Detections
Analytics

openSUSE 16 Security Update : qemu (openSUSE-SU-2025:20171-1)

high Nessus Plugin ID 279668

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20171-1 advisory.

 Update to version 10.0.7.

 Security issues fixed:

 - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host (bsc#1253002).
 - CVE-2025-11234: use-after-free in WebSocket handshake operations can be exploited by a malicious client with network access to the VNC WebSocket port to cause a denial-of-service (bsc#1250984).

 Other updates and bugfixes:

 - Version 10.0.7:
 * kvm: Fix kvm_vm_ioctl() and kvm_device_ioctl() return value
 * docs/devel: Update URL for make-pullreq script
 * target/arm: Fix assert on BRA.
 * hw/aspeed/{xdma, rtc, sdhci}: Fix endianness to DEVICE_LITTLE_ENDIAN
 * hw/core/machine: Provide a description for aux-ram-share property
 * hw/pci: Make msix_init take a uint32_t for nentries
 * block/io_uring: avoid potentially getting stuck after resubmit at the end of ioq_submit()
 * block-backend: Fix race when resuming queued requests
 * ui/vnc: Fix qemu abort when query vnc info
 * chardev/char-pty: Do not ignore chr_write() failures
 * hw/display/exynos4210_fimd: Account for zero length in fimd_update_memory_section()
 * hw/arm/armv7m: Disable reentrancy guard for v7m_sysreg_ns_ops MRs
 * hw/arm/aspeed: Fix missing SPI IRQ connection causing DMA interrupt failure
 * migration: Fix transition to COLO state from precopy
 * Full backport list: https://lore.kernel.org/qemu- devel/[email protected]/

 - Version 10.0.6:
 * linux-user/microblaze: Fix little-endianness binary
 * target/hppa: correct size bit parity for fmpyadd
 * target/i386: user: do not set up a valid LDT on reset
 * async: access bottom half flags with qatomic_read
 * target/i386: fix x86_64 pushw op
 * i386/tcg/smm_helper: Properly apply DR values on SMM entry / exit
 * i386/cpu: Prevent delivering SIPI during SMM in TCG mode
 * i386/kvm: Expose ARCH_CAP_FB_CLEAR when invulnerable to MDS
 * target/i386: Fix CR2 handling for non-canonical addresses
 * block/curl.c: Use explicit long constants in curl_easy_setopt calls
 * pcie_sriov: Fix broken MMIO accesses from SR-IOV VFs
 * target/riscv: rvv: Fix vslide1[up|down].vx unexpected result when XLEN2 and SEWd
 * target/riscv: Fix ssamoswap error handling
 * Full backport list: https://lore.kernel.org/qemu-devel/[email protected]/

 - Version 10.0.5:
 * tests/functional/test_aarch64_sbsaref_freebsd: Fix the URL of the ISO image
 * tests/functional/test_ppc_bamboo: Replace broken link with working assets
 * physmem: Destroy all CPU AddressSpaces on unrealize
 * memory: New AS helper to serialize destroy+free
 * include/system/memory.h: Clarify address_space_destroy() behaviour
 * migration: Fix state transition in postcopy_start() error handling
 * target/riscv: rvv: Modify minimum VLEN according to enabled vector extensions
 * target/riscv: rvv: Replace checking V by checking Zve32x
 * target/riscv: Fix endianness swap on compressed instructions
 * hw/riscv/riscv-iommu: Fixup PDT Nested Walk
 * Full backport list: https://lore.kernel.org/qemu-devel/[email protected]/

 - [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286).
 - [openSUSE][RPM] spec: make glusterfs support conditional (bsc#1254494).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1230042

https://bugzilla.suse.com/1250984

https://bugzilla.suse.com/1253002

https://bugzilla.suse.com/1254286

https://bugzilla.suse.com/1254494

https://www.suse.com/security/cve/CVE-2025-11234

https://www.suse.com/security/cve/CVE-2025-12464

Plugin Details

Severity: High

ID: 279668

File Name: openSUSE-2025-20171-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 12/24/2025

Updated: 12/24/2025

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2025-12464

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2025-11234

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:qemu-block-iscsi, p-cpe:/a:novell:opensuse:qemu-seabios, p-cpe:/a:novell:opensuse:qemu-ui-gtk, p-cpe:/a:novell:opensuse:qemu-block-ssh, p-cpe:/a:novell:opensuse:qemu-vgabios, p-cpe:/a:novell:opensuse:qemu-hw-display-virtio-gpu-pci, p-cpe:/a:novell:opensuse:qemu-hw-usb-host, p-cpe:/a:novell:opensuse:qemu-ui-spice-app, p-cpe:/a:novell:opensuse:qemu-accel-qtest, p-cpe:/a:novell:opensuse:qemu-hw-usb-redirect, p-cpe:/a:novell:opensuse:qemu-lang, p-cpe:/a:novell:opensuse:qemu-ui-spice-core, p-cpe:/a:novell:opensuse:qemu-audio-spice, p-cpe:/a:novell:opensuse:qemu-ppc, p-cpe:/a:novell:opensuse:qemu-x86, p-cpe:/a:novell:opensuse:qemu-audio-pipewire, p-cpe:/a:novell:opensuse:qemu-headless, p-cpe:/a:novell:opensuse:qemu-audio-jack, p-cpe:/a:novell:opensuse:qemu-hw-display-virtio-vga, p-cpe:/a:novell:opensuse:qemu-s390x, p-cpe:/a:novell:opensuse:qemu-audio-oss, p-cpe:/a:novell:opensuse:qemu-chardev-spice, p-cpe:/a:novell:opensuse:qemu-extra, p-cpe:/a:novell:opensuse:qemu-skiboot, p-cpe:/a:novell:opensuse:qemu-img, cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:qemu-audio-alsa, p-cpe:/a:novell:opensuse:qemu-ivshmem-tools, p-cpe:/a:novell:opensuse:qemu-slof, p-cpe:/a:novell:opensuse:qemu-block-curl, p-cpe:/a:novell:opensuse:qemu-block-dmg, p-cpe:/a:novell:opensuse:qemu-block-nfs, p-cpe:/a:novell:opensuse:qemu-hw-usb-smartcard, p-cpe:/a:novell:opensuse:qemu-chardev-baum, p-cpe:/a:novell:opensuse:qemu-block-rbd, p-cpe:/a:novell:opensuse:qemu-ui-curses, p-cpe:/a:novell:opensuse:qemu-hw-s390x-virtio-gpu-ccw, p-cpe:/a:novell:opensuse:qemu-ui-opengl, p-cpe:/a:novell:opensuse:qemu-ipxe, p-cpe:/a:novell:opensuse:qemu-tools, p-cpe:/a:novell:opensuse:qemu-linux-user, p-cpe:/a:novell:opensuse:qemu-arm, p-cpe:/a:novell:opensuse:qemu-microvm, p-cpe:/a:novell:opensuse:qemu-vhost-user-gpu, p-cpe:/a:novell:opensuse:qemu-ksm, p-cpe:/a:novell:opensuse:qemu-hw-display-virtio-gpu, p-cpe:/a:novell:opensuse:qemu-hw-display-qxl, p-cpe:/a:novell:opensuse:qemu-pr-helper, p-cpe:/a:novell:opensuse:qemu-ui-dbus, p-cpe:/a:novell:opensuse:qemu-audio-pa, p-cpe:/a:novell:opensuse:qemu, p-cpe:/a:novell:opensuse:qemu-spice, p-cpe:/a:novell:opensuse:qemu-vmsr-helper, p-cpe:/a:novell:opensuse:qemu-guest-agent, p-cpe:/a:novell:opensuse:qemu-audio-dbus

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/18/2025

Vulnerability Publication Date: 10/3/2025

Reference Information

CVE: CVE-2025-11234, CVE-2025-12464