SUSE SLES16 Security Update : qemu (SUSE-SU-2025:21233-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:21233-1 advisory. Update to version 10.0.7. Security issues fixed: - CVE-2025-12464: stack-based buffer overflow in the e1000 network device...

EUVD-2020-6007

Malware in sbrugna...

EUVD-2019-3804

Malware in sbrugna...

EUVD-2020-17776

Malware in sbrugna...

Fixing Restore Failures Due to QEMU Machine Version

Challenge When attempting to restore a VM with a QEMU version lower than 10 and disks in QCOW2 format to a Proxmox VE v9 node, the following error occurs: 16.09.2025 10:25:28 Error Linux-8.0 : Failed to reach the hypervisor. Error output: storage for 'local-LVM:vm-42-disk-1.qcow2' is configured...

qemu-10.0.3-1.1 on GA media (moderate)

qemu-10.0.3-1.1 on GA media Announcement ID: openSUSE-SU-2025:15437-1 Rating: moderate Cross-References: CVE-2025-54566 CVSS scores: CVE-2025-54566 SUSE : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2025-54566 SUSE : 2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N...

Linux Distros Unpatched Vulnerability : CVE-2025-54567

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hw/pci/pciesriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327. CVE-2025-54567 Note that Nessus relies on...

Linux Distros Unpatched Vulnerability : CVE-2021-3544

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Several memory leaks were found in the virtio vhost-user GPU device vhost-user-gpu of QEMU in versions up to and including 6.0. They exist in...

Linux Distros Unpatched Vulnerability : CVE-2020-10717

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potential DoS flaw was found in the virtio-fs shared file system daemon virtiofsd implementation of the QEMU version = v5.0. Virtio-fs is meant to share a hos...

CBL Mariner 2.0 Security Update: qemu (CVE-2022-26353)

The version of qemu installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-26353 advisory. - A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for...

SUSE-SU-2023:1812-1 Security update for podman

This update for podman fixes the following issues: Update to version 4.4.4: libpod: always use direct mapping macos pkginstaller: do not fail when podman-mac-helper fails podman-mac-helper: install: do not error if already installed - podman.spec: Bump required version for libcontainers-common...

SUSE CVE-2007-5729

The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used...

SUSE CVE-2008-0928

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine...

SUSE CVE-2013-2016

A flaw was found in the way qemu v1.3.0 and later virtio-rng validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu...

SUSE CVE-2017-7980

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator Qemu 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service crash via vectors related to a VNC client updating its display after a VGA operation...

SUSE CVE-2020-10717

A potential DoS flaw was found in the virtio-fs shared file system daemon virtiofsd implementation of the QEMU version = v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared...

SUSE CVE-2020-11947

iscsiaioioctlcb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker...

SUSE CVE-2020-28916

hw/net/e1000ecore.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address...

CVE-2022-26353

A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0...

QEMU Monitor HMP 'migrate' Command Execution

This module uses QEMU's Monitor Human Monitor Interface HMP TCP server to execute system commands using the migrate command. This module has been tested successfully on QEMU version 6.2.0 on Ubuntu 20.04. Module Options msf use exploit/multi/misc/qemumonitorhmpmigratecmdexec msf...