Security update for qemu SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0070-1 Final 1 1 2026-01-08T13:21:59Z current 2026-01-08T13:21:59Z 2026-01-08T13:21:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qemu This update for qemu fixes the following issues: - CVE-2024-6505: Fixed queue index out-of-bounds access in software RSS (bsc#1227397) - CVE-2023-1544: Fixed out-of-bounds read in pvrdma_ring_next_elem_read() (bsc#1209554) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/sle-micro-rancher/5.2:latest-2026-70,SUSE-2026-70,SUSE-SUSE-MicroOS-5.2-2026-70 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260070-1/ Link for SUSE-SU-2026:0070-1 https://lists.suse.com/pipermail/sle-security-updates/2026-January/023707.html E-Mail link for SUSE-SU-2026:0070-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1209554 SUSE Bug 1209554 https://bugzilla.suse.com/1227397 SUSE Bug 1227397 https://www.suse.com/security/cve/CVE-2023-1544/ SUSE CVE CVE-2023-1544 page https://www.suse.com/security/cve/CVE-2024-6505/ SUSE CVE CVE-2024-6505 page Container suse/sle-micro-rancher/5.2:latest SUSE Linux Enterprise Micro 5.2 qemu-guest-agent-5.2.0-150300.138.1 qemu-5.2.0-150300.138.1 qemu-SLOF-5.2.0-150300.138.1 qemu-arm-5.2.0-150300.138.1 qemu-audio-alsa-5.2.0-150300.138.1 qemu-audio-pa-5.2.0-150300.138.1 qemu-audio-spice-5.2.0-150300.138.1 qemu-block-curl-5.2.0-150300.138.1 qemu-block-dmg-5.2.0-150300.138.1 qemu-block-gluster-5.2.0-150300.138.1 qemu-block-iscsi-5.2.0-150300.138.1 qemu-block-nfs-5.2.0-150300.138.1 qemu-block-rbd-5.2.0-150300.138.1 qemu-block-ssh-5.2.0-150300.138.1 qemu-chardev-baum-5.2.0-150300.138.1 qemu-chardev-spice-5.2.0-150300.138.1 qemu-extra-5.2.0-150300.138.1 qemu-hw-display-qxl-5.2.0-150300.138.1 qemu-hw-display-virtio-gpu-5.2.0-150300.138.1 qemu-hw-display-virtio-gpu-pci-5.2.0-150300.138.1 qemu-hw-display-virtio-vga-5.2.0-150300.138.1 qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.138.1 qemu-hw-usb-redirect-5.2.0-150300.138.1 qemu-hw-usb-smartcard-5.2.0-150300.138.1 qemu-ipxe-1.0.0+-150300.138.1 qemu-ivshmem-tools-5.2.0-150300.138.1 qemu-ksm-5.2.0-150300.138.1 qemu-kvm-5.2.0-150300.138.1 qemu-lang-5.2.0-150300.138.1 qemu-linux-user-5.2.0-150300.138.1 qemu-microvm-5.2.0-150300.138.1 qemu-ppc-5.2.0-150300.138.1 qemu-s390x-5.2.0-150300.138.1 qemu-seabios-1.14.0_0_g155821a-150300.138.1 qemu-sgabios-8-150300.138.1 qemu-skiboot-5.2.0-150300.138.1 qemu-testsuite-5.2.0-150300.138.2 qemu-tools-5.2.0-150300.138.1 qemu-ui-curses-5.2.0-150300.138.1 qemu-ui-gtk-5.2.0-150300.138.1 qemu-ui-opengl-5.2.0-150300.138.1 qemu-ui-spice-app-5.2.0-150300.138.1 qemu-ui-spice-core-5.2.0-150300.138.1 qemu-vgabios-1.14.0_0_g155821a-150300.138.1 qemu-vhost-user-gpu-5.2.0-150300.138.1 qemu-x86-5.2.0-150300.138.1 qemu-guest-agent-5.2.0-150300.138.1 as a component of Container suse/sle-micro-rancher/5.2:latest qemu-5.2.0-150300.138.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-arm-5.2.0-150300.138.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-audio-spice-5.2.0-150300.138.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-chardev-spice-5.2.0-150300.138.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-guest-agent-5.2.0-150300.138.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-hw-display-qxl-5.2.0-150300.138.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-hw-display-virtio-gpu-5.2.0-150300.138.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-hw-display-virtio-vga-5.2.0-150300.138.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-hw-usb-redirect-5.2.0-150300.138.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-ipxe-1.0.0+-150300.138.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-s390x-5.2.0-150300.138.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-seabios-1.14.0_0_g155821a-150300.138.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-sgabios-8-150300.138.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-tools-5.2.0-150300.138.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-ui-opengl-5.2.0-150300.138.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-ui-spice-core-5.2.0-150300.138.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-vgabios-1.14.0_0_g155821a-150300.138.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-x86-5.2.0-150300.138.1 as a component of SUSE Linux Enterprise Micro 5.2 A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU. CVE-2023-1544 Container suse/sle-micro-rancher/5.2:latest:qemu-guest-agent-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-arm-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-audio-spice-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-chardev-spice-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-guest-agent-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-hw-display-qxl-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-hw-display-virtio-gpu-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-hw-display-virtio-vga-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-hw-usb-redirect-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-ipxe-1.0.0+-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-s390x-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-seabios-1.14.0_0_g155821a-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-sgabios-8-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-tools-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-ui-opengl-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-ui-spice-core-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-vgabios-1.14.0_0_g155821a-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-x86-5.2.0-150300.138.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260070-1/ https://www.suse.com/security/cve/CVE-2023-1544.html CVE-2023-1544 https://bugzilla.suse.com/1209554 SUSE Bug 1209554 A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host. CVE-2024-6505 Container suse/sle-micro-rancher/5.2:latest:qemu-guest-agent-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-arm-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-audio-spice-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-chardev-spice-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-guest-agent-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-hw-display-qxl-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-hw-display-virtio-gpu-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-hw-display-virtio-vga-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-hw-usb-redirect-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-ipxe-1.0.0+-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-s390x-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-seabios-1.14.0_0_g155821a-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-sgabios-8-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-tools-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-ui-opengl-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-ui-spice-core-5.2.0-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-vgabios-1.14.0_0_g155821a-150300.138.1 SUSE Linux Enterprise Micro 5.2:qemu-x86-5.2.0-150300.138.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260070-1/ https://www.suse.com/security/cve/CVE-2024-6505.html CVE-2024-6505 https://bugzilla.suse.com/1227397 SUSE Bug 1227397