SUSE-SU-2026:21912-1 Security update for qemu

This update for qemu fixes the following issues - CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto bsc1255400. - CVE-2026-0665: out-of-bounds heap access can lead to a denial of service or potential memory corruption bsc1256484. - CVE-2026-2243: incorrect bounds check leads to heap...

Amazon Linux 2 : qemu, --advisory ALAS2-2026-3293 (ALAS-2026-3293)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3293 advisory. hcd-ohci: infinite loop NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/129922c2bc398b656a9180150e667f98fdf0d40...

GHSA-PCR3-GRPM-HH36 vulnerabilities

Vulnerabilities for packages: linux-aws, linux-qemu, linux-vmware, linux-gcp, linux-azure...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : QEMU vulnerabilities (USN-8161-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8161-1 advisory. It was discovered that the LSI53C895A SCSI Host Bus Adapter implementation of QEMU incorrectly handled memory. An attacker inside the...

RockyLinux 8 : virt:rhel and virt-devel:rhel (RLSA-2023:6980)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:6980 advisory. QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free CVE-2021-3750 QEMU: net: triggerable assertion due to race condition in hot-unplug...

RockyLinux 8 : virt:rhel and virt-devel:rhel (RLSA-2023:5264)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5264 advisory. QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service CVE-2023-3354 NTFS-3G: buffer overflow issue ...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : QEMU vulnerabilities (USN-8073-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8073-1 advisory. It was discovered that the UHCI controller implementation of QEMU could be brought into an invalid state. An attacker inside the gues...

USN-8073-1: QEMU vulnerabilities

It was discovered that the UHCI controller implementation of QEMU could be brought into an invalid state. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2024-8354 It was discovered that QEMU incorrectly handled memory durin...

GHSA-5XMF-424G-JJHG vulnerabilities

Vulnerabilities for packages: linux-aws, linux-qemu, linux-vmware, linux-gcp, linux-azure...

EulerOS Virtualization 2.10.1 : qemu (EulerOS-SA-2026-1144)

According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueuepush as set in...

MiracleLinux 8 : virt:rhel (AXSA:2021-2404:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2404:01 advisory. QEMU: msix: OOB access during mmio operations may lead to DoS CVE-2020-13754 hivex: Buffer overflow when provided invalid node key length...

MiracleLinux 9 : qemu-kvm-7.0.0-13.el9 (AXSA:2023-4972:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4972:01 advisory. QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free CVE-2021-3750 QEMU: fdc: heap buffer overflow in DMA read data transfers CVE-2021-3507...

MiracleLinux 9 : qemu-kvm-8.2.0-11.el9 (AXSA:2024-7897:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7897:02 advisory. QEMU: e1000e: heap use-after-free in e1000ewritepackettoguest CVE-2023-3019 QEMU: VNC: infinite loop in inflatebuffer leads to denial of service...

MiracleLinux 9 : qemu-kvm-9.0.0-10.el9 (AXSA:2024-9100:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9100:07 advisory. QEMU: SR-IOV: improper validation of NumVFs leads to buffer overflow CVE-2024-26327 QEMU: virtio: DMA reentrancy issue leads to double free...

SUSE SLES15 Security Update : qemu (SUSE-SU-2026:0043-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0043-1 advisory. Security issues fixed: - CVE-2023-1544: out-of-bounds read in VMWare's paravirtual RDMA device operations can be exploited through ...

EUVD-2007-1318

Malware in sbrugna...

EUVD-2020-17777

Malware in sbrugna...

EUVD-2018-11349

Malware in sbrugna...

EUVD-2014-0204

Malware in sbrugna...

USN-7744-1 qemu vulnerabilities

It was discovered that QEMU incorrectly handled certain virtio devices. A privileged guest attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-3446 It was...