SUSE-SU-2025:21233-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-202521233-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:21233-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:21233-1
- Upstream
- Related
- Published
- 2025-12-18T12:38:54Z
- Modified
- 2026-03-11T07:30:51.376804Z
- Summary
- Security update for qemu
- Details
-
This update for qemu fixes the following issues:
Update to version 10.0.7.
Security issues fixed:
- CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host (bsc#1253002).
- CVE-2025-11234: use-after-free in WebSocket handshake operations can be exploited by a malicious client with network access to the VNC WebSocket port to cause a denial-of-service (bsc#1250984).
Other updates and bugfixes:
Version 10.0.7:
- kvm: Fix kvmvmioctl() and kvmdeviceioctl() return value
- docs/devel: Update URL for make-pullreq script
- target/arm: Fix assert on BRA.
- hw/aspeed/{xdma, rtc, sdhci}: Fix endianness to DEVICELITTLEENDIAN
- hw/core/machine: Provide a description for aux-ram-share property
- hw/pci: Make msixinit take a uint32t for nentries
- block/iouring: avoid potentially getting stuck after resubmit at the end of ioqsubmit()
- block-backend: Fix race when resuming queued requests
- ui/vnc: Fix qemu abort when query vnc info
- chardev/char-pty: Do not ignore chr_write() failures
- hw/display/exynos4210fimd: Account for zero length in fimdupdatememorysection()
- hw/arm/armv7m: Disable reentrancy guard for v7msysregns_ops MRs
- hw/arm/aspeed: Fix missing SPI IRQ connection causing DMA interrupt failure
- migration: Fix transition to COLO state from precopy
- Full backport list: https://lore.kernel.org/qemu-devel/1765037524.347582.2700543.nullmailer@tls.msk.ru/
Version 10.0.6:
- linux-user/microblaze: Fix little-endianness binary
- target/hppa: correct size bit parity for fmpyadd
- target/i386: user: do not set up a valid LDT on reset
- async: access bottom half flags with qatomic_read
- target/i386: fix x86_64 pushw op
- i386/tcg/smm_helper: Properly apply DR values on SMM entry / exit
- i386/cpu: Prevent delivering SIPI during SMM in TCG mode
- i386/kvm: Expose ARCHCAPFB_CLEAR when invulnerable to MDS
- target/i386: Fix CR2 handling for non-canonical addresses
- block/curl.c: Use explicit long constants in curleasysetopt calls
- pcie_sriov: Fix broken MMIO accesses from SR-IOV VFs
- target/riscv: rvv: Fix vslide1[up|down].vx unexpected result when XLEN2 and SEWd
- target/riscv: Fix ssamoswap error handling
- Full backport list: https://lore.kernel.org/qemu-devel/1761022287.744330.6357.nullmailer@tls.msk.ru/
Version 10.0.5:
- tests/functional/testaarch64sbsaref_freebsd: Fix the URL of the ISO image
- tests/functional/testppcbamboo: Replace broken link with working assets
- physmem: Destroy all CPU AddressSpaces on unrealize
- memory: New AS helper to serialize destroy+free
- include/system/memory.h: Clarify addressspacedestroy() behaviour
- migration: Fix state transition in postcopy_start() error handling
- target/riscv: rvv: Modify minimum VLEN according to enabled vector extensions
- target/riscv: rvv: Replace checking V by checking Zve32x
- target/riscv: Fix endianness swap on compressed instructions
- hw/riscv/riscv-iommu: Fixup PDT Nested Walk
- Full backport list: https://lore.kernel.org/qemu-devel/1759986125.676506.643525.nullmailer@tls.msk.ru/
[openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286).
- [openSUSE][RPM] spec: make glusterfs support conditional (bsc#1254494).
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-202521233-1/
- https://bugzilla.suse.com/1230042
- https://bugzilla.suse.com/1250984
- https://bugzilla.suse.com/1253002
- https://bugzilla.suse.com/1254286
- https://bugzilla.suse.com/1254494
- https://www.suse.com/security/cve/CVE-2025-11234
- https://www.suse.com/security/cve/CVE-2025-12464
Affected packages
SUSE:Linux Enterprise Server 16.0
qemu
Package
- Name
- qemu
- Purl
- pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2016.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.0.7-160000.1.1
Ecosystem specific
{
"binaries": [
{
"qemu-doc": "10.0.7-160000.1.1",
"qemu-block-nfs": "10.0.7-160000.1.1",
"qemu-skiboot": "10.0.7-160000.1.1",
"qemu-img": "10.0.7-160000.1.1",
"qemu-ksm": "10.0.7-160000.1.1",
"qemu-x86": "10.0.7-160000.1.1",
"qemu-linux-user": "10.0.7-160000.1.1",
"qemu-vhost-user-gpu": "10.0.7-160000.1.1",
"qemu-ppc": "10.0.7-160000.1.1",
"qemu-SLOF": "10.0.7-160000.1.1",
"qemu-hw-usb-host": "10.0.7-160000.1.1",
"qemu-ivshmem-tools": "10.0.7-160000.1.1",
"qemu": "10.0.7-160000.1.1",
"qemu-audio-jack": "10.0.7-160000.1.1",
"qemu-extra": "10.0.7-160000.1.1",
"qemu-hw-display-virtio-vga": "10.0.7-160000.1.1",
"qemu-s390x": "10.0.7-160000.1.1",
"qemu-guest-agent": "10.0.7-160000.1.1",
"qemu-lang": "10.0.7-160000.1.1",
"qemu-block-ssh": "10.0.7-160000.1.1",
"qemu-audio-dbus": "10.0.7-160000.1.1",
"qemu-hw-display-virtio-gpu-pci": "10.0.7-160000.1.1",
"qemu-seabios": "10.0.71.16.3_3_g3d33c746-160000.1.1",
"qemu-block-iscsi": "10.0.7-160000.1.1",
"qemu-arm": "10.0.7-160000.1.1",
"qemu-block-dmg": "10.0.7-160000.1.1",
"qemu-hw-display-virtio-gpu": "10.0.7-160000.1.1",
"qemu-tools": "10.0.7-160000.1.1",
"qemu-hw-usb-redirect": "10.0.7-160000.1.1",
"qemu-audio-oss": "10.0.7-160000.1.1",
"qemu-microvm": "10.0.7-160000.1.1",
"qemu-audio-alsa": "10.0.7-160000.1.1",
"qemu-pr-helper": "10.0.7-160000.1.1",
"qemu-hw-usb-smartcard": "10.0.7-160000.1.1",
"qemu-headless": "10.0.7-160000.1.1",
"qemu-ipxe": "10.0.7-160000.1.1",
"qemu-vgabios": "10.0.71.16.3_3_g3d33c746-160000.1.1",
"qemu-hw-s390x-virtio-gpu-ccw": "10.0.7-160000.1.1",
"qemu-block-curl": "10.0.7-160000.1.1",
"qemu-vmsr-helper": "10.0.7-160000.1.1"
}
]
}qemu-linux-user
Package
- Name
- qemu-linux-user
- Purl
- pkg:rpm/suse/qemu-linux-user&distro=SUSE%20Linux%20Enterprise%20Server%2016.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.0.7-160000.1.1
Ecosystem specific
{
"binaries": [
{
"qemu-doc": "10.0.7-160000.1.1",
"qemu-block-nfs": "10.0.7-160000.1.1",
"qemu-skiboot": "10.0.7-160000.1.1",
"qemu-img": "10.0.7-160000.1.1",
"qemu-ksm": "10.0.7-160000.1.1",
"qemu-x86": "10.0.7-160000.1.1",
"qemu-linux-user": "10.0.7-160000.1.1",
"qemu-vhost-user-gpu": "10.0.7-160000.1.1",
"qemu-ppc": "10.0.7-160000.1.1",
"qemu-SLOF": "10.0.7-160000.1.1",
"qemu-hw-usb-host": "10.0.7-160000.1.1",
"qemu-ivshmem-tools": "10.0.7-160000.1.1",
"qemu": "10.0.7-160000.1.1",
"qemu-audio-jack": "10.0.7-160000.1.1",
"qemu-extra": "10.0.7-160000.1.1",
"qemu-hw-display-virtio-vga": "10.0.7-160000.1.1",
"qemu-s390x": "10.0.7-160000.1.1",
"qemu-guest-agent": "10.0.7-160000.1.1",
"qemu-lang": "10.0.7-160000.1.1",
"qemu-block-ssh": "10.0.7-160000.1.1",
"qemu-audio-dbus": "10.0.7-160000.1.1",
"qemu-hw-display-virtio-gpu-pci": "10.0.7-160000.1.1",
"qemu-seabios": "10.0.71.16.3_3_g3d33c746-160000.1.1",
"qemu-block-iscsi": "10.0.7-160000.1.1",
"qemu-arm": "10.0.7-160000.1.1",
"qemu-block-dmg": "10.0.7-160000.1.1",
"qemu-hw-display-virtio-gpu": "10.0.7-160000.1.1",
"qemu-tools": "10.0.7-160000.1.1",
"qemu-hw-usb-redirect": "10.0.7-160000.1.1",
"qemu-audio-oss": "10.0.7-160000.1.1",
"qemu-microvm": "10.0.7-160000.1.1",
"qemu-audio-alsa": "10.0.7-160000.1.1",
"qemu-pr-helper": "10.0.7-160000.1.1",
"qemu-hw-usb-smartcard": "10.0.7-160000.1.1",
"qemu-headless": "10.0.7-160000.1.1",
"qemu-ipxe": "10.0.7-160000.1.1",
"qemu-vgabios": "10.0.71.16.3_3_g3d33c746-160000.1.1",
"qemu-hw-s390x-virtio-gpu-ccw": "10.0.7-160000.1.1",
"qemu-block-curl": "10.0.7-160000.1.1",
"qemu-vmsr-helper": "10.0.7-160000.1.1"
}
]
}SUSE:Linux Enterprise Server for SAP applications 16.0
qemu
Package
- Name
- qemu
- Purl
- pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.0.7-160000.1.1
Ecosystem specific
{
"binaries": [
{
"qemu-doc": "10.0.7-160000.1.1",
"qemu-block-nfs": "10.0.7-160000.1.1",
"qemu-skiboot": "10.0.7-160000.1.1",
"qemu-img": "10.0.7-160000.1.1",
"qemu-ksm": "10.0.7-160000.1.1",
"qemu-x86": "10.0.7-160000.1.1",
"qemu-linux-user": "10.0.7-160000.1.1",
"qemu-vhost-user-gpu": "10.0.7-160000.1.1",
"qemu-ppc": "10.0.7-160000.1.1",
"qemu-SLOF": "10.0.7-160000.1.1",
"qemu-hw-usb-host": "10.0.7-160000.1.1",
"qemu-ivshmem-tools": "10.0.7-160000.1.1",
"qemu": "10.0.7-160000.1.1",
"qemu-audio-jack": "10.0.7-160000.1.1",
"qemu-extra": "10.0.7-160000.1.1",
"qemu-hw-display-virtio-vga": "10.0.7-160000.1.1",
"qemu-s390x": "10.0.7-160000.1.1",
"qemu-guest-agent": "10.0.7-160000.1.1",
"qemu-lang": "10.0.7-160000.1.1",
"qemu-block-ssh": "10.0.7-160000.1.1",
"qemu-audio-dbus": "10.0.7-160000.1.1",
"qemu-hw-display-virtio-gpu-pci": "10.0.7-160000.1.1",
"qemu-seabios": "10.0.71.16.3_3_g3d33c746-160000.1.1",
"qemu-block-iscsi": "10.0.7-160000.1.1",
"qemu-arm": "10.0.7-160000.1.1",
"qemu-block-dmg": "10.0.7-160000.1.1",
"qemu-hw-display-virtio-gpu": "10.0.7-160000.1.1",
"qemu-tools": "10.0.7-160000.1.1",
"qemu-hw-usb-redirect": "10.0.7-160000.1.1",
"qemu-audio-oss": "10.0.7-160000.1.1",
"qemu-microvm": "10.0.7-160000.1.1",
"qemu-audio-alsa": "10.0.7-160000.1.1",
"qemu-pr-helper": "10.0.7-160000.1.1",
"qemu-hw-usb-smartcard": "10.0.7-160000.1.1",
"qemu-headless": "10.0.7-160000.1.1",
"qemu-ipxe": "10.0.7-160000.1.1",
"qemu-vgabios": "10.0.71.16.3_3_g3d33c746-160000.1.1",
"qemu-hw-s390x-virtio-gpu-ccw": "10.0.7-160000.1.1",
"qemu-block-curl": "10.0.7-160000.1.1",
"qemu-vmsr-helper": "10.0.7-160000.1.1"
}
]
}qemu-linux-user
Package
- Name
- qemu-linux-user
- Purl
- pkg:rpm/suse/qemu-linux-user&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.0.7-160000.1.1
Ecosystem specific
{
"binaries": [
{
"qemu-doc": "10.0.7-160000.1.1",
"qemu-block-nfs": "10.0.7-160000.1.1",
"qemu-skiboot": "10.0.7-160000.1.1",
"qemu-img": "10.0.7-160000.1.1",
"qemu-ksm": "10.0.7-160000.1.1",
"qemu-x86": "10.0.7-160000.1.1",
"qemu-linux-user": "10.0.7-160000.1.1",
"qemu-vhost-user-gpu": "10.0.7-160000.1.1",
"qemu-ppc": "10.0.7-160000.1.1",
"qemu-SLOF": "10.0.7-160000.1.1",
"qemu-hw-usb-host": "10.0.7-160000.1.1",
"qemu-ivshmem-tools": "10.0.7-160000.1.1",
"qemu": "10.0.7-160000.1.1",
"qemu-audio-jack": "10.0.7-160000.1.1",
"qemu-extra": "10.0.7-160000.1.1",
"qemu-hw-display-virtio-vga": "10.0.7-160000.1.1",
"qemu-s390x": "10.0.7-160000.1.1",
"qemu-guest-agent": "10.0.7-160000.1.1",
"qemu-lang": "10.0.7-160000.1.1",
"qemu-block-ssh": "10.0.7-160000.1.1",
"qemu-audio-dbus": "10.0.7-160000.1.1",
"qemu-hw-display-virtio-gpu-pci": "10.0.7-160000.1.1",
"qemu-seabios": "10.0.71.16.3_3_g3d33c746-160000.1.1",
"qemu-block-iscsi": "10.0.7-160000.1.1",
"qemu-arm": "10.0.7-160000.1.1",
"qemu-block-dmg": "10.0.7-160000.1.1",
"qemu-hw-display-virtio-gpu": "10.0.7-160000.1.1",
"qemu-tools": "10.0.7-160000.1.1",
"qemu-hw-usb-redirect": "10.0.7-160000.1.1",
"qemu-audio-oss": "10.0.7-160000.1.1",
"qemu-microvm": "10.0.7-160000.1.1",
"qemu-audio-alsa": "10.0.7-160000.1.1",
"qemu-pr-helper": "10.0.7-160000.1.1",
"qemu-hw-usb-smartcard": "10.0.7-160000.1.1",
"qemu-headless": "10.0.7-160000.1.1",
"qemu-ipxe": "10.0.7-160000.1.1",
"qemu-vgabios": "10.0.71.16.3_3_g3d33c746-160000.1.1",
"qemu-hw-s390x-virtio-gpu-ccw": "10.0.7-160000.1.1",
"qemu-block-curl": "10.0.7-160000.1.1",
"qemu-vmsr-helper": "10.0.7-160000.1.1"
}
]
}