Critical Denial of Service Vulnerabilities in SUSE Linux QEMU

SUSE Linux has released updates addressing multiple vulnerabilities in QEMU, affecting versions of SUSE Linux Micro 6.0 and 6.1. Key vulnerabilities include CVE-2025-14876, CVE-2026-0665, CVE-2026-2243, CVE-2026-3195, and CVE-2026-3196. These vulnerabilities can lead to denial of service, memory corruption, and information leaks when processing specially crafted files. The flaws are particularly concerning due to their potential for unbounded memory allocation and heap buffer overflows. Users are advised to apply the patches immediately to mitigate risks. The vulnerabilities were published between February 18 and February 19, 2026, with the updates released on May 28 and June 1, 2026. Affected systems include various configurations of SUSE Linux Micro.

Key Points: • Multiple critical vulnerabilities in QEMU affect SUSE Linux Micro 6.0 and 6.1. • CVE-2026-0665 and CVE-2026-3196 can lead to denial of service and memory corruption. • Patches were released on May 28 and June 1, 2026; immediate application is recommended.