SUSE-SU-2026:0022-1
Advisory lineage Upstream: 2 Downstream: 0
Upstream
Published: 05 Jan 2026, 11:18
Last modified:23 Mar 2026, 04:51
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
05 Jan 2026, 11:18
Published
Vulnerability first disclosed
23 Mar 2026, 04:51
Last Modified
Vulnerability information updated
Description
Security update for qemu This update for qemu fixes the following issues: Security issues fixed: - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host (bsc#1253002). - CVE-2025-11234: use-after-free in WebSocket handshake operations can be exploited by a malicious client with network access to the VNC WebSocket port to cause a denial-of-service (bsc#1250984). Other updates and bugfixes: - [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286). - block/curl: fix curl internal handles handling (bsc#1252768).
Affected Systems
- opensuse•qemu-linux-user&distro=openSUSE Leap 15.6
< 8.2.10-150600.3.43.1
- opensuse•qemu&distro=openSUSE Leap 15.6
< 8.2.10-150600.3.43.1
- suse•qemu&distro=SUSE Linux Enterprise Server 15 SP6-LTSS
< 8.2.10-150600.3.43.1
- suse•qemu&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP6
< 8.2.10-150600.3.43.1
References (7)
- https://www.suse.com/support/update/announcement/2026/suse-su-20260022-1/
- https://bugzilla.suse.com/1250984
- https://bugzilla.suse.com/1252768
- https://bugzilla.suse.com/1253002
- https://bugzilla.suse.com/1254286
- https://www.suse.com/security/cve/CVE-2025-11234
- https://www.suse.com/security/cve/CVE-2025-12464