Alerts This Week
Warning Icon 1 905
Alerts This Week
Warning Icon 1 905

SUSE qemu Important Buffer Overflow Denial-of-Service Vuln 2026-2385-1

suse
Calendar Grey June 12, 2026
Dist Suse Esm H88
Install SUSE's important security update for qemu to mitigate four vulnerabilities and enhance system stability.
An update that solves four vulnerabilities and has one security fix can now be installed.

Summary

## This update for qemu fixes the following issues: * CVE-2026-2243: incorrect bounds check leads to heap out-of-bounds read and a 12-byte information leak when processing specially crafted VMDK files (bsc#1258509). * CVE-2026-3195: heap buffer overflow when reading input audio in the virtio- snd device input callback due to insufficient checks in `virtio_snd_pcm_in_cb` (bsc#1259080). * CVE-2026-3196: integer overflow in the virtio-snd device via PCM_INFO requests from the guest leads to unbounded memory allocation and host denial-of-service (bsc#1259079). * CVE-2026-3842: hyperv/syndbg: missing mapped-length guard after cpu_physical_memory_map causes host OOB write (bsc#1262089). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow SuSE important QEMU

References

* bsc#1199023

* bsc#1258509

* bsc#1259079

* bsc#1259080

* bsc#1262089

Cross-

* CVE-2026-2243

* CVE-2026-3195

* CVE-2026-3196

* CVE-2026-3842

CVSS scores:

* CVE-2026-2243 ( SUSE ): 4.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2026-2243 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

* CVE-2026-2243 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

* CVE-2026-3195 ( SUSE ): 7.1

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:H/SI:H/SA:H

* CVE-2026-3195 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

* CVE-2026-3196 ( SUSE ): 8.2

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

* CVE-2026-3196 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

* CVE-2026-3842 ( SUSE ): 5.1

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2385-1
Release Date: 2026-06-12T13:52:43Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow SuSE important QEMU

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here