Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

SUSE 2026 QEMU Security Advisory for Denial of Service Vulnerability 2386-1

suse
Calendar Grey June 12, 2026
Dist Suse Esm H88
A security update for qemu addresses six security issues in openSUSE, ensuring system integrity and stability.
An update that solves six vulnerabilities and has one security fix can now be installed.

Summary

## This update for qemu fixes the following issues: * CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto (bsc#1255400). * CVE-2026-0665: out-of-bounds heap access can lead to a denial of service or potential memory corruption (bsc#1256484). * CVE-2026-2243: incorrect bounds check leads to heap out-of-bounds read and a 12-byte information leak when processing specially crafted VMDK files (bsc#1258509). * CVE-2026-3195: heap buffer overflow when reading input audio in the virtio- snd device input callback due to insufficient checks in `virtio_snd_pcm_in_cb` (bsc#1259080). * CVE-2026-3196: integer overflow in the virtio-snd device via PCM_INFO requests from the guest leads to unbounded memory allocation and host denial-of-service (bsc#1259079).

Topics%20covered

Topics Covered

security advisory denial of service heap corruption important QEMU OpenSUSE

References

* bsc#1199023

* bsc#1255400

* bsc#1256484

* bsc#1258509

* bsc#1259079

* bsc#1259080

* bsc#1262089

Cross-

* CVE-2025-14876

* CVE-2026-0665

* CVE-2026-2243

* CVE-2026-3195

* CVE-2026-3196

* CVE-2026-3842

CVSS scores:

* CVE-2025-14876 ( SUSE ): 6.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-14876 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-14876 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-0665 ( SUSE ): 6.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

* CVE-2026-0665 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

* CVE-2026-0665 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

* CVE-2026-2243 ( SUSE ): 4.8

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2386-1
Release Date: 2026-06-12T13:54:10Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service heap corruption important QEMU OpenSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here