Alerts This Week
Warning Icon 1 975
Alerts This Week
Warning Icon 1 975

SUSE Linux Micro 6.0 QEMU Critical Service Disruption Flaws 2026-21912-1

suse
Calendar Grey June 2, 2026
Dist Suse Esm H88
Addressing six crucial issues in qemu for SUSE Linux Micro enhances system integrity and security robustness.
An update that solves six vulnerabilities can now be installed.

Summary

## This update for qemu fixes the following issues * CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto (bsc#1255400). * CVE-2026-0665: out-of-bounds heap access can lead to a denial of service or potential memory corruption (bsc#1256484). * CVE-2026-2243: incorrect bounds check leads to heap out-of-bounds read and a 12-byte information leak when processing specially crafted VMDK files (bsc#1258509). * CVE-2026-3195: heap buffer overflow when reading input audio in the virtio- snd device input callback due to insufficient checks in `virtio_snd_pcm_in_cb` (bsc#1259080). * CVE-2026-3196: integer overflow in the virtio-snd device via PCM_INFO requests from the guest leads to unbounded memory allocation and host denial-of-service (bsc#1259079).

Topics%20covered

Topics Covered

security advisory denial of service heap corruption important QEMU SUSE Linux Micro

References

* bsc#1255400

* bsc#1256484

* bsc#1258509

* bsc#1259079

* bsc#1259080

* bsc#1262089

Cross-

* CVE-2025-14876

* CVE-2026-0665

* CVE-2026-2243

* CVE-2026-3195

* CVE-2026-3196

* CVE-2026-3842

CVSS scores:

* CVE-2025-14876 ( SUSE ): 6.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-14876 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-14876 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-0665 ( SUSE ): 6.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

* CVE-2026-0665 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

* CVE-2026-0665 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

* CVE-2026-2243 ( SUSE ): 4.8

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:21912-1
Release Date: 2026-05-28T15:31:35Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service heap corruption important QEMU SUSE Linux Micro

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here