Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

SUSE Linux Micro 6.0: 2025:20076-1 important: qemu security fix

suse
Calendar Grey June 4, 2025
Dist Suse Esm H88
SUSE Linux Micro has released updates that resolve significant vulnerabilities in qemu, rectifying various bugs while bolstering its security protocols.
* bsc#1224132 * bsc#1229007 * bsc#1229929 * bsc#1230140 * bsc#1230834

Summary

## This update for qemu fixes the following issues: * Bugfixes and CVEs: * hw/usb/hcd-ohci: Fix #1510, #303: pid not IN or OUT (bsc#1230834, CVE-2024-8354) * softmmu: Support concurrent bounce buffers (bsc#1230915, CVE-2024-8612) * system/physmem: Per-AddressSpace bounce buffering (bsc#1230915, CVE-2024-8612) * system/physmem: Propagate AddressSpace to MapClient helpers (bsc#1230915, CVE-2024-8612) * system/physmem: Replace qemu_mutex_lock() calls with QEMU_LOCK_GUARD (bsc#1230915, CVE-2024-8612) * Update version to 8.2.7 * Full changelog here: https://lore.kernel.org/qemu- devel/d9ff276f-f1ba-4e90-8343-a7a0dc2bf305@tls.msk.ru/ * Fixes: bsc#1229007, CVE-2024-7409 bsc#1224132, CVE-2024-4693 * Some backports: gitlab: fix logic for changing docker tag on stable branches

References

* bsc#1224132

* bsc#1229007

* bsc#1229929

* bsc#1230140

* bsc#1230834

* bsc#1230915

* bsc#1231519

Cross-

* CVE-2024-4693

* CVE-2024-7409

* CVE-2024-8354

* CVE-2024-8612

CVSS scores:

* CVE-2024-4693 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-7409 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-7409 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-7409 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-8354 ( SUSE ): 5.7

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-8354 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-8354 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:20076-1
Release Date: 2025-02-03T09:05:12Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here