qemu (SUSE:Linux Enterprise Module for Basesystem 15 SP7) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Basesystem 15 SP7 package qemu, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2025-11234 — CVSS 7.5 (high): A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This…
CVE-2026-3195 — CVSS 7.4 (high): A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pcm_in_cb` function did not…
CVE-2026-0665 — CVSS 6.5 (medium): An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses…
CVE-2025-12464 — CVSS 6.2 (medium): A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual…
CVE-2025-14876 — CVSS 5.5 (medium): A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER…
CVE-2026-3196 — CVSS 5.5 (medium): An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide…
CVE-2026-2243 — CVSS 5.1 (medium): A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a…