SUSE-SU-2026:22576-1: important: Security update for qemu
SLE-UPDATES
null at suse.de
Tue Jul 14 16:31:57 UTC 2026
# Security update for qemu
Announcement ID: SUSE-SU-2026:22576-1
Release Date: 2026-07-07T17:20:48Z
Rating: important
References:
* bsc#1199023
* bsc#1268061
* bsc#1268279
* bsc#1268794
* bsc#1270133
* jsc#PED-9266
Cross-References:
* CVE-2026-3886
* CVE-2026-48004
* CVE-2026-48914
CVSS scores:
* CVE-2026-3886 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-48004 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-48914 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H
* CVE-2026-48914 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H
Affected Products:
* SUSE Linux Enterprise Server 16.0
* SUSE Linux Enterprise Server for SAP applications 16.0
An update that solves three vulnerabilities, contains one feature and has two
fixes can now be installed.
## Description:
This update for qemu fixes the following issues:
Update to version 10.0.11.
Security issues fixed:
* CVE-2026-3886: integer overflow leading to privilege escalation due to lack
of proper validation of user-supplied data in the virtio-gpu driver
(bsc#1268061).
* CVE-2026-48914: heap buffer overflow due to improper size validation in
virtio-blk SCSI request handling (bsc#1268794).
* CVE-2026-48004: heap use-after-free race condition due to missing rename
lock in v9fs_co_readdir_many (bsc#1270133).
Other updates and bugfixes:
* Version 10.0.11:
* Full backport list here: https://lore.kernel.org/qemu-
devel/20260627082646.D825717AB67 at think4mjt.localdomain/
* Version 10.0.10:
* Full backport list here: https://lore.kernel.org/qemu-
devel/20260528061820.CEE521691A9 at think4mjt.localdomain/
* ppc/spapr: Skip system reset for quiesced CPUs (bsc#1268279).
* i386/tdx: handle TDG.VP.VMCALL <GetQuote> (jsc#PED-9266).
* i386/tdx: handle TDG.VP.VMCALL <GetTdVmCallInfo> (jsc#PED-9266).
* update Linux headers to v6.16-rc3 (jsc#PED-9266).
* i386/cpu: Warn about why CPUID_EXT_PDCM is not available (jsc#PED-9266).
* i386/cpu: Move adjustment of CPUID_EXT_PDCM before feature_dependencies[]
check (jsc#PED-9266).
* [openSUSE] qemu-ga: fix service file against no-autostart (bsc#1199023).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP applications 16.0
zypper in -t patch SUSE-SLES-16.0-1174=1
* SUSE Linux Enterprise Server 16.0
zypper in -t patch SUSE-SLES-16.0-1174=1
## Package List:
* SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64)
* qemu-ppc-10.0.11-160000.1.1
* qemu-audio-alsa-10.0.11-160000.1.1
* qemu-arm-debuginfo-10.0.11-160000.1.1
* qemu-ivshmem-tools-10.0.11-160000.1.1
* qemu-extra-10.0.11-160000.1.1
* qemu-img-debuginfo-10.0.11-160000.1.1
* qemu-hw-display-virtio-vga-10.0.11-160000.1.1
* qemu-debugsource-10.0.11-160000.1.1
* qemu-audio-oss-debuginfo-10.0.11-160000.1.1
* qemu-hw-display-virtio-gpu-debuginfo-10.0.11-160000.1.1
* qemu-audio-dbus-10.0.11-160000.1.1
* qemu-tools-10.0.11-160000.1.1
* qemu-debuginfo-10.0.11-160000.1.1
* qemu-arm-10.0.11-160000.1.1
* qemu-linux-user-10.0.11-160000.1.1
* qemu-s390x-10.0.11-160000.1.1
* qemu-10.0.11-160000.1.1
* qemu-hw-usb-smartcard-10.0.11-160000.1.1
* qemu-guest-agent-10.0.11-160000.1.1
* qemu-hw-display-virtio-gpu-pci-debuginfo-10.0.11-160000.1.1
* qemu-vhost-user-gpu-10.0.11-160000.1.1
* qemu-block-iscsi-10.0.11-160000.1.1
* qemu-headless-10.0.11-160000.1.1
* qemu-audio-jack-10.0.11-160000.1.1
* qemu-hw-s390x-virtio-gpu-ccw-10.0.11-160000.1.1
* qemu-hw-display-virtio-vga-debuginfo-10.0.11-160000.1.1
* qemu-hw-usb-redirect-debuginfo-10.0.11-160000.1.1
* qemu-audio-dbus-debuginfo-10.0.11-160000.1.1
* qemu-extra-debuginfo-10.0.11-160000.1.1
* qemu-hw-display-virtio-gpu-pci-10.0.11-160000.1.1
* qemu-block-nfs-debuginfo-10.0.11-160000.1.1
* qemu-hw-s390x-virtio-gpu-ccw-debuginfo-10.0.11-160000.1.1
* qemu-audio-alsa-debuginfo-10.0.11-160000.1.1
* qemu-ksm-10.0.11-160000.1.1
* qemu-hw-display-virtio-gpu-10.0.11-160000.1.1
* qemu-hw-usb-redirect-10.0.11-160000.1.1
* qemu-x86-10.0.11-160000.1.1
* qemu-vhost-user-gpu-debuginfo-10.0.11-160000.1.1
* qemu-block-nfs-10.0.11-160000.1.1
* qemu-block-curl-debuginfo-10.0.11-160000.1.1
* qemu-s390x-debuginfo-10.0.11-160000.1.1
* qemu-block-iscsi-debuginfo-10.0.11-160000.1.1
* qemu-tools-debuginfo-10.0.11-160000.1.1
* qemu-ivshmem-tools-debuginfo-10.0.11-160000.1.1
* qemu-pr-helper-10.0.11-160000.1.1
* qemu-block-dmg-10.0.11-160000.1.1
* qemu-block-curl-10.0.11-160000.1.1
* qemu-x86-debuginfo-10.0.11-160000.1.1
* qemu-hw-usb-host-10.0.11-160000.1.1
* qemu-block-dmg-debuginfo-10.0.11-160000.1.1
* qemu-ppc-debuginfo-10.0.11-160000.1.1
* qemu-block-ssh-debuginfo-10.0.11-160000.1.1
* qemu-linux-user-debuginfo-10.0.11-160000.1.1
* qemu-block-ssh-10.0.11-160000.1.1
* qemu-audio-oss-10.0.11-160000.1.1
* qemu-guest-agent-debuginfo-10.0.11-160000.1.1
* qemu-audio-jack-debuginfo-10.0.11-160000.1.1
* qemu-pr-helper-debuginfo-10.0.11-160000.1.1
* qemu-linux-user-debugsource-10.0.11-160000.1.1
* qemu-hw-usb-smartcard-debuginfo-10.0.11-160000.1.1
* qemu-img-10.0.11-160000.1.1
* qemu-hw-usb-host-debuginfo-10.0.11-160000.1.1
* SUSE Linux Enterprise Server 16.0 (noarch)
* qemu-SLOF-10.0.11-160000.1.1
* qemu-skiboot-10.0.11-160000.1.1
* qemu-ipxe-10.0.11-160000.1.1
* qemu-seabios-10.0.111.16.3_3_g3d33c746-160000.1.1
* qemu-doc-10.0.11-160000.1.1
* qemu-microvm-10.0.11-160000.1.1
* qemu-vgabios-10.0.111.16.3_3_g3d33c746-160000.1.1
* qemu-lang-10.0.11-160000.1.1
* SUSE Linux Enterprise Server 16.0 (x86_64)
* qemu-vmsr-helper-10.0.11-160000.1.1
* qemu-vmsr-helper-debuginfo-10.0.11-160000.1.1
* SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64)
* qemu-ppc-10.0.11-160000.1.1
* qemu-audio-alsa-10.0.11-160000.1.1
* qemu-arm-debuginfo-10.0.11-160000.1.1
* qemu-ivshmem-tools-10.0.11-160000.1.1
* qemu-extra-10.0.11-160000.1.1
* qemu-img-debuginfo-10.0.11-160000.1.1
* qemu-hw-display-virtio-vga-10.0.11-160000.1.1
* qemu-debugsource-10.0.11-160000.1.1
* qemu-audio-oss-debuginfo-10.0.11-160000.1.1
* qemu-hw-display-virtio-gpu-debuginfo-10.0.11-160000.1.1
* qemu-audio-dbus-10.0.11-160000.1.1
* qemu-tools-10.0.11-160000.1.1
* qemu-debuginfo-10.0.11-160000.1.1
* qemu-arm-10.0.11-160000.1.1
* qemu-linux-user-10.0.11-160000.1.1
* qemu-s390x-10.0.11-160000.1.1
* qemu-10.0.11-160000.1.1
* qemu-hw-usb-smartcard-10.0.11-160000.1.1
* qemu-guest-agent-10.0.11-160000.1.1
* qemu-hw-display-virtio-gpu-pci-debuginfo-10.0.11-160000.1.1
* qemu-hw-s390x-virtio-gpu-ccw-10.0.11-160000.1.1
* qemu-audio-jack-10.0.11-160000.1.1
* qemu-vhost-user-gpu-10.0.11-160000.1.1
* qemu-hw-display-virtio-vga-debuginfo-10.0.11-160000.1.1
* qemu-block-iscsi-10.0.11-160000.1.1
* qemu-hw-usb-redirect-debuginfo-10.0.11-160000.1.1
* qemu-audio-dbus-debuginfo-10.0.11-160000.1.1
* qemu-hw-display-virtio-gpu-pci-10.0.11-160000.1.1
* qemu-block-nfs-debuginfo-10.0.11-160000.1.1
* qemu-extra-debuginfo-10.0.11-160000.1.1
* qemu-hw-s390x-virtio-gpu-ccw-debuginfo-10.0.11-160000.1.1
* qemu-audio-alsa-debuginfo-10.0.11-160000.1.1
* qemu-ksm-10.0.11-160000.1.1
* qemu-hw-display-virtio-gpu-10.0.11-160000.1.1
* qemu-hw-usb-redirect-10.0.11-160000.1.1
* qemu-x86-10.0.11-160000.1.1
* qemu-block-iscsi-debuginfo-10.0.11-160000.1.1
* qemu-vhost-user-gpu-debuginfo-10.0.11-160000.1.1
* qemu-s390x-debuginfo-10.0.11-160000.1.1
* qemu-block-curl-debuginfo-10.0.11-160000.1.1
* qemu-block-nfs-10.0.11-160000.1.1
* qemu-tools-debuginfo-10.0.11-160000.1.1
* qemu-ivshmem-tools-debuginfo-10.0.11-160000.1.1
* qemu-pr-helper-10.0.11-160000.1.1
* qemu-block-curl-10.0.11-160000.1.1
* qemu-block-dmg-10.0.11-160000.1.1
* qemu-hw-usb-host-10.0.11-160000.1.1
* qemu-x86-debuginfo-10.0.11-160000.1.1
* qemu-block-dmg-debuginfo-10.0.11-160000.1.1
* qemu-headless-10.0.11-160000.1.1
* qemu-ppc-debuginfo-10.0.11-160000.1.1
* qemu-block-ssh-10.0.11-160000.1.1
* qemu-guest-agent-debuginfo-10.0.11-160000.1.1
* qemu-block-ssh-debuginfo-10.0.11-160000.1.1
* qemu-linux-user-debuginfo-10.0.11-160000.1.1
* qemu-audio-oss-10.0.11-160000.1.1
* qemu-pr-helper-debuginfo-10.0.11-160000.1.1
* qemu-audio-jack-debuginfo-10.0.11-160000.1.1
* qemu-linux-user-debugsource-10.0.11-160000.1.1
* qemu-hw-usb-smartcard-debuginfo-10.0.11-160000.1.1
* qemu-img-10.0.11-160000.1.1
* qemu-hw-usb-host-debuginfo-10.0.11-160000.1.1
* SUSE Linux Enterprise Server for SAP applications 16.0 (noarch)
* qemu-vgabios-10.0.111.16.3_3_g3d33c746-160000.1.1
* qemu-SLOF-10.0.11-160000.1.1
* qemu-skiboot-10.0.11-160000.1.1
* qemu-ipxe-10.0.11-160000.1.1
* qemu-doc-10.0.11-160000.1.1
* qemu-seabios-10.0.111.16.3_3_g3d33c746-160000.1.1
* qemu-microvm-10.0.11-160000.1.1
* qemu-lang-10.0.11-160000.1.1
* SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64)
* qemu-vmsr-helper-debuginfo-10.0.11-160000.1.1
* qemu-vmsr-helper-10.0.11-160000.1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-3886.html
* https://www.suse.com/security/cve/CVE-2026-48004.html
* https://www.suse.com/security/cve/CVE-2026-48914.html
* https://bugzilla.suse.com/show_bug.cgi?id=1199023
* https://bugzilla.suse.com/show_bug.cgi?id=1268061
* https://bugzilla.suse.com/show_bug.cgi?id=1268279
* https://bugzilla.suse.com/show_bug.cgi?id=1268794
* https://bugzilla.suse.com/show_bug.cgi?id=1270133
* https://jira.suse.com/browse/PED-9266
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260714/bacc790e/attachment.htm>
More information about the sle-updates
mailing list