SUSE-SU-2025:20011-1: critical: Security update for qemu
SLE-UPDATES
null at suse.de
Wed Jun 4 09:12:42 UTC 2025
# Security update for qemu
Announcement ID: SUSE-SU-2025:20011-1
Release Date: 2025-02-03T08:47:43Z
Rating: critical
References:
* bsc#1084909
* bsc#1220065
* bsc#1220310
* bsc#1222218
* bsc#1222841
* bsc#1222843
* bsc#1222845
* bsc#1224179
Cross-References:
* CVE-2024-26328
* CVE-2024-3446
* CVE-2024-3447
* CVE-2024-3567
CVSS scores:
* CVE-2024-26328 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-26328 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-26328 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-3446 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2024-3446 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2024-3447 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-3447 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-3567 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-3567 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-3567 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* SUSE Linux Micro 6.0
An update that solves four vulnerabilities and has four fixes can now be
installed.
## Description:
This update for qemu fixes the following issues:
* Update to version 8.2.5:
* target/loongarch: fix a wrong print in cpu dump
* ui/sdl2: Allow host to power down screen
* target/i386: fix SSE and SSE2 feature check
* target/i386: fix xsave.flat from kvm-unit-tests
* disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs
* target/riscv/kvm.c: Fix the hart bit setting of AIA
* target/riscv: rvzicbo: Fixup CBO extension register calculation
* target/riscv: do not set mtval2 for non guest-page faults
* target/riscv: prioritize pmp errors in raise_mmu_exception()
* target/riscv: rvv: Remove redudant SEW checking for vector fp narrow/widen
instructions
* target/riscv: rvv: Check single width operator for vfncvt.rod.f.f.w
* target/riscv: rvv: Check single width operator for vector fp widen
instructions
* target/riscv: rvv: Fix Zvfhmin checking for vfwcvt.f.f.v and vfncvt.f.f.w
instructions
* target/riscv/cpu.c: fix Zvkb extension config
* target/riscv: Fix the element agnostic function problem
* target/riscv/kvm: tolerate KVM disable ext errors
* hw/intc/riscv_aplic: APLICs should add child earlier than realize
* iotests: test NBD+TLS+iothread
* qio: Inherit follow_coroutine_ctx across TLS
* target/arm: Disable SVE extensions when SVE is disabled
* hw/intc/arm_gic: Fix handling of NS view of GICC_APR<n>
* hvf: arm: Fix encodings for ID_AA64PFR1_EL1 and debug System registers
* gitlab: use 'setarch -R' to workaround tsan bug
* gitlab: use $MAKE instead of 'make'
* dockerfiles: add 'MAKE' env variable to remaining containers
* gitlab: Update msys2-64bit runner tags
* target/i386: no single-step exception after MOV or POP SS
* Update to version 8.2.4.
* target/sh4: Fix SUBV opcode
* target/sh4: Fix ADDV opcode
* hw/arm/npcm7xx: Store derivative OTP fuse key in little endian
* hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields
* hw/ufs: Fix buffer overflow bug
* tests/avocado: update sunxi kernel from armbian to 6.6.16
* target/loongarch/cpu.c: typo fix: expection
* backends/cryptodev-builtin: Fix local_error leaks
* nbd/server: Mark negotiation functions as coroutine_fn
* nbd/server: do not poll within a coroutine context
* linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY
* target/riscv/kvm: change timer regs size to u64
* target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64
* target/riscv/kvm: change KVM_REG_RISCV_FP_F to u32
* Update to version 8.2.3.
* Update version for 8.2.3 release
* ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS.
* ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs.
* hw/pci-host/ppc440_pcix: Do not expose a bridge device on PCI bus
* hw/isa/vt82c686: Keep track of PIRQ/PINT pins separately
* virtio-pci: fix use of a released vector
* linux-user/x86_64: Handle the vsyscall page in open_self_maps_{2,4}
* hw/audio/virtio-snd: Remove unused assignment
* hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum()
* hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set
* hw/net/lan9118: Fix overflow in MIL TX FIFO
* hw/net/lan9118: Replace magic '2048' value by MIL_TXFIFO_SIZE definition
* backends/cryptodev: Do not abort for invalid session ID
* hw/misc/applesmc: Fix memory leak in reset() handler
* hw/block/nand: Fix out-of-bound access in NAND block buffer
* hw/block/nand: Have blk_load() take unsigned offset and return boolean
* hw/block/nand: Factor nand_load_iolen() method out
* qemu-options: Fix CXL Fixed Memory Window interleave-granularity typo
* hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs
* hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs
* hw/display/virtio-gpu: Protect from DMA re-entrancy bugs
* mirror: Don't call job_pause_point() under graph lock (bsc#1224179)
* Backports and bugfixes:
* hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum() (bsc#1222841,
CVE-2024-3567)
* hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (bsc#1222843,
CVE-2024-3446)
* hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (bsc#1222843,
CVE-2024-3446)
* hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (bsc#1222843,
CVE-2024-3446)
* hw/virtio: Introduce virtio_bh_new_guarded() helper (bsc#1222843,
CVE-2024-3446)
* hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set
(bsc#1222845, CVE-2024-3447)
* hw/nvme: Use pcie_sriov_num_vfs() (bsc#1220065, CVE-2024-26328)
* Update to version 8.2.2
* chardev/char-socket: Fix TLS io channels sending too much data to the
backend
* tests/unit/test-util-sockets: Remove temporary file after test
* hw/usb/bus.c: PCAP adding 0xA in Windows version
* hw/intc/Kconfig: Fix GIC settings when using "\--without-default-devices"
* gitlab: force allow use of pip in Cirrus jobs
* tests/vm: avoid re-building the VM images all the time
* tests/vm: update openbsd image to 7.4
* target/i386: leave the A20 bit set in the final NPT walk
* target/i386: remove unnecessary/wrong application of the A20 mask
* target/i386: Fix physical address truncation
* target/i386: check validity of VMCB addresses
* target/i386: mask high bits of CR3 in 32-bit mode
* pl031: Update last RTCLR value on write in case it's read back
* hw/nvme: fix invalid endian conversion
* update edk2 binaries to edk2-stable202402
* update edk2 submodule to edk2-stable202402
* target/ppc: Fix crash on machine check caused by ifetch
* target/ppc: Fix lxv/stxv MSR facility check
* .gitlab-ci.d/windows.yml: Drop msys2-32bit job
* system/vl: Update description for input grab key
* docs/system: Update description for input grab key
* hw/hppa/Kconfig: Fix building with "configure --without-default-devices"
* tests/qtest: Depend on dbus_display1_dep
* meson: Explicitly specify dbus-display1.h dependency
* audio: Depend on dbus_display1_dep
* ui/console: Fix console resize with placeholder surface
* ui/clipboard: add asserts for update and request
* ui/clipboard: mark type as not available when there is no data
* ui: reject extended clipboard message if not activated
* target/i386: Generate an illegal opcode exception on cmp instructions with
lock prefix
* i386/cpuid: Move leaf 7 to correct group
* i386/cpuid: Decrease cpuid_i when skipping CPUID leaf 1F
* i386/cpu: Mask with XCR0/XSS mask for FEAT_XSAVE_XCR0_HI and
FEAT_XSAVE_XSS_HI leafs
* i386/cpu: Clear FEAT_XSAVE_XSS_LO/HI leafs when CPUID_EXT_XSAVE is not
available
* .gitlab-ci/windows.yml: Don't install libusb or spice packages on 32-bit
* iotests: Make 144 deterministic again
* target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking
ARM_FEATURE_PMU
* target/arm: Fix SVE/SME gross MTE suppression checks
* target/arm: Handle mte in do_ldrq, do_ldro
* Address bsc#1220310. Backported upstream commits:
* ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS
* ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Micro 6.0
zypper in -t patch SUSE-SLE-Micro-6.0-10=1
## Package List:
* SUSE Linux Micro 6.0 (aarch64 s390x x86_64)
* qemu-block-rbd-debuginfo-8.2.5-1.1
* qemu-guest-agent-8.2.5-1.1
* qemu-pr-helper-8.2.5-1.1
* qemu-ui-opengl-8.2.5-1.1
* qemu-block-ssh-debuginfo-8.2.5-1.1
* qemu-hw-display-virtio-gpu-debuginfo-8.2.5-1.1
* qemu-block-curl-8.2.5-1.1
* qemu-ksm-8.2.5-1.1
* qemu-block-curl-debuginfo-8.2.5-1.1
* qemu-chardev-spice-debuginfo-8.2.5-1.1
* qemu-hw-display-virtio-gpu-8.2.5-1.1
* qemu-pr-helper-debuginfo-8.2.5-1.1
* qemu-hw-display-virtio-gpu-pci-8.2.5-1.1
* qemu-tools-debuginfo-8.2.5-1.1
* qemu-hw-display-qxl-8.2.5-1.1
* qemu-ui-spice-core-debuginfo-8.2.5-1.1
* qemu-hw-display-virtio-vga-debuginfo-8.2.5-1.1
* qemu-hw-display-virtio-gpu-pci-debuginfo-8.2.5-1.1
* qemu-tools-8.2.5-1.1
* qemu-img-debuginfo-8.2.5-1.1
* qemu-debugsource-8.2.5-1.1
* qemu-ui-spice-core-8.2.5-1.1
* qemu-audio-spice-8.2.5-1.1
* qemu-hw-display-virtio-vga-8.2.5-1.1
* qemu-debuginfo-8.2.5-1.1
* qemu-ui-opengl-debuginfo-8.2.5-1.1
* qemu-hw-usb-redirect-8.2.5-1.1
* qemu-lang-8.2.5-1.1
* qemu-block-iscsi-8.2.5-1.1
* qemu-block-ssh-8.2.5-1.1
* qemu-guest-agent-debuginfo-8.2.5-1.1
* qemu-hw-usb-host-8.2.5-1.1
* qemu-img-8.2.5-1.1
* qemu-8.2.5-1.1
* qemu-block-iscsi-debuginfo-8.2.5-1.1
* qemu-hw-display-qxl-debuginfo-8.2.5-1.1
* qemu-audio-spice-debuginfo-8.2.5-1.1
* qemu-hw-usb-redirect-debuginfo-8.2.5-1.1
* qemu-chardev-spice-8.2.5-1.1
* qemu-block-rbd-8.2.5-1.1
* qemu-hw-usb-host-debuginfo-8.2.5-1.1
* SUSE Linux Micro 6.0 (x86_64)
* qemu-x86-debuginfo-8.2.5-1.1
* qemu-accel-tcg-x86-debuginfo-8.2.5-1.1
* qemu-accel-tcg-x86-8.2.5-1.1
* qemu-x86-8.2.5-1.1
* SUSE Linux Micro 6.0 (noarch)
* qemu-ipxe-8.2.5-1.1
* qemu-vgabios-8.2.51.16.3_3_ga95067eb-1.1
* qemu-seabios-8.2.51.16.3_3_ga95067eb-1.1
* SUSE Linux Micro 6.0 (s390x)
* qemu-s390x-8.2.5-1.1
* qemu-s390x-debuginfo-8.2.5-1.1
* SUSE Linux Micro 6.0 (aarch64)
* qemu-arm-8.2.5-1.1
* qemu-arm-debuginfo-8.2.5-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-26328.html
* https://www.suse.com/security/cve/CVE-2024-3446.html
* https://www.suse.com/security/cve/CVE-2024-3447.html
* https://www.suse.com/security/cve/CVE-2024-3567.html
* https://bugzilla.suse.com/show_bug.cgi?id=1084909
* https://bugzilla.suse.com/show_bug.cgi?id=1220065
* https://bugzilla.suse.com/show_bug.cgi?id=1220310
* https://bugzilla.suse.com/show_bug.cgi?id=1222218
* https://bugzilla.suse.com/show_bug.cgi?id=1222841
* https://bugzilla.suse.com/show_bug.cgi?id=1222843
* https://bugzilla.suse.com/show_bug.cgi?id=1222845
* https://bugzilla.suse.com/show_bug.cgi?id=1224179
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20250604/66e3d758/attachment-0001.htm>
More information about the sle-updates
mailing list