SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-832

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-832

Security update for qemu

Type: security

Severity: moderate

Issued: 2026-03-05

Description:

This update for qemu fixes the following issues:

Security issue:

- CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto (bsc#1255400).

Non security issues:

- * hw/virtio: Also include md stubs in case CONFIG_VIRTIO_PCI is not set (jsc#PED-14271).
- * s390x/pv: prepare for memory devices (jsc#PED-14271).
- * s390x/s390-skeys: prepare for memory devices (jsc#PED-14271).
- * s390x/s390-stattrib-kvm: prepare for memory devices and sparse memory layouts (jsc#PED-14271).
- * s390x/s390-virtio-ccw: prepare for memory devices (jsc#PED-14271).
- * s390x/virtio-ccw: add support for virtio based memory devices (jsc#PED-14271).
- * s390x: remember the maximum page size (jsc#PED-14271).
- * s390x: virtio-mem support (jsc#PED-14271).

References

jira: PED-14271 https://jira.suse.com/browse/PED-14271
CVE: CVE-2025-14876
Bugzilla: 1255400 VUL-0: CVE-2025-14876: kvm,qemu: qemu-kvm: Unbounded allocation in virtio-crypto

Packages

qemu-9.2.4-150700.3.17.1

qemu-linux-user-9.2.4-150700.3.17.1