rpm package
suse/qemu&distro=SUSE Linux Enterprise Server 12 SP5-LTSS
pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-2243 | Med | 5.1 | < 3.1.1.1-84.1 | 3.1.1.1-84.1 | Feb 19, 2026 | A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition (DoS). | |
| CVE-2025-11234 | Hig | 7.5 | < 3.1.1.1-84.1 | 3.1.1.1-84.1 | Oct 3, 2025 | A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client w | |
| CVE-2024-7409 | Hig | 7.5 | < 3.1.1.1-78.1 | 3.1.1.1-78.1 | Aug 5, 2024 | A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline. | |
| CVE-2023-1544 | — | < 3.1.1.1-81.1 | 3.1.1.1-81.1 | Mar 23, 2023 | A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds re |
- affected < 3.1.1.1-84.1fixed 3.1.1.1-84.1
A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition (DoS).
- affected < 3.1.1.1-84.1fixed 3.1.1.1-84.1
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client w
- affected < 3.1.1.1-78.1fixed 3.1.1.1-78.1
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.
- CVE-2023-1544Mar 23, 2023affected < 3.1.1.1-81.1fixed 3.1.1.1-81.1
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds re