qemu (SUSE:Linux Micro 6.0) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Micro 6.0 package qemu, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (13)
CVE-2024-3446 — CVSS 8.2 (high): A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard…
CVE-2024-4467 — CVSS 7.8 (high): A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value…
CVE-2025-11234 — CVSS 7.5 (high): A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This…
CVE-2024-7409 — CVSS 7.5 (high): A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during…
CVE-2026-0665 — CVSS 6.5 (medium): An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses…
CVE-2025-12464 — CVSS 6.2 (medium): A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual…
CVE-2024-26328 — CVSS 6.0 (medium): An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and…
CVE-2024-3447 — CVSS 6.0 (medium): A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size…
CVE-2024-4693 — CVSS 5.5 (medium): A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the…
CVE-2024-3567 — CVSS 5.5 (medium): A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to…
CVE-2025-14876 — CVSS 5.5 (medium): A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER…
CVE-2024-8354 — CVSS 5.5 (medium): A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB…
CVE-2024-8612 — CVSS 3.8 (low): A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in…