Security update for qemu SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:21233-1 Final 1 1 2025-12-18T12:38:54Z current 2025-12-18T12:38:54Z 2025-12-18T12:38:54Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qemu This update for qemu fixes the following issues: Update to version 10.0.7. Security issues fixed: - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host (bsc#1253002). - CVE-2025-11234: use-after-free in WebSocket handshake operations can be exploited by a malicious client with network access to the VNC WebSocket port to cause a denial-of-service (bsc#1250984). Other updates and bugfixes: - Version 10.0.7: * kvm: Fix kvm_vm_ioctl() and kvm_device_ioctl() return value * docs/devel: Update URL for make-pullreq script * target/arm: Fix assert on BRA. * hw/aspeed/{xdma, rtc, sdhci}: Fix endianness to DEVICE_LITTLE_ENDIAN * hw/core/machine: Provide a description for aux-ram-share property * hw/pci: Make msix_init take a uint32_t for nentries * block/io_uring: avoid potentially getting stuck after resubmit at the end of ioq_submit() * block-backend: Fix race when resuming queued requests * ui/vnc: Fix qemu abort when query vnc info * chardev/char-pty: Do not ignore chr_write() failures * hw/display/exynos4210_fimd: Account for zero length in fimd_update_memory_section() * hw/arm/armv7m: Disable reentrancy guard for v7m_sysreg_ns_ops MRs * hw/arm/aspeed: Fix missing SPI IRQ connection causing DMA interrupt failure * migration: Fix transition to COLO state from precopy * Full backport list: https://lore.kernel.org/qemu-devel/1765037524.347582.2700543.nullmailer@tls.msk.ru/ - Version 10.0.6: * linux-user/microblaze: Fix little-endianness binary * target/hppa: correct size bit parity for fmpyadd * target/i386: user: do not set up a valid LDT on reset * async: access bottom half flags with qatomic_read * target/i386: fix x86_64 pushw op * i386/tcg/smm_helper: Properly apply DR values on SMM entry / exit * i386/cpu: Prevent delivering SIPI during SMM in TCG mode * i386/kvm: Expose ARCH_CAP_FB_CLEAR when invulnerable to MDS * target/i386: Fix CR2 handling for non-canonical addresses * block/curl.c: Use explicit long constants in curl_easy_setopt calls * pcie_sriov: Fix broken MMIO accesses from SR-IOV VFs * target/riscv: rvv: Fix vslide1[up|down].vx unexpected result when XLEN2 and SEWd * target/riscv: Fix ssamoswap error handling * Full backport list: https://lore.kernel.org/qemu-devel/1761022287.744330.6357.nullmailer@tls.msk.ru/ - Version 10.0.5: * tests/functional/test_aarch64_sbsaref_freebsd: Fix the URL of the ISO image * tests/functional/test_ppc_bamboo: Replace broken link with working assets * physmem: Destroy all CPU AddressSpaces on unrealize * memory: New AS helper to serialize destroy+free * include/system/memory.h: Clarify address_space_destroy() behaviour * migration: Fix state transition in postcopy_start() error handling * target/riscv: rvv: Modify minimum VLEN according to enabled vector extensions * target/riscv: rvv: Replace checking V by checking Zve32x * target/riscv: Fix endianness swap on compressed instructions * hw/riscv/riscv-iommu: Fixup PDT Nested Walk * Full backport list: https://lore.kernel.org/qemu-devel/1759986125.676506.643525.nullmailer@tls.msk.ru/ - [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286). - [openSUSE][RPM] spec: make glusterfs support conditional (bsc#1254494). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLES-16.0-112 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202521233-1/ Link for SUSE-SU-2025:21233-1 https://lists.suse.com/pipermail/sle-security-updates/2025-December/023642.html E-Mail link for SUSE-SU-2025:21233-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1230042 SUSE Bug 1230042 https://bugzilla.suse.com/1250984 SUSE Bug 1250984 https://bugzilla.suse.com/1253002 SUSE Bug 1253002 https://bugzilla.suse.com/1254286 SUSE Bug 1254286 https://bugzilla.suse.com/1254494 SUSE Bug 1254494 https://www.suse.com/security/cve/CVE-2025-11234/ SUSE CVE CVE-2025-11234 page https://www.suse.com/security/cve/CVE-2025-12464/ SUSE CVE CVE-2025-12464 page SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP applications 16.0 qemu-10.0.7-160000.1.1 qemu-SLOF-10.0.7-160000.1.1 qemu-arm-10.0.7-160000.1.1 qemu-audio-alsa-10.0.7-160000.1.1 qemu-audio-dbus-10.0.7-160000.1.1 qemu-audio-jack-10.0.7-160000.1.1 qemu-audio-oss-10.0.7-160000.1.1 qemu-block-curl-10.0.7-160000.1.1 qemu-block-dmg-10.0.7-160000.1.1 qemu-block-iscsi-10.0.7-160000.1.1 qemu-block-nfs-10.0.7-160000.1.1 qemu-block-ssh-10.0.7-160000.1.1 qemu-doc-10.0.7-160000.1.1 qemu-extra-10.0.7-160000.1.1 qemu-guest-agent-10.0.7-160000.1.1 qemu-headless-10.0.7-160000.1.1 qemu-hw-display-virtio-gpu-10.0.7-160000.1.1 qemu-hw-display-virtio-gpu-pci-10.0.7-160000.1.1 qemu-hw-display-virtio-vga-10.0.7-160000.1.1 qemu-hw-s390x-virtio-gpu-ccw-10.0.7-160000.1.1 qemu-hw-usb-host-10.0.7-160000.1.1 qemu-hw-usb-redirect-10.0.7-160000.1.1 qemu-hw-usb-smartcard-10.0.7-160000.1.1 qemu-img-10.0.7-160000.1.1 qemu-ipxe-10.0.7-160000.1.1 qemu-ivshmem-tools-10.0.7-160000.1.1 qemu-ksm-10.0.7-160000.1.1 qemu-lang-10.0.7-160000.1.1 qemu-linux-user-10.0.7-160000.1.1 qemu-microvm-10.0.7-160000.1.1 qemu-ppc-10.0.7-160000.1.1 qemu-pr-helper-10.0.7-160000.1.1 qemu-s390x-10.0.7-160000.1.1 qemu-seabios-10.0.71.16.3_3_g3d33c746-160000.1.1 qemu-skiboot-10.0.7-160000.1.1 qemu-tools-10.0.7-160000.1.1 qemu-vgabios-10.0.71.16.3_3_g3d33c746-160000.1.1 qemu-vhost-user-gpu-10.0.7-160000.1.1 qemu-vmsr-helper-10.0.7-160000.1.1 qemu-x86-10.0.7-160000.1.1 qemu-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-SLOF-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-arm-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-audio-alsa-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-audio-dbus-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-audio-jack-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-audio-oss-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-block-curl-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-block-dmg-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-block-iscsi-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-block-nfs-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-block-ssh-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-doc-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-extra-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-guest-agent-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-headless-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-hw-display-virtio-gpu-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-hw-display-virtio-gpu-pci-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-hw-display-virtio-vga-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-hw-s390x-virtio-gpu-ccw-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-hw-usb-host-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-hw-usb-redirect-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-hw-usb-smartcard-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-img-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-ipxe-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-ivshmem-tools-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-ksm-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-lang-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-linux-user-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-microvm-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-ppc-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-pr-helper-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-s390x-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-seabios-10.0.71.16.3_3_g3d33c746-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-skiboot-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-tools-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-vgabios-10.0.71.16.3_3_g3d33c746-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-vhost-user-gpu-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-vmsr-helper-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-x86-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 qemu-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-SLOF-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-arm-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-audio-alsa-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-audio-dbus-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-audio-jack-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-audio-oss-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-block-curl-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-block-dmg-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-block-iscsi-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-block-nfs-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-block-ssh-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-doc-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-extra-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-guest-agent-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-headless-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-hw-display-virtio-gpu-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-hw-display-virtio-gpu-pci-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-hw-display-virtio-vga-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-hw-s390x-virtio-gpu-ccw-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-hw-usb-host-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-hw-usb-redirect-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-hw-usb-smartcard-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-img-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-ipxe-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-ivshmem-tools-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-ksm-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-lang-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-linux-user-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-microvm-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-ppc-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-pr-helper-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-s390x-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-seabios-10.0.71.16.3_3_g3d33c746-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-skiboot-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-tools-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-vgabios-10.0.71.16.3_3_g3d33c746-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-vhost-user-gpu-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-vmsr-helper-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 qemu-x86-10.0.7-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication. CVE-2025-11234 SUSE Linux Enterprise Server 16.0:qemu-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-SLOF-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-arm-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-audio-alsa-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-audio-dbus-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-audio-jack-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-audio-oss-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-block-curl-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-block-dmg-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-block-iscsi-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-block-nfs-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-block-ssh-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-doc-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-extra-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-guest-agent-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-headless-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-hw-display-virtio-gpu-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-hw-display-virtio-gpu-pci-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-hw-display-virtio-vga-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-hw-s390x-virtio-gpu-ccw-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-hw-usb-host-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-hw-usb-redirect-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-hw-usb-smartcard-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-img-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-ipxe-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-ivshmem-tools-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-ksm-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-lang-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-linux-user-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-microvm-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-ppc-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-pr-helper-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-s390x-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-seabios-10.0.71.16.3_3_g3d33c746-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-skiboot-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-tools-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-vgabios-10.0.71.16.3_3_g3d33c746-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-vhost-user-gpu-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-vmsr-helper-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-x86-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-SLOF-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-arm-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-audio-alsa-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-audio-dbus-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-audio-jack-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-audio-oss-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-block-curl-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-block-dmg-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-block-iscsi-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-block-nfs-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-block-ssh-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-doc-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-extra-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-guest-agent-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-headless-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-hw-display-virtio-gpu-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-hw-display-virtio-gpu-pci-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-hw-display-virtio-vga-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-hw-s390x-virtio-gpu-ccw-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-hw-usb-host-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-hw-usb-redirect-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-hw-usb-smartcard-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-img-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-ipxe-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-ivshmem-tools-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-ksm-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-lang-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-linux-user-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-microvm-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-ppc-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-pr-helper-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-s390x-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-seabios-10.0.71.16.3_3_g3d33c746-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-skiboot-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-tools-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-vgabios-10.0.71.16.3_3_g3d33c746-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-vhost-user-gpu-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-vmsr-helper-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-x86-10.0.7-160000.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202521233-1/ https://www.suse.com/security/cve/CVE-2025-11234.html CVE-2025-11234 https://bugzilla.suse.com/1250984 SUSE Bug 1250984 A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This could lead to a buffer overrun in the e1000_receive_iov() function via the loopback code path. A malicious guest user could use this vulnerability to crash the QEMU process on the host, resulting in a denial of service. CVE-2025-12464 SUSE Linux Enterprise Server 16.0:qemu-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-SLOF-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-arm-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-audio-alsa-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-audio-dbus-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-audio-jack-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-audio-oss-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-block-curl-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-block-dmg-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-block-iscsi-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-block-nfs-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-block-ssh-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-doc-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-extra-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-guest-agent-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-headless-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-hw-display-virtio-gpu-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-hw-display-virtio-gpu-pci-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-hw-display-virtio-vga-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-hw-s390x-virtio-gpu-ccw-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-hw-usb-host-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-hw-usb-redirect-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-hw-usb-smartcard-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-img-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-ipxe-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-ivshmem-tools-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-ksm-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-lang-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-linux-user-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-microvm-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-ppc-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-pr-helper-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-s390x-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-seabios-10.0.71.16.3_3_g3d33c746-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-skiboot-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-tools-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-vgabios-10.0.71.16.3_3_g3d33c746-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-vhost-user-gpu-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-vmsr-helper-10.0.7-160000.1.1 SUSE Linux Enterprise Server 16.0:qemu-x86-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-SLOF-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-arm-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-audio-alsa-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-audio-dbus-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-audio-jack-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-audio-oss-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-block-curl-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-block-dmg-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-block-iscsi-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-block-nfs-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-block-ssh-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-doc-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-extra-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-guest-agent-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-headless-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-hw-display-virtio-gpu-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-hw-display-virtio-gpu-pci-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-hw-display-virtio-vga-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-hw-s390x-virtio-gpu-ccw-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-hw-usb-host-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-hw-usb-redirect-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-hw-usb-smartcard-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-img-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-ipxe-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-ivshmem-tools-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-ksm-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-lang-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-linux-user-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-microvm-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-ppc-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-pr-helper-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-s390x-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-seabios-10.0.71.16.3_3_g3d33c746-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-skiboot-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-tools-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-vgabios-10.0.71.16.3_3_g3d33c746-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-vhost-user-gpu-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-vmsr-helper-10.0.7-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:qemu-x86-10.0.7-160000.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202521233-1/ https://www.suse.com/security/cve/CVE-2025-12464.html CVE-2025-12464 https://bugzilla.suse.com/1253002 SUSE Bug 1253002