SUSE-SU-2026:22576-1: important: Security update for qemu

SLE-UPDATES null at suse.de
Tue Jul 14 16:31:57 UTC 2026


# Security update for qemu

Announcement ID: SUSE-SU-2026:22576-1  
Release Date: 2026-07-07T17:20:48Z  
Rating: important  
References:

  * bsc#1199023
  * bsc#1268061
  * bsc#1268279
  * bsc#1268794
  * bsc#1270133
  * jsc#PED-9266

  
Cross-References:

  * CVE-2026-3886
  * CVE-2026-48004
  * CVE-2026-48914

  
CVSS scores:

  * CVE-2026-3886 ( SUSE ):  8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  * CVE-2026-48004 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-48914 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H
  * CVE-2026-48914 ( NVD ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H

  
Affected Products:

  * SUSE Linux Enterprise Server 16.0
  * SUSE Linux Enterprise Server for SAP applications 16.0

  
  
An update that solves three vulnerabilities, contains one feature and has two
fixes can now be installed.

## Description:

This update for qemu fixes the following issues:

Update to version 10.0.11.

Security issues fixed:

  * CVE-2026-3886: integer overflow leading to privilege escalation due to lack
    of proper validation of user-supplied data in the virtio-gpu driver
    (bsc#1268061).
  * CVE-2026-48914: heap buffer overflow due to improper size validation in
    virtio-blk SCSI request handling (bsc#1268794).
  * CVE-2026-48004: heap use-after-free race condition due to missing rename
    lock in v9fs_co_readdir_many (bsc#1270133).

Other updates and bugfixes:

  * Version 10.0.11:
  * Full backport list here: https://lore.kernel.org/qemu-
    devel/20260627082646.D825717AB67 at think4mjt.localdomain/
  * Version 10.0.10:
  * Full backport list here: https://lore.kernel.org/qemu-
    devel/20260528061820.CEE521691A9 at think4mjt.localdomain/
  * ppc/spapr: Skip system reset for quiesced CPUs (bsc#1268279).
  * i386/tdx: handle TDG.VP.VMCALL <GetQuote> (jsc#PED-9266).
  * i386/tdx: handle TDG.VP.VMCALL <GetTdVmCallInfo> (jsc#PED-9266).
  * update Linux headers to v6.16-rc3 (jsc#PED-9266).
  * i386/cpu: Warn about why CPUID_EXT_PDCM is not available (jsc#PED-9266).
  * i386/cpu: Move adjustment of CPUID_EXT_PDCM before feature_dependencies[]
    check (jsc#PED-9266).
  * [openSUSE] qemu-ga: fix service file against no-autostart (bsc#1199023).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Server for SAP applications 16.0  
    zypper in -t patch SUSE-SLES-16.0-1174=1

  * SUSE Linux Enterprise Server 16.0  
    zypper in -t patch SUSE-SLES-16.0-1174=1

## Package List:

  * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64)
    * qemu-ppc-10.0.11-160000.1.1
    * qemu-audio-alsa-10.0.11-160000.1.1
    * qemu-arm-debuginfo-10.0.11-160000.1.1
    * qemu-ivshmem-tools-10.0.11-160000.1.1
    * qemu-extra-10.0.11-160000.1.1
    * qemu-img-debuginfo-10.0.11-160000.1.1
    * qemu-hw-display-virtio-vga-10.0.11-160000.1.1
    * qemu-debugsource-10.0.11-160000.1.1
    * qemu-audio-oss-debuginfo-10.0.11-160000.1.1
    * qemu-hw-display-virtio-gpu-debuginfo-10.0.11-160000.1.1
    * qemu-audio-dbus-10.0.11-160000.1.1
    * qemu-tools-10.0.11-160000.1.1
    * qemu-debuginfo-10.0.11-160000.1.1
    * qemu-arm-10.0.11-160000.1.1
    * qemu-linux-user-10.0.11-160000.1.1
    * qemu-s390x-10.0.11-160000.1.1
    * qemu-10.0.11-160000.1.1
    * qemu-hw-usb-smartcard-10.0.11-160000.1.1
    * qemu-guest-agent-10.0.11-160000.1.1
    * qemu-hw-display-virtio-gpu-pci-debuginfo-10.0.11-160000.1.1
    * qemu-vhost-user-gpu-10.0.11-160000.1.1
    * qemu-block-iscsi-10.0.11-160000.1.1
    * qemu-headless-10.0.11-160000.1.1
    * qemu-audio-jack-10.0.11-160000.1.1
    * qemu-hw-s390x-virtio-gpu-ccw-10.0.11-160000.1.1
    * qemu-hw-display-virtio-vga-debuginfo-10.0.11-160000.1.1
    * qemu-hw-usb-redirect-debuginfo-10.0.11-160000.1.1
    * qemu-audio-dbus-debuginfo-10.0.11-160000.1.1
    * qemu-extra-debuginfo-10.0.11-160000.1.1
    * qemu-hw-display-virtio-gpu-pci-10.0.11-160000.1.1
    * qemu-block-nfs-debuginfo-10.0.11-160000.1.1
    * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-10.0.11-160000.1.1
    * qemu-audio-alsa-debuginfo-10.0.11-160000.1.1
    * qemu-ksm-10.0.11-160000.1.1
    * qemu-hw-display-virtio-gpu-10.0.11-160000.1.1
    * qemu-hw-usb-redirect-10.0.11-160000.1.1
    * qemu-x86-10.0.11-160000.1.1
    * qemu-vhost-user-gpu-debuginfo-10.0.11-160000.1.1
    * qemu-block-nfs-10.0.11-160000.1.1
    * qemu-block-curl-debuginfo-10.0.11-160000.1.1
    * qemu-s390x-debuginfo-10.0.11-160000.1.1
    * qemu-block-iscsi-debuginfo-10.0.11-160000.1.1
    * qemu-tools-debuginfo-10.0.11-160000.1.1
    * qemu-ivshmem-tools-debuginfo-10.0.11-160000.1.1
    * qemu-pr-helper-10.0.11-160000.1.1
    * qemu-block-dmg-10.0.11-160000.1.1
    * qemu-block-curl-10.0.11-160000.1.1
    * qemu-x86-debuginfo-10.0.11-160000.1.1
    * qemu-hw-usb-host-10.0.11-160000.1.1
    * qemu-block-dmg-debuginfo-10.0.11-160000.1.1
    * qemu-ppc-debuginfo-10.0.11-160000.1.1
    * qemu-block-ssh-debuginfo-10.0.11-160000.1.1
    * qemu-linux-user-debuginfo-10.0.11-160000.1.1
    * qemu-block-ssh-10.0.11-160000.1.1
    * qemu-audio-oss-10.0.11-160000.1.1
    * qemu-guest-agent-debuginfo-10.0.11-160000.1.1
    * qemu-audio-jack-debuginfo-10.0.11-160000.1.1
    * qemu-pr-helper-debuginfo-10.0.11-160000.1.1
    * qemu-linux-user-debugsource-10.0.11-160000.1.1
    * qemu-hw-usb-smartcard-debuginfo-10.0.11-160000.1.1
    * qemu-img-10.0.11-160000.1.1
    * qemu-hw-usb-host-debuginfo-10.0.11-160000.1.1
  * SUSE Linux Enterprise Server 16.0 (noarch)
    * qemu-SLOF-10.0.11-160000.1.1
    * qemu-skiboot-10.0.11-160000.1.1
    * qemu-ipxe-10.0.11-160000.1.1
    * qemu-seabios-10.0.111.16.3_3_g3d33c746-160000.1.1
    * qemu-doc-10.0.11-160000.1.1
    * qemu-microvm-10.0.11-160000.1.1
    * qemu-vgabios-10.0.111.16.3_3_g3d33c746-160000.1.1
    * qemu-lang-10.0.11-160000.1.1
  * SUSE Linux Enterprise Server 16.0 (x86_64)
    * qemu-vmsr-helper-10.0.11-160000.1.1
    * qemu-vmsr-helper-debuginfo-10.0.11-160000.1.1
  * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64)
    * qemu-ppc-10.0.11-160000.1.1
    * qemu-audio-alsa-10.0.11-160000.1.1
    * qemu-arm-debuginfo-10.0.11-160000.1.1
    * qemu-ivshmem-tools-10.0.11-160000.1.1
    * qemu-extra-10.0.11-160000.1.1
    * qemu-img-debuginfo-10.0.11-160000.1.1
    * qemu-hw-display-virtio-vga-10.0.11-160000.1.1
    * qemu-debugsource-10.0.11-160000.1.1
    * qemu-audio-oss-debuginfo-10.0.11-160000.1.1
    * qemu-hw-display-virtio-gpu-debuginfo-10.0.11-160000.1.1
    * qemu-audio-dbus-10.0.11-160000.1.1
    * qemu-tools-10.0.11-160000.1.1
    * qemu-debuginfo-10.0.11-160000.1.1
    * qemu-arm-10.0.11-160000.1.1
    * qemu-linux-user-10.0.11-160000.1.1
    * qemu-s390x-10.0.11-160000.1.1
    * qemu-10.0.11-160000.1.1
    * qemu-hw-usb-smartcard-10.0.11-160000.1.1
    * qemu-guest-agent-10.0.11-160000.1.1
    * qemu-hw-display-virtio-gpu-pci-debuginfo-10.0.11-160000.1.1
    * qemu-hw-s390x-virtio-gpu-ccw-10.0.11-160000.1.1
    * qemu-audio-jack-10.0.11-160000.1.1
    * qemu-vhost-user-gpu-10.0.11-160000.1.1
    * qemu-hw-display-virtio-vga-debuginfo-10.0.11-160000.1.1
    * qemu-block-iscsi-10.0.11-160000.1.1
    * qemu-hw-usb-redirect-debuginfo-10.0.11-160000.1.1
    * qemu-audio-dbus-debuginfo-10.0.11-160000.1.1
    * qemu-hw-display-virtio-gpu-pci-10.0.11-160000.1.1
    * qemu-block-nfs-debuginfo-10.0.11-160000.1.1
    * qemu-extra-debuginfo-10.0.11-160000.1.1
    * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-10.0.11-160000.1.1
    * qemu-audio-alsa-debuginfo-10.0.11-160000.1.1
    * qemu-ksm-10.0.11-160000.1.1
    * qemu-hw-display-virtio-gpu-10.0.11-160000.1.1
    * qemu-hw-usb-redirect-10.0.11-160000.1.1
    * qemu-x86-10.0.11-160000.1.1
    * qemu-block-iscsi-debuginfo-10.0.11-160000.1.1
    * qemu-vhost-user-gpu-debuginfo-10.0.11-160000.1.1
    * qemu-s390x-debuginfo-10.0.11-160000.1.1
    * qemu-block-curl-debuginfo-10.0.11-160000.1.1
    * qemu-block-nfs-10.0.11-160000.1.1
    * qemu-tools-debuginfo-10.0.11-160000.1.1
    * qemu-ivshmem-tools-debuginfo-10.0.11-160000.1.1
    * qemu-pr-helper-10.0.11-160000.1.1
    * qemu-block-curl-10.0.11-160000.1.1
    * qemu-block-dmg-10.0.11-160000.1.1
    * qemu-hw-usb-host-10.0.11-160000.1.1
    * qemu-x86-debuginfo-10.0.11-160000.1.1
    * qemu-block-dmg-debuginfo-10.0.11-160000.1.1
    * qemu-headless-10.0.11-160000.1.1
    * qemu-ppc-debuginfo-10.0.11-160000.1.1
    * qemu-block-ssh-10.0.11-160000.1.1
    * qemu-guest-agent-debuginfo-10.0.11-160000.1.1
    * qemu-block-ssh-debuginfo-10.0.11-160000.1.1
    * qemu-linux-user-debuginfo-10.0.11-160000.1.1
    * qemu-audio-oss-10.0.11-160000.1.1
    * qemu-pr-helper-debuginfo-10.0.11-160000.1.1
    * qemu-audio-jack-debuginfo-10.0.11-160000.1.1
    * qemu-linux-user-debugsource-10.0.11-160000.1.1
    * qemu-hw-usb-smartcard-debuginfo-10.0.11-160000.1.1
    * qemu-img-10.0.11-160000.1.1
    * qemu-hw-usb-host-debuginfo-10.0.11-160000.1.1
  * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch)
    * qemu-vgabios-10.0.111.16.3_3_g3d33c746-160000.1.1
    * qemu-SLOF-10.0.11-160000.1.1
    * qemu-skiboot-10.0.11-160000.1.1
    * qemu-ipxe-10.0.11-160000.1.1
    * qemu-doc-10.0.11-160000.1.1
    * qemu-seabios-10.0.111.16.3_3_g3d33c746-160000.1.1
    * qemu-microvm-10.0.11-160000.1.1
    * qemu-lang-10.0.11-160000.1.1
  * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64)
    * qemu-vmsr-helper-debuginfo-10.0.11-160000.1.1
    * qemu-vmsr-helper-10.0.11-160000.1.1

## References:

  * https://www.suse.com/security/cve/CVE-2026-3886.html
  * https://www.suse.com/security/cve/CVE-2026-48004.html
  * https://www.suse.com/security/cve/CVE-2026-48914.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1199023
  * https://bugzilla.suse.com/show_bug.cgi?id=1268061
  * https://bugzilla.suse.com/show_bug.cgi?id=1268279
  * https://bugzilla.suse.com/show_bug.cgi?id=1268794
  * https://bugzilla.suse.com/show_bug.cgi?id=1270133
  * https://jira.suse.com/browse/PED-9266

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260714/bacc790e/attachment.htm>


More information about the sle-updates mailing list