Medium severity5.5NVD Advisory· Published Feb 18, 2026· Updated Apr 15, 2026
CVE-2025-14876
CVE-2025-14876
Description
A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service (DoS) on the host system by causing the QEMU process to terminate unexpectedly.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
16- osv-coords15 versionspkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/qemu-linux-user&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/qemu-linux-user&distro=openSUSE%20Leap%2016.0pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/qemu-linux-user&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7
< 8.2.10-150600.3.46.1+ 14 more
- (no CPE)range: < 8.2.10-150600.3.46.1
- (no CPE)range: < 10.0.8-160000.1.1
- (no CPE)range: < 10.2.1-1.1
- (no CPE)range: < 8.2.10-150600.3.46.1
- (no CPE)range: < 10.0.8-160000.1.1
- (no CPE)range: < 7.1.0-150500.49.39.2
- (no CPE)range: < 9.2.4-150700.3.17.1
- (no CPE)range: < 9.2.4-150700.3.17.1
- (no CPE)range: < 9.2.4-150700.3.17.1
- (no CPE)range: < 8.2.10-150600.3.49.1
- (no CPE)range: < 8.2.10-150600.3.49.1
- (no CPE)range: < 8.2.10-2.1
- (no CPE)range: < 8.2.10-slfo.1.1_4.1
- (no CPE)range: < 10.0.8-160000.1.1
- (no CPE)range: < 9.2.4-150700.3.17.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.