Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 448
Alerts This Week
Warning Icon 1 448

SUSE Linux Micro 6.2 QEMU Important Privilege Escalation CVE-2026-3886

suse
Calendar Grey July 13, 2026
Dist Suse Esm H88
Important security update for SUSE's qemu addresses multiple vulnerabilities including buffer overflows and privilege escalations.
An update that solves three vulnerabilities, contains one feature and has two fixes can now be installed.

Summary

## This update for qemu fixes the following issues: Update to version 10.0.11. Security issues fixed: * CVE-2026-3886: integer overflow leading to privilege escalation due to lack of proper validation of user-supplied data in the virtio-gpu driver (bsc#1268061). * CVE-2026-48914: heap buffer overflow due to improper size validation in virtio-blk SCSI request handling (bsc#1268794). * CVE-2026-48004: heap use-after-free race condition due to missing rename lock in v9fs_co_readdir_many (bsc#1270133). Other updates and bugfixes: * Version 10.0.11: * Full backport list here: https://lore.kernel.org/qemu- devel/20260627082646.D825717AB67@think4mjt.localdomain/ * Version 10.0.10: * Full backport list here: https://lore.kernel.org/qemu-

References

* bsc#1199023

* bsc#1268061

* bsc#1268279

* bsc#1268794

* bsc#1270133

* jsc#PED-9266

Cross-

* CVE-2026-3886

* CVE-2026-48004

* CVE-2026-48914

CVSS scores:

* CVE-2026-3886 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

* CVE-2026-48004 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-48914 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H

* CVE-2026-48914 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H

Affected Products:

* SUSE Linux Micro 6.2

An update that solves three vulnerabilities, contains one feature and has two

fixes can now be installed.

##

* https://www.suse.com/security/cve/CVE-2026-3886.html

* https://www.suse.com/security/cve/CVE-2026-48004.html

* https://www.suse.com/security/cve/CVE-2026-48914.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:22550-1
Release Date: 2026-07-07T17:46:01Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.