SUSE-SU-2026:0039-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 06 Jan 2026, 10:31
Last modified:23 Mar 2026, 04:51
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
06 Jan 2026, 10:31
Published
Vulnerability first disclosed
23 Mar 2026, 04:51
Last Modified
Vulnerability information updated
Description
Security update for qemu This update for qemu fixes the following issues: - CVE-2024-6505: qemu-kvm: virtio-net: Fixed queue index out-of-bounds access in software RSS (bsc#1227397) - CVE-2025-12464: net: pad packets to minimum length in qemu_receive_packet() (bsc#1253002) - CVE-2025-11234: qemu-kvm: Fixed use-after-free in websocket handshake code leading to denial of service (bsc#1250984) Other fixes: - Fixed *-virtio-gpu-pci dependency on ARM (bsc#1254286) - block/curl: Fixed curl internal handles handling (bsc#1252768)
Affected Systems
- suse•qemu&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
< 7.1.0-150500.49.36.2
- suse•qemu&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
< 7.1.0-150500.49.36.2
- suse•qemu&distro=SUSE Linux Enterprise Micro 5.5
< 7.1.0-150500.49.36.2
- suse•qemu&distro=SUSE Linux Enterprise Module for Server Applications 15 SP7
< 7.1.0-150500.49.36.2
- suse•qemu&distro=SUSE Linux Enterprise Server 15 SP5-LTSS
< 7.1.0-150500.49.36.2
- suse•qemu&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP5
< 7.1.0-150500.49.36.2
References (9)
- https://www.suse.com/support/update/announcement/2026/suse-su-20260039-1/
- https://bugzilla.suse.com/1227397
- https://bugzilla.suse.com/1250984
- https://bugzilla.suse.com/1252768
- https://bugzilla.suse.com/1253002
- https://bugzilla.suse.com/1254286
- https://www.suse.com/security/cve/CVE-2024-6505
- https://www.suse.com/security/cve/CVE-2025-11234
- https://www.suse.com/security/cve/CVE-2025-12464