SUSE-SU-2025:20076-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-202520076-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:20076-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:20076-1
- Upstream
- Related
- Published
- 2025-02-03T09:05:11Z
- Modified
- 2026-03-11T07:29:40.187991Z
- Summary
- Security update for qemu
- Details
-
This update for qemu fixes the following issues:
Bugfixes and CVEs:
- hw/usb/hcd-ohci: Fix #1510, #303: pid not IN or OUT (bsc#1230834, CVE-2024-8354)
- softmmu: Support concurrent bounce buffers (bsc#1230915, CVE-2024-8612)
- system/physmem: Per-AddressSpace bounce buffering (bsc#1230915, CVE-2024-8612)
- system/physmem: Propagate AddressSpace to MapClient helpers (bsc#1230915, CVE-2024-8612)
- system/physmem: Replace qemumutexlock() calls with QEMULOCKGUARD (bsc#1230915, CVE-2024-8612)
Update version to 8.2.7
- Full changelog here: https://lore.kernel.org/qemu-devel/d9ff276f-f1ba-4e90-8343-a7a0dc2bf305@tls.msk.ru/
- Fixes: bsc#1229007, CVE-2024-7409 bsc#1224132, CVE-2024-4693
- Some backports: gitlab: fix logic for changing docker tag on stable branches ui/sdl2: set swap interval explicitly when OpenGL is enabled hw/intc/armgic: fix spurious level triggered interrupts hw/audio/virtio-sound: fix heap buffer overflow tests/docker: update debian i686 and mipsel images to bookworm tests/docker: remove debian-armel-cross hw/display/vhost-user-gpu.c: fix vhostusergpuchrread() crypto: check gnutls & gcrypt support the requested pbkdf hash crypto: run qcryptopbkdf2countiters in a new thread softmmu/physmem: fix memory leak in dirtymemoryextend() target/ppc: Fix migration of CPUs with TLBEMB TLB type gitlab: migrate the s390x custom machine to 22.04 target/hppa: Fix PSW V-bit packaging in cpuhppa_get for hppa64 hw/audio/virtio-snd: fix invalid param check virtio-pci: Fix the use of an uninitialized irqfd
- Fix bsc#1231519:
- accel/kvm: check for KVMCAPREADONLY_MEM on VM (bsc#1231519)
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-202520076-1/
- https://bugzilla.suse.com/1224132
- https://bugzilla.suse.com/1229007
- https://bugzilla.suse.com/1229929
- https://bugzilla.suse.com/1230140
- https://bugzilla.suse.com/1230834
- https://bugzilla.suse.com/1230915
- https://bugzilla.suse.com/1231519
- https://www.suse.com/security/cve/CVE-2024-4693
- https://www.suse.com/security/cve/CVE-2024-7409
- https://www.suse.com/security/cve/CVE-2024-8354
- https://www.suse.com/security/cve/CVE-2024-8612
Affected packages
SUSE:Linux Micro 6.0 / qemu
Package
- Name
- qemu
- Purl
- pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Micro%206.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.2.7-1.1
Ecosystem specific
{
"binaries": [
{
"qemu-hw-usb-host": "8.2.7-1.1",
"qemu-arm": "8.2.7-1.1",
"qemu-ui-opengl": "8.2.7-1.1",
"qemu-s390x": "8.2.7-1.1",
"qemu-accel-tcg-x86": "8.2.7-1.1",
"qemu-block-curl": "8.2.7-1.1",
"qemu-tools": "8.2.7-1.1",
"qemu-lang": "8.2.7-1.1",
"qemu-hw-display-virtio-gpu-pci": "8.2.7-1.1",
"qemu-audio-spice": "8.2.7-1.1",
"qemu-ipxe": "8.2.7-1.1",
"qemu-block-rbd": "8.2.7-1.1",
"qemu-chardev-spice": "8.2.7-1.1",
"qemu-ui-spice-core": "8.2.7-1.1",
"qemu-guest-agent": "8.2.7-1.1",
"qemu-seabios": "8.2.71.16.3_3_ga95067eb-1.1",
"qemu": "8.2.7-1.1",
"qemu-ksm": "8.2.7-1.1",
"qemu-block-iscsi": "8.2.7-1.1",
"qemu-block-ssh": "8.2.7-1.1",
"qemu-x86": "8.2.7-1.1",
"qemu-img": "8.2.7-1.1",
"qemu-vgabios": "8.2.71.16.3_3_ga95067eb-1.1",
"qemu-hw-usb-redirect": "8.2.7-1.1",
"qemu-hw-display-virtio-vga": "8.2.7-1.1",
"qemu-hw-display-qxl": "8.2.7-1.1",
"qemu-pr-helper": "8.2.7-1.1",
"qemu-hw-display-virtio-gpu": "8.2.7-1.1"
}
]
}