Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE Linux Micro 6.0: 2025:20036-1 important: qemu security risks

suse
Calendar Grey June 4, 2025
Dist Suse Esm H88
This crucial patch for SUSE Linux Micro 6.0 addresses pivotal vulnerabilities in qemu, maintaining system security.
* bsc#1221812 * bsc#1227322 * bsc#1229007 Cross-References:

Summary

## This update for qemu fixes the following issues: * Fix bsc#1221812: * block: Reschedule query-block during qcow2 invalidation (bsc#1221812) * Fix bsc#1229007, CVE-2024-7409: * nbd/server: CVE-2024-7409: Close stray clients at server-stop (bsc#1229007) * nbd/server: CVE-2024-7409: Drop non-negotiating clients (bsc#1229007) * nbd/server: CVE-2024-7409: Cap default max-connections to 100 (bsc#1229007) * nbd/server: Plumb in new args to nbd_client_add() (bsc#1229007, CVE-2024-7409) * nbd: Minor style and typo fixes (bsc#1229007, CVE-2024-7409) * Update to version 8.2.6: Full backport lists (from the various releases) here: https://lore.kernel.org/qemu- devel/1721203806.547734.831464.nullmailer@tls.msk.ru/ Some of the upstream backports are: hw/nvme: fix number of PIDs for FDP RUH

References

* bsc#1221812

* bsc#1227322

* bsc#1229007

Cross-

* CVE-2024-4467

* CVE-2024-7409

CVSS scores:

* CVE-2024-4467 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-4467 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-7409 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-7409 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-7409 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* SUSE Linux Micro 6.0

An update that solves two vulnerabilities and has one fix can now be installed.

##

* https://www.suse.com/security/cve/CVE-2024-4467.html

* https://www.suse.com/security/cve/CVE-2024-7409.html

* https://bugzilla.suse.com/show_bug.cgi?id=1221812

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:20036-1
Release Date: 2025-02-03T08:53:01Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here