Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: QEMU Important Security Update Due to Buffer Overflows 2026:0043-1

suse
Calendar Grey January 7, 2026
Dist Suse Esm H88
Critical security update for SUSE addressing three issues in QEMU ensuring system stability and integrity.
An update that solves three vulnerabilities and has two security fixes can now be installed.

Summary

## This update for qemu fixes the following issues: Security issues fixed: * CVE-2023-1544: out-of-bounds read in VMWare's paravirtual RDMA device operations can be exploited through a malicious guest driver to crash the QEMU process on the host (bsc#1209554). * CVE-2024-6505: heap-based buffer overflow in the virtio-net device operations can be exploited by a malicious privileged user to crash the QEMU process on the host (bsc#1227397). * CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host (bsc#1253002). Other updates and bugfixes: * [openSUSE][RPM] spec: require qemu-hw-display-virtio-gpu-pci for x86 too. * [openSUSE][RPM} spec: delete old specfile constructs.

Topics%20covered

Topics Covered

security advisory buffer overflow SuSE important out-of-bounds QEMU

References

* bsc#1209554

* bsc#1227397

* bsc#1252768

* bsc#1253002

* bsc#1254286

Cross-

* CVE-2023-1544

* CVE-2024-6505

* CVE-2025-12464

CVSS scores:

* CVE-2023-1544 ( SUSE ): 7.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H

* CVE-2023-1544 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

* CVE-2023-1544 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

* CVE-2024-6505 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

* CVE-2024-6505 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

* CVE-2024-6505 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

* CVE-2025-12464 ( SUSE ): 6.9

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-12464 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0043-1
Release Date: 2026-01-06T16:03:08Z
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow SuSE important out-of-bounds QEMU

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here