Security update for qemu SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20011-1 Final 1 1 2025-02-03T08:47:27Z current 2025-02-03T08:47:27Z 2025-02-03T08:47:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qemu This update for qemu fixes the following issues: - Update to version 8.2.5: * target/loongarch: fix a wrong print in cpu dump * ui/sdl2: Allow host to power down screen * target/i386: fix SSE and SSE2 feature check * target/i386: fix xsave.flat from kvm-unit-tests * disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs * target/riscv/kvm.c: Fix the hart bit setting of AIA * target/riscv: rvzicbo: Fixup CBO extension register calculation * target/riscv: do not set mtval2 for non guest-page faults * target/riscv: prioritize pmp errors in raise_mmu_exception() * target/riscv: rvv: Remove redudant SEW checking for vector fp narrow/widen instructions * target/riscv: rvv: Check single width operator for vfncvt.rod.f.f.w * target/riscv: rvv: Check single width operator for vector fp widen instructions * target/riscv: rvv: Fix Zvfhmin checking for vfwcvt.f.f.v and vfncvt.f.f.w instructions * target/riscv/cpu.c: fix Zvkb extension config * target/riscv: Fix the element agnostic function problem * target/riscv/kvm: tolerate KVM disable ext errors * hw/intc/riscv_aplic: APLICs should add child earlier than realize * iotests: test NBD+TLS+iothread * qio: Inherit follow_coroutine_ctx across TLS * target/arm: Disable SVE extensions when SVE is disabled * hw/intc/arm_gic: Fix handling of NS view of GICC_APR<n> * hvf: arm: Fix encodings for ID_AA64PFR1_EL1 and debug System registers * gitlab: use 'setarch -R' to workaround tsan bug * gitlab: use $MAKE instead of 'make' * dockerfiles: add 'MAKE' env variable to remaining containers * gitlab: Update msys2-64bit runner tags * target/i386: no single-step exception after MOV or POP SS - Update to version 8.2.4. * target/sh4: Fix SUBV opcode * target/sh4: Fix ADDV opcode * hw/arm/npcm7xx: Store derivative OTP fuse key in little endian * hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields * hw/ufs: Fix buffer overflow bug * tests/avocado: update sunxi kernel from armbian to 6.6.16 * target/loongarch/cpu.c: typo fix: expection * backends/cryptodev-builtin: Fix local_error leaks * nbd/server: Mark negotiation functions as coroutine_fn * nbd/server: do not poll within a coroutine context * linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY * target/riscv/kvm: change timer regs size to u64 * target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64 * target/riscv/kvm: change KVM_REG_RISCV_FP_F to u32 - Update to version 8.2.3. * Update version for 8.2.3 release * ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS. * ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs. * hw/pci-host/ppc440_pcix: Do not expose a bridge device on PCI bus * hw/isa/vt82c686: Keep track of PIRQ/PINT pins separately * virtio-pci: fix use of a released vector * linux-user/x86_64: Handle the vsyscall page in open_self_maps_{2,4} * hw/audio/virtio-snd: Remove unused assignment * hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum() * hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set * hw/net/lan9118: Fix overflow in MIL TX FIFO * hw/net/lan9118: Replace magic '2048' value by MIL_TXFIFO_SIZE definition * backends/cryptodev: Do not abort for invalid session ID * hw/misc/applesmc: Fix memory leak in reset() handler * hw/block/nand: Fix out-of-bound access in NAND block buffer * hw/block/nand: Have blk_load() take unsigned offset and return boolean * hw/block/nand: Factor nand_load_iolen() method out * qemu-options: Fix CXL Fixed Memory Window interleave-granularity typo * hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs * hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs * hw/display/virtio-gpu: Protect from DMA re-entrancy bugs * mirror: Don't call job_pause_point() under graph lock (bsc#1224179) - Backports and bugfixes: * hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum() (bsc#1222841, CVE-2024-3567) * hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446) * hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446) * hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446) * hw/virtio: Introduce virtio_bh_new_guarded() helper (bsc#1222843, CVE-2024-3446) * hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (bsc#1222845, CVE-2024-3447) * hw/nvme: Use pcie_sriov_num_vfs() (bsc#1220065, CVE-2024-26328) - Update to version 8.2.2 * chardev/char-socket: Fix TLS io channels sending too much data to the backend * tests/unit/test-util-sockets: Remove temporary file after test * hw/usb/bus.c: PCAP adding 0xA in Windows version * hw/intc/Kconfig: Fix GIC settings when using "--without-default-devices" * gitlab: force allow use of pip in Cirrus jobs * tests/vm: avoid re-building the VM images all the time * tests/vm: update openbsd image to 7.4 * target/i386: leave the A20 bit set in the final NPT walk * target/i386: remove unnecessary/wrong application of the A20 mask * target/i386: Fix physical address truncation * target/i386: check validity of VMCB addresses * target/i386: mask high bits of CR3 in 32-bit mode * pl031: Update last RTCLR value on write in case it's read back * hw/nvme: fix invalid endian conversion * update edk2 binaries to edk2-stable202402 * update edk2 submodule to edk2-stable202402 * target/ppc: Fix crash on machine check caused by ifetch * target/ppc: Fix lxv/stxv MSR facility check * .gitlab-ci.d/windows.yml: Drop msys2-32bit job * system/vl: Update description for input grab key * docs/system: Update description for input grab key * hw/hppa/Kconfig: Fix building with "configure --without-default-devices" * tests/qtest: Depend on dbus_display1_dep * meson: Explicitly specify dbus-display1.h dependency * audio: Depend on dbus_display1_dep * ui/console: Fix console resize with placeholder surface * ui/clipboard: add asserts for update and request * ui/clipboard: mark type as not available when there is no data * ui: reject extended clipboard message if not activated * target/i386: Generate an illegal opcode exception on cmp instructions with lock prefix * i386/cpuid: Move leaf 7 to correct group * i386/cpuid: Decrease cpuid_i when skipping CPUID leaf 1F * i386/cpu: Mask with XCR0/XSS mask for FEAT_XSAVE_XCR0_HI and FEAT_XSAVE_XSS_HI leafs * i386/cpu: Clear FEAT_XSAVE_XSS_LO/HI leafs when CPUID_EXT_XSAVE is not available * .gitlab-ci/windows.yml: Don't install libusb or spice packages on 32-bit * iotests: Make 144 deterministic again * target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU * target/arm: Fix SVE/SME gross MTE suppression checks * target/arm: Handle mte in do_ldrq, do_ldro - Address bsc#1220310. Backported upstream commits: * ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS * ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-10 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520011-1/ Link for SUSE-SU-2025:20011-1 https://lists.suse.com/pipermail/sle-security-updates/2025-June/021354.html E-Mail link for SUSE-SU-2025:20011-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1084909 SUSE Bug 1084909 https://bugzilla.suse.com/1220065 SUSE Bug 1220065 https://bugzilla.suse.com/1220310 SUSE Bug 1220310 https://bugzilla.suse.com/1222218 SUSE Bug 1222218 https://bugzilla.suse.com/1222841 SUSE Bug 1222841 https://bugzilla.suse.com/1222843 SUSE Bug 1222843 https://bugzilla.suse.com/1222845 SUSE Bug 1222845 https://bugzilla.suse.com/1224179 SUSE Bug 1224179 https://www.suse.com/security/cve/CVE-2024-26328/ SUSE CVE CVE-2024-26328 page https://www.suse.com/security/cve/CVE-2024-3446/ SUSE CVE CVE-2024-3446 page https://www.suse.com/security/cve/CVE-2024-3447/ SUSE CVE CVE-2024-3447 page https://www.suse.com/security/cve/CVE-2024-3567/ SUSE CVE CVE-2024-3567 page SUSE Linux Micro 6.0 qemu-8.2.5-1.1 qemu-accel-tcg-x86-8.2.5-1.1 qemu-arm-8.2.5-1.1 qemu-audio-spice-8.2.5-1.1 qemu-block-curl-8.2.5-1.1 qemu-block-iscsi-8.2.5-1.1 qemu-block-rbd-8.2.5-1.1 qemu-block-ssh-8.2.5-1.1 qemu-chardev-spice-8.2.5-1.1 qemu-guest-agent-8.2.5-1.1 qemu-hw-display-qxl-8.2.5-1.1 qemu-hw-display-virtio-gpu-8.2.5-1.1 qemu-hw-display-virtio-gpu-pci-8.2.5-1.1 qemu-hw-display-virtio-vga-8.2.5-1.1 qemu-hw-usb-host-8.2.5-1.1 qemu-hw-usb-redirect-8.2.5-1.1 qemu-img-8.2.5-1.1 qemu-ipxe-8.2.5-1.1 qemu-ksm-8.2.5-1.1 qemu-lang-8.2.5-1.1 qemu-pr-helper-8.2.5-1.1 qemu-s390x-8.2.5-1.1 qemu-seabios-8.2.51.16.3_3_ga95067eb-1.1 qemu-tools-8.2.5-1.1 qemu-ui-opengl-8.2.5-1.1 qemu-ui-spice-core-8.2.5-1.1 qemu-vgabios-8.2.51.16.3_3_ga95067eb-1.1 qemu-x86-8.2.5-1.1 qemu-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-accel-tcg-x86-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-arm-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-audio-spice-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-block-curl-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-block-iscsi-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-block-rbd-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-block-ssh-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-chardev-spice-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-guest-agent-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-hw-display-qxl-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-hw-display-virtio-gpu-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-hw-display-virtio-gpu-pci-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-hw-display-virtio-vga-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-hw-usb-host-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-hw-usb-redirect-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-img-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-ipxe-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-ksm-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-lang-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-pr-helper-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-s390x-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-seabios-8.2.51.16.3_3_ga95067eb-1.1 as a component of SUSE Linux Micro 6.0 qemu-tools-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-ui-opengl-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-ui-spice-core-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 qemu-vgabios-8.2.51.16.3_3_ga95067eb-1.1 as a component of SUSE Linux Micro 6.0 qemu-x86-8.2.5-1.1 as a component of SUSE Linux Micro 6.0 An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled. CVE-2024-26328 SUSE Linux Micro 6.0:qemu-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-accel-tcg-x86-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-arm-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-audio-spice-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-block-curl-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-block-iscsi-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-block-rbd-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-block-ssh-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-chardev-spice-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-guest-agent-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-display-qxl-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-display-virtio-gpu-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-display-virtio-gpu-pci-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-display-virtio-vga-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-usb-host-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-usb-redirect-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-img-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-ipxe-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-ksm-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-lang-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-pr-helper-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-s390x-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-seabios-8.2.51.16.3_3_ga95067eb-1.1 SUSE Linux Micro 6.0:qemu-tools-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-ui-opengl-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-ui-spice-core-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-vgabios-8.2.51.16.3_3_ga95067eb-1.1 SUSE Linux Micro 6.0:qemu-x86-8.2.5-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520011-1/ https://www.suse.com/security/cve/CVE-2024-26328.html CVE-2024-26328 https://bugzilla.suse.com/1220065 SUSE Bug 1220065 A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host. CVE-2024-3446 SUSE Linux Micro 6.0:qemu-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-accel-tcg-x86-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-arm-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-audio-spice-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-block-curl-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-block-iscsi-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-block-rbd-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-block-ssh-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-chardev-spice-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-guest-agent-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-display-qxl-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-display-virtio-gpu-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-display-virtio-gpu-pci-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-display-virtio-vga-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-usb-host-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-usb-redirect-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-img-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-ipxe-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-ksm-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-lang-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-pr-helper-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-s390x-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-seabios-8.2.51.16.3_3_ga95067eb-1.1 SUSE Linux Micro 6.0:qemu-tools-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-ui-opengl-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-ui-spice-core-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-vgabios-8.2.51.16.3_3_ga95067eb-1.1 SUSE Linux Micro 6.0:qemu-x86-8.2.5-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520011-1/ https://www.suse.com/security/cve/CVE-2024-3446.html CVE-2024-3446 https://bugzilla.suse.com/1222843 SUSE Bug 1222843 A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. CVE-2024-3447 SUSE Linux Micro 6.0:qemu-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-accel-tcg-x86-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-arm-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-audio-spice-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-block-curl-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-block-iscsi-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-block-rbd-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-block-ssh-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-chardev-spice-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-guest-agent-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-display-qxl-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-display-virtio-gpu-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-display-virtio-gpu-pci-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-display-virtio-vga-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-usb-host-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-usb-redirect-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-img-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-ipxe-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-ksm-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-lang-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-pr-helper-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-s390x-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-seabios-8.2.51.16.3_3_ga95067eb-1.1 SUSE Linux Micro 6.0:qemu-tools-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-ui-opengl-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-ui-spice-core-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-vgabios-8.2.51.16.3_3_ga95067eb-1.1 SUSE Linux Micro 6.0:qemu-x86-8.2.5-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520011-1/ https://www.suse.com/security/cve/CVE-2024-3447.html CVE-2024-3447 https://bugzilla.suse.com/1222845 SUSE Bug 1222845 A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition. CVE-2024-3567 SUSE Linux Micro 6.0:qemu-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-accel-tcg-x86-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-arm-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-audio-spice-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-block-curl-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-block-iscsi-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-block-rbd-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-block-ssh-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-chardev-spice-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-guest-agent-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-display-qxl-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-display-virtio-gpu-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-display-virtio-gpu-pci-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-display-virtio-vga-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-usb-host-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-hw-usb-redirect-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-img-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-ipxe-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-ksm-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-lang-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-pr-helper-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-s390x-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-seabios-8.2.51.16.3_3_ga95067eb-1.1 SUSE Linux Micro 6.0:qemu-tools-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-ui-opengl-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-ui-spice-core-8.2.5-1.1 SUSE Linux Micro 6.0:qemu-vgabios-8.2.51.16.3_3_ga95067eb-1.1 SUSE Linux Micro 6.0:qemu-x86-8.2.5-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520011-1/ https://www.suse.com/security/cve/CVE-2024-3567.html CVE-2024-3567 https://bugzilla.suse.com/1222841 SUSE Bug 1222841