Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: qemu Important Denial of Service & Buffer Overflow 2025:21230-1

suse
Calendar Grey December 22, 2025
Dist Suse Esm H88
SUSE announces an important update for qemu addressing two vulnerabilities to enhance security. Immediate action is advised.
An update that solves two vulnerabilities and has three fixes can now be installed.

Summary

## This update for qemu fixes the following issues: Update to version 10.0.7. Security issues fixed: * CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host (bsc#1253002). * CVE-2025-11234: use-after-free in WebSocket handshake operations can be exploited by a malicious client with network access to the VNC WebSocket port to cause a denial-of-service (bsc#1250984). Other updates and bugfixes: * Version 10.0.7: * kvm: Fix kvm_vm_ioctl() and kvm_device_ioctl() return value * docs/devel: Update URL for make-pullreq script * target/arm: Fix assert on BRA. * hw/aspeed/{xdma, rtc, sdhci}: Fix endianness to DEVICE_LITTLE_ENDIAN * hw/core/machine: Provide a description for aux-ram-share property

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow SuSE important QEMU

References

* bsc#1230042

* bsc#1250984

* bsc#1253002

* bsc#1254286

* bsc#1254494

Cross-

* CVE-2025-11234

* CVE-2025-12464

CVSS scores:

* CVE-2025-11234 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-11234 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-11234 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-12464 ( SUSE ): 6.9

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-12464 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-12464 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* SUSE Linux Micro 6.2

An update that solves two vulnerabilities and has three fixes can now be

installed.

##

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:21230-1
Release Date: 2025-12-18T12:50:21Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow SuSE important QEMU

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here