openSUSE Leap 15.6 Qemu Critical Heap Overflow DoS Flaw 2026-2386-1
opensuse
June 12, 2026
An update that solves six vulnerabilities and has one security fix can now be installed.
Description
This update for qemu fixes the following issues:
* CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto
(bsc#1255400).
* CVE-2026-0665: out-of-bounds heap access can lead to a denial of service or
potential memory corruption (bsc#1256484).
* CVE-2026-2243: incorrect bounds check leads to heap out-of-bounds read and a
12-byte information leak when processing specially crafted VMDK files
(bsc#1258509).
* CVE-2026-3195: heap buffer overflow when reading input audio in the virtio-
snd device input callback due to insufficient checks in
`virtio_snd_pcm_in_cb` (bsc#1259080).
* CVE-2026-3196: integer overflow in the virtio-snd device via PCM_INFO
requests from the guest leads to unbounded memory allocation and host
denial-of-service (bsc#1259079).
* CVE-2026-3842: hyperv/syndbg: missing mapped-length guard after
cpu_physical_memory_map causes host OOB write (bsc#1262089).
Topics Covered
Patch
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2386=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2386=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2386=1
Package List
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* qemu-extra-debuginfo-8.2.10-150600.3.49.1
* qemu-hw-usb-redirect-8.2.10-150600.3.49.1
* qemu-ui-spice-app-debuginfo-8.2.10-150600.3.49.1
* qemu-audio-pa-debuginfo-8.2.10-150600.3.49.1
* qemu-vhost-user-gpu-debuginfo-8.2.10-150600.3.49.1
* qemu-tools-8.2.10-150600.3.49.1
* qemu-ui-curses-debuginfo-8.2.10-150600.3.49.1
* qemu-audio-dbus-8.2.10-150600.3.49.1
* qemu-chardev-spice-debuginfo-8.2.10-150600.3.49.1
* qemu-guest-agent-8.2.10-150600.3.49.1
* qemu-debugsource-8.2.10-150600.3.49.1
* qemu-ksm-8.2.10-150600.3.49.1
* qemu-accel-qtest-8.2.10-150600.3.49.1
* qemu-linux-user-debugsource-8.2.10-150600.3.49.1
* qemu-audio-pipewire-8.2.10-150600.3.49.1
* qemu-block-ssh-8.2.10-150600.3.49.1
* qemu-hw-display-virtio-gpu-pci-8.2.10-150600.3.49.1
* qemu-chardev-spice-8.2.10-150600.3.49.1
* qemu-arm-8.2.10-150600.3.49.1
* qemu-ivshmem-tools-8.2.10-150600.3.49.1
* qemu-block-gluster-debuginfo-8.2.10-150600.3.49.1
* qemu-s390x-8.2.10-150600.3.49.1
*...
Read the Full AdvisoryReferences
* bsc#1199023
* bsc#1255400
* bsc#1256484
* bsc#1258509
* bsc#1259079
* bsc#1259080
* bsc#1262089
## References:
* https://www.suse.com/security/cve/CVE-2025-14876.html
* https://www.suse.com/security/cve/CVE-2026-0665.html
* https://www.suse.com/security/cve/CVE-2026-2243.html
* https://www.suse.com/security/cve/CVE-2026-3195.html
* https://www.suse.com/security/cve/CVE-2026-3196.html
* https://www.suse.com/security/cve/CVE-2026-3842.html
* https://bugzilla.suse.com/show_bug.cgi?id=1199023
* https://bugzilla.suse.com/show_bug.cgi?id=1255400
* https://bugzilla.suse.com/show_bug.cgi?id=1256484
* https://bugzilla.suse.com/show_bug.cgi?id=1258509
* https://bugzilla.suse.com/show_bug.cgi?id=1259079
* https://bugzilla.suse.com/show_bug.cgi?id=1259080
* https://bugzilla.suse.com/show_bug.cgi?id=1262089
PREVIOUS 
NEXT 
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2026:2386-1
Release Date: 2026-06-12T13:54:10Z
Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!