<div class="container">
<h1>Security update for qemu</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2025:20011-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-02-03T08:47:43Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>critical</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1084909">bsc#1084909</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1220065">bsc#1220065</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1220310">bsc#1220310</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1222218">bsc#1222218</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1222841">bsc#1222841</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1222843">bsc#1222843</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1222845">bsc#1222845</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1224179">bsc#1224179</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-26328.html">CVE-2024-26328</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-3446.html">CVE-2024-3446</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-3447.html">CVE-2024-3447</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-3567.html">CVE-2024-3567</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-26328</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-26328</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-26328</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-3446</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.2</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-3446</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">8.2</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-3447</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-3447</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-3567</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-3567</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-3567</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Micro 6.0</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves four vulnerabilities and has four fixes can now be installed.</p>
<h2>Description:</h2>
<p>This update for qemu fixes the following issues:</p>
<ul>
<li>Update to version 8.2.5:</li>
<li>target/loongarch: fix a wrong print in cpu dump</li>
<li>ui/sdl2: Allow host to power down screen</li>
<li>target/i386: fix SSE and SSE2 feature check</li>
<li>target/i386: fix xsave.flat from kvm-unit-tests</li>
<li>disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs</li>
<li>target/riscv/kvm.c: Fix the hart bit setting of AIA</li>
<li>target/riscv: rvzicbo: Fixup CBO extension register calculation</li>
<li>target/riscv: do not set mtval2 for non guest-page faults</li>
<li>target/riscv: prioritize pmp errors in raise_mmu_exception()</li>
<li>target/riscv: rvv: Remove redudant SEW checking for vector fp narrow/widen instructions</li>
<li>target/riscv: rvv: Check single width operator for vfncvt.rod.f.f.w</li>
<li>target/riscv: rvv: Check single width operator for vector fp widen instructions</li>
<li>target/riscv: rvv: Fix Zvfhmin checking for vfwcvt.f.f.v and vfncvt.f.f.w instructions</li>
<li>target/riscv/cpu.c: fix Zvkb extension config</li>
<li>target/riscv: Fix the element agnostic function problem</li>
<li>target/riscv/kvm: tolerate KVM disable ext errors</li>
<li>hw/intc/riscv_aplic: APLICs should add child earlier than realize</li>
<li>iotests: test NBD+TLS+iothread</li>
<li>qio: Inherit follow_coroutine_ctx across TLS</li>
<li>target/arm: Disable SVE extensions when SVE is disabled</li>
<li>hw/intc/arm_gic: Fix handling of NS view of GICC_APR<n></li>
<li>hvf: arm: Fix encodings for ID_AA64PFR1_EL1 and debug System registers</li>
<li>gitlab: use 'setarch -R' to workaround tsan bug</li>
<li>gitlab: use $MAKE instead of 'make'</li>
<li>dockerfiles: add 'MAKE' env variable to remaining containers</li>
<li>gitlab: Update msys2-64bit runner tags</li>
<li>
<p>target/i386: no single-step exception after MOV or POP SS</p>
</li>
<li>
<p>Update to version 8.2.4.</p>
</li>
<li>target/sh4: Fix SUBV opcode</li>
<li>target/sh4: Fix ADDV opcode</li>
<li>hw/arm/npcm7xx: Store derivative OTP fuse key in little endian</li>
<li>hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields</li>
<li>hw/ufs: Fix buffer overflow bug</li>
<li>tests/avocado: update sunxi kernel from armbian to 6.6.16</li>
<li>target/loongarch/cpu.c: typo fix: expection</li>
<li>backends/cryptodev-builtin: Fix local_error leaks</li>
<li>nbd/server: Mark negotiation functions as coroutine_fn</li>
<li>nbd/server: do not poll within a coroutine context</li>
<li>linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY</li>
<li>target/riscv/kvm: change timer regs size to u64</li>
<li>target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64</li>
<li>
<p>target/riscv/kvm: change KVM_REG_RISCV_FP_F to u32</p>
</li>
<li>
<p>Update to version 8.2.3.</p>
</li>
<li>Update version for 8.2.3 release</li>
<li>ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS.</li>
<li>ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs.</li>
<li>hw/pci-host/ppc440_pcix: Do not expose a bridge device on PCI bus</li>
<li>hw/isa/vt82c686: Keep track of PIRQ/PINT pins separately</li>
<li>virtio-pci: fix use of a released vector</li>
<li>linux-user/x86_64: Handle the vsyscall page in open_self_maps_{2,4}</li>
<li>hw/audio/virtio-snd: Remove unused assignment</li>
<li>hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum()</li>
<li>hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set</li>
<li>hw/net/lan9118: Fix overflow in MIL TX FIFO</li>
<li>hw/net/lan9118: Replace magic '2048' value by MIL_TXFIFO_SIZE definition</li>
<li>backends/cryptodev: Do not abort for invalid session ID</li>
<li>hw/misc/applesmc: Fix memory leak in reset() handler</li>
<li>hw/block/nand: Fix out-of-bound access in NAND block buffer</li>
<li>hw/block/nand: Have blk_load() take unsigned offset and return boolean</li>
<li>hw/block/nand: Factor nand_load_iolen() method out</li>
<li>qemu-options: Fix CXL Fixed Memory Window interleave-granularity typo</li>
<li>hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs</li>
<li>hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs</li>
<li>hw/display/virtio-gpu: Protect from DMA re-entrancy bugs</li>
<li>
<p>mirror: Don't call job_pause_point() under graph lock (bsc#1224179)</p>
</li>
<li>
<p>Backports and bugfixes:</p>
</li>
<li>hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum() (bsc#1222841, CVE-2024-3567)</li>
<li>hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)</li>
<li>hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)</li>
<li>hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)</li>
<li>hw/virtio: Introduce virtio_bh_new_guarded() helper (bsc#1222843, CVE-2024-3446)</li>
<li>hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (bsc#1222845, CVE-2024-3447)</li>
<li>
<p>hw/nvme: Use pcie_sriov_num_vfs() (bsc#1220065, CVE-2024-26328)</p>
</li>
<li>
<p>Update to version 8.2.2</p>
</li>
<li>chardev/char-socket: Fix TLS io channels sending too much data to the backend</li>
<li>tests/unit/test-util-sockets: Remove temporary file after test</li>
<li>hw/usb/bus.c: PCAP adding 0xA in Windows version</li>
<li>hw/intc/Kconfig: Fix GIC settings when using "--without-default-devices"</li>
<li>gitlab: force allow use of pip in Cirrus jobs</li>
<li>tests/vm: avoid re-building the VM images all the time</li>
<li>tests/vm: update openbsd image to 7.4</li>
<li>target/i386: leave the A20 bit set in the final NPT walk</li>
<li>target/i386: remove unnecessary/wrong application of the A20 mask</li>
<li>target/i386: Fix physical address truncation</li>
<li>target/i386: check validity of VMCB addresses</li>
<li>target/i386: mask high bits of CR3 in 32-bit mode</li>
<li>pl031: Update last RTCLR value on write in case it's read back</li>
<li>hw/nvme: fix invalid endian conversion</li>
<li>update edk2 binaries to edk2-stable202402</li>
<li>update edk2 submodule to edk2-stable202402</li>
<li>target/ppc: Fix crash on machine check caused by ifetch</li>
<li>target/ppc: Fix lxv/stxv MSR facility check</li>
<li>.gitlab-ci.d/windows.yml: Drop msys2-32bit job</li>
<li>system/vl: Update description for input grab key</li>
<li>docs/system: Update description for input grab key</li>
<li>hw/hppa/Kconfig: Fix building with "configure --without-default-devices"</li>
<li>tests/qtest: Depend on dbus_display1_dep</li>
<li>meson: Explicitly specify dbus-display1.h dependency</li>
<li>audio: Depend on dbus_display1_dep</li>
<li>ui/console: Fix console resize with placeholder surface</li>
<li>ui/clipboard: add asserts for update and request</li>
<li>ui/clipboard: mark type as not available when there is no data</li>
<li>ui: reject extended clipboard message if not activated</li>
<li>target/i386: Generate an illegal opcode exception on cmp instructions with lock prefix</li>
<li>i386/cpuid: Move leaf 7 to correct group</li>
<li>i386/cpuid: Decrease cpuid_i when skipping CPUID leaf 1F</li>
<li>i386/cpu: Mask with XCR0/XSS mask for FEAT_XSAVE_XCR0_HI and FEAT_XSAVE_XSS_HI leafs</li>
<li>i386/cpu: Clear FEAT_XSAVE_XSS_LO/HI leafs when CPUID_EXT_XSAVE is not available</li>
<li>.gitlab-ci/windows.yml: Don't install libusb or spice packages on 32-bit</li>
<li>iotests: Make 144 deterministic again</li>
<li>target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU</li>
<li>target/arm: Fix SVE/SME gross MTE suppression checks</li>
<li>target/arm: Handle mte in do_ldrq, do_ldro</li>
<li>Address bsc#1220310. Backported upstream commits:</li>
<li>ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS</li>
<li>ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs.</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Micro 6.0
<br/>
<code>zypper in -t patch SUSE-SLE-Micro-6.0-10=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Micro 6.0 (aarch64 s390x x86_64)
<ul>
<li>qemu-block-rbd-debuginfo-8.2.5-1.1</li>
<li>qemu-guest-agent-8.2.5-1.1</li>
<li>qemu-pr-helper-8.2.5-1.1</li>
<li>qemu-ui-opengl-8.2.5-1.1</li>
<li>qemu-block-ssh-debuginfo-8.2.5-1.1</li>
<li>qemu-hw-display-virtio-gpu-debuginfo-8.2.5-1.1</li>
<li>qemu-block-curl-8.2.5-1.1</li>
<li>qemu-ksm-8.2.5-1.1</li>
<li>qemu-block-curl-debuginfo-8.2.5-1.1</li>
<li>qemu-chardev-spice-debuginfo-8.2.5-1.1</li>
<li>qemu-hw-display-virtio-gpu-8.2.5-1.1</li>
<li>qemu-pr-helper-debuginfo-8.2.5-1.1</li>
<li>qemu-hw-display-virtio-gpu-pci-8.2.5-1.1</li>
<li>qemu-tools-debuginfo-8.2.5-1.1</li>
<li>qemu-hw-display-qxl-8.2.5-1.1</li>
<li>qemu-ui-spice-core-debuginfo-8.2.5-1.1</li>
<li>qemu-hw-display-virtio-vga-debuginfo-8.2.5-1.1</li>
<li>qemu-hw-display-virtio-gpu-pci-debuginfo-8.2.5-1.1</li>
<li>qemu-tools-8.2.5-1.1</li>
<li>qemu-img-debuginfo-8.2.5-1.1</li>
<li>qemu-debugsource-8.2.5-1.1</li>
<li>qemu-ui-spice-core-8.2.5-1.1</li>
<li>qemu-audio-spice-8.2.5-1.1</li>
<li>qemu-hw-display-virtio-vga-8.2.5-1.1</li>
<li>qemu-debuginfo-8.2.5-1.1</li>
<li>qemu-ui-opengl-debuginfo-8.2.5-1.1</li>
<li>qemu-hw-usb-redirect-8.2.5-1.1</li>
<li>qemu-lang-8.2.5-1.1</li>
<li>qemu-block-iscsi-8.2.5-1.1</li>
<li>qemu-block-ssh-8.2.5-1.1</li>
<li>qemu-guest-agent-debuginfo-8.2.5-1.1</li>
<li>qemu-hw-usb-host-8.2.5-1.1</li>
<li>qemu-img-8.2.5-1.1</li>
<li>qemu-8.2.5-1.1</li>
<li>qemu-block-iscsi-debuginfo-8.2.5-1.1</li>
<li>qemu-hw-display-qxl-debuginfo-8.2.5-1.1</li>
<li>qemu-audio-spice-debuginfo-8.2.5-1.1</li>
<li>qemu-hw-usb-redirect-debuginfo-8.2.5-1.1</li>
<li>qemu-chardev-spice-8.2.5-1.1</li>
<li>qemu-block-rbd-8.2.5-1.1</li>
<li>qemu-hw-usb-host-debuginfo-8.2.5-1.1</li>
</ul>
</li>
<li>
SUSE Linux Micro 6.0 (x86_64)
<ul>
<li>qemu-x86-debuginfo-8.2.5-1.1</li>
<li>qemu-accel-tcg-x86-debuginfo-8.2.5-1.1</li>
<li>qemu-accel-tcg-x86-8.2.5-1.1</li>
<li>qemu-x86-8.2.5-1.1</li>
</ul>
</li>
<li>
SUSE Linux Micro 6.0 (noarch)
<ul>
<li>qemu-ipxe-8.2.5-1.1</li>
<li>qemu-vgabios-8.2.51.16.3_3_ga95067eb-1.1</li>
<li>qemu-seabios-8.2.51.16.3_3_ga95067eb-1.1</li>
</ul>
</li>
<li>
SUSE Linux Micro 6.0 (s390x)
<ul>
<li>qemu-s390x-8.2.5-1.1</li>
<li>qemu-s390x-debuginfo-8.2.5-1.1</li>
</ul>
</li>
<li>
SUSE Linux Micro 6.0 (aarch64)
<ul>
<li>qemu-arm-8.2.5-1.1</li>
<li>qemu-arm-debuginfo-8.2.5-1.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-26328.html">https://www.suse.com/security/cve/CVE-2024-26328.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-3446.html">https://www.suse.com/security/cve/CVE-2024-3446.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-3447.html">https://www.suse.com/security/cve/CVE-2024-3447.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-3567.html">https://www.suse.com/security/cve/CVE-2024-3567.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1084909">https://bugzilla.suse.com/show_bug.cgi?id=1084909</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1220065">https://bugzilla.suse.com/show_bug.cgi?id=1220065</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1220310">https://bugzilla.suse.com/show_bug.cgi?id=1220310</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1222218">https://bugzilla.suse.com/show_bug.cgi?id=1222218</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1222841">https://bugzilla.suse.com/show_bug.cgi?id=1222841</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1222843">https://bugzilla.suse.com/show_bug.cgi?id=1222843</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1222845">https://bugzilla.suse.com/show_bug.cgi?id=1222845</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1224179">https://bugzilla.suse.com/show_bug.cgi?id=1224179</a>
</li>
</ul>
</div>