QEMU Security Update Fixes Memory Leaks and Adds New Features

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

QEMU Security Update Fixes Memory Leaks and Adds New Features

SUSE-SU-2026:0832-1

Summary

This update for QEMU fixes a security issue that could allow attackers to cause a denial of service. It also adds new features and improvements for systems running on the s390x architecture. We recommend installing the update to ensure your system remains secure and stable.

What to do

Update qemu to version 9.2.4-150700.3.17.1.
Update qemu-linux-user to version 9.2.4-150700.3.17.1.

Affected software

Vendor	Product	Affected versions	Fix available
–	qemu	<= 9.2.4-150700.3.17.1	9.2.4-150700.3.17.1
–	qemu	<= 9.2.4-150700.3.17.1	9.2.4-150700.3.17.1
–	qemu-linux-user	<= 9.2.4-150700.3.17.1	9.2.4-150700.3.17.1
–	qemu	<= 9.2.4-150700.3.17.1	9.2.4-150700.3.17.1

Original title

Security update for qemu

Original description

This update for qemu fixes the following issues:

Security issue:

- CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto (bsc#1255400).

Non security issues:

- * hw/virtio: Also include md stubs in case CONFIG_VIRTIO_PCI is not set (jsc#PED-14271).
- * s390x/pv: prepare for memory devices (jsc#PED-14271).
- * s390x/s390-skeys: prepare for memory devices (jsc#PED-14271).
- * s390x/s390-stattrib-kvm: prepare for memory devices and sparse memory layouts (jsc#PED-14271).
- * s390x/s390-virtio-ccw: prepare for memory devices (jsc#PED-14271).
- * s390x/virtio-ccw: add support for virtio based memory devices (jsc#PED-14271).
- * s390x: remember the maximum page size (jsc#PED-14271).
- * s390x: virtio-mem support (jsc#PED-14271).

https://www.suse.com/support/update/announcement/2026/suse-su-20260832-1/ Vendor Advisory
https://bugzilla.suse.com/1255400 Third Party Advisory
https://www.suse.com/security/cve/CVE-2025-14876 URL

Published: 5 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026