  * target/riscv: rvv: Fix Zvfhmin checking for vfwcvt.f.f.v and vfncvt.f.f.w instructions\n  * target/riscv/cpu.c: fix Zvkb extension config\n  * target/riscv: Fix the element agnostic function problem\n  * target/riscv/kvm: tolerate KVM disable ext errors\n  * hw/intc/riscv_aplic: APLICs should add child earlier than realize\n  * iotests: test NBD+TLS+iothread\n  * qio: Inherit follow_coroutine_ctx across TLS\n  * target/arm: Disable SVE extensions when SVE is disabled\n  * hw/intc/arm_gic: Fix handling of NS view of GICC_APR\u003Cn>\n  * hvf: arm: Fix encodings for ID_AA64PFR1_EL1 and debug System registers\n  * gitlab: use 'setarch -R' to workaround tsan bug\n  * gitlab: use $MAKE instead of 'make'\n  * dockerfiles: add 'MAKE' env variable to remaining containers\n  * gitlab: Update msys2-64bit runner tags\n  * target/i386: no single-step exception after MOV or POP SS\n\n- Update to version 8.2.4.\n  * target/sh4: Fix SUBV opcode\n  * target/sh4: Fix ADDV opcode\n  * hw/arm/npcm7xx: Store derivative OTP fuse key in little endian\n  * hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields\n  * hw/ufs: Fix buffer overflow bug\n  * tests/avocado: update sunxi kernel from armbian to 6.6.16\n  * target/loongarch/cpu.c: typo fix: expection\n  * backends/cryptodev-builtin: Fix local_error leaks\n  * nbd/server: Mark negotiation functions as coroutine_fn\n  * nbd/server: do not poll within a coroutine context\n  * linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY\n  * target/riscv/kvm: change timer regs size to u64\n  * target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64\n  * target/riscv/kvm: change KVM_REG_RISCV_FP_F to u32\n\n- Update to version 8.2.3.\n  * Update version for 8.2.3 release\n  * ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS.\n  * ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs.\n  * hw/pci-host/ppc440_pcix: Do not expose a bridge device on PCI bus\n  * hw/isa/vt82c686: Keep track of PIRQ/PINT pins separately\n  * virtio-pci: fix use of a released vector\n  * linux-user/x86_64: Handle the vsyscall page in open_self_maps_{2,4}\n  * hw/audio/virtio-snd: Remove unused assignment\n  * hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum()\n  * hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set\n  * hw/net/lan9118: Fix overflow in MIL TX FIFO\n  * hw/net/lan9118: Replace magic '2048' value by MIL_TXFIFO_SIZE definition\n  * backends/cryptodev: Do not abort for invalid session ID\n  * hw/misc/applesmc: Fix memory leak in reset() handler\n  * hw/block/nand: Fix out-of-bound access in NAND block buffer\n  * hw/block/nand: Have blk_load() take unsigned offset and return boolean\n  * hw/block/nand: Factor nand_load_iolen() method out\n  * qemu-options: Fix CXL Fixed Memory Window interleave-granularity typo\n  * hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs\n  * hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs\n  * hw/display/virtio-gpu: Protect from DMA re-entrancy bugs\n  * mirror: Don't call job_pause_point() under graph lock (bsc#1224179)\n\n- Backports and bugfixes:\n  * hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum() (bsc#1222841, CVE-2024-3567)\n  * hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)\n  * hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)\n  * hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)\n  * hw/virtio: Introduce virtio_bh_new_guarded() helper (bsc#1222843, CVE-2024-3446)\n  * hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (bsc#1222845, CVE-2024-3447)\n  * hw/nvme: Use pcie_sriov_num_vfs() (bsc#1220065, CVE-2024-26328)\n\n- Update to version 8.2.2\n  * chardev/char-socket: Fix TLS io channels sending too much data to the backend\n  * tests/unit/test-util-sockets: Remove temporary file after test\n  * hw/usb/bus.c: PCAP adding 0xA in Windows version\n  * hw/intc/Kconfig: Fix GIC settings when using \"--without-default-devices\"\n  * gitlab: force allow use of pip in Cirrus jobs\n  * tests/vm: avoid re-building the VM images all the time\n  * tests/vm: update openbsd image to 7.4\n  * target/i386: leave the A20 bit set in the final NPT walk\n  * target/i386: remove unnecessary/wrong application of the A20 mask\n  * target/i386: Fix physical address truncation\n  * target/i386: check validity of VMCB addresses\n  * target/i386: mask high bits of CR3 in 32-bit mode\n  * pl031: Update last RTCLR value on write in case it's read back\n  * hw/nvme: fix invalid endian conversion\n  * update edk2 binaries to edk2-stable202402\n  * update edk2 submodule to edk2-stable202402\n  * target/ppc: Fix crash on machine check caused by ifetch\n  * target/ppc: Fix lxv/stxv MSR facility check\n  * .gitlab-ci.d/windows.yml: Drop msys2-32bit job\n  * system/vl: Update description for input grab key\n  * docs/system: Update description for input grab key\n  * hw/hppa/Kconfig: Fix building with \"configure --without-default-devices\"\n  * tests/qtest: Depend on dbus_display1_dep\n  * meson: Explicitly specify dbus-display1.h dependency\n  * audio: Depend on dbus_display1_dep\n  * ui/console: Fix console resize with placeholder surface\n  * ui/clipboard: add asserts for update and request\n  * ui/clipboard: mark type as not available when there is no data\n  * ui: reject extended clipboard message if not activated\n  * target/i386: Generate an illegal opcode exception on cmp instructions with lock prefix\n  * i386/cpuid: Move leaf 7 to correct group\n  * i386/cpuid: Decrease cpuid_i when skipping CPUID leaf 1F\n  * i386/cpu: Mask with XCR0/XSS mask for FEAT_XSAVE_XCR0_HI and FEAT_XSAVE_XSS_HI leafs\n  * i386/cpu: Clear FEAT_XSAVE_XSS_LO/HI leafs when CPUID_EXT_XSAVE is not available\n  * .gitlab-ci/windows.yml: Don't install libusb or spice packages on 32-bit\n  * iotests: Make 144 deterministic again\n  * target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU\n  * target/arm: Fix SVE/SME gross MTE suppression checks\n  * target/arm: Handle mte in do_ldrq, do_ldro\n- Address bsc#1220310. Backported upstream commits:\n  * ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS\n  * ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs.\n",null,[],[],[],[14,16,18,20],{"_key":15},"CVE-2024-26328",{"_key":17},"CVE-2024-3446",{"_key":19},"CVE-2024-3447",{"_key":21},"CVE-2024-3567",[],[],[25,26,27,28],{"_key":15},{"_key":17},{"_key":19},{"_key":21},"2025-02-03T08:47:27Z","2026-03-23T04:47:06.565245Z",{"cisa_kev":32,"cisa_ransomware":32,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[34,40,45,49,53,57,61,65,69,73,78,82,86],{"url":35,"sources":36,"tags":38},"https://www.suse.com/support/update/announcement/2025/suse-su-202520011-1/",[37],"osv_suse",[39],"Advisory",{"url":41,"sources":42,"tags":43},"https://bugzilla.suse.com/1084909",[37],[44],"REPORT",{"url":46,"sources":47,"tags":48},"https://bugzilla.suse.com/1220065",[37],[44],{"url":50,"sources":51,"tags":52},"https://bugzilla.suse.com/1220310",[37],[44],{"url":54,"sources":55,"tags":56},"https://bugzilla.suse.com/1222218",[37],[44],{"url":58,"sources":59,"tags":60},"https://bugzilla.suse.com/1222841",[37],[44],{"url":62,"sources":63,"tags":64},"https://bugzilla.suse.com/1222843",[37],[44],{"url":66,"sources":67,"tags":68},"https://bugzilla.suse.com/1222845",[37],[44],{"url":70,"sources":71,"tags":72},"https://bugzilla.suse.com/1224179",[37],[44],{"url":74,"sources":75,"tags":76},"https://www.suse.com/security/cve/CVE-2024-26328",[37],[77],"WEB",{"url":79,"sources":80,"tags":81},"https://www.suse.com/security/cve/CVE-2024-3446",[37],[77],{"url":83,"sources":84,"tags":85},"https://www.suse.com/security/cve/CVE-2024-3447",[37],[77],{"url":87,"sources":88,"tags":89},"https://www.suse.com/security/cve/CVE-2024-3567",[37],[77],[],[],[],[94],{"ecosystem":95,"name":96,"vendor":97,"product":98,"cpe_part":9,"purl_type":99,"purl_namespace":97,"purl_name":98,"source":9,"versions":100},"SUSE Linux Enterprise","qemu","suse","qemu&distro=SUSE Linux Micro 6.0","rpm",[101],{"version":102,"is_range":103,"range_type":104,"version_start":9,"version_start_type":9,"version_end":105,"version_end_type":106,"fixed_in":9},"lt8_2_5_1_1",true,"ecosystem","8.2.5-1.1","excluding"]