Source: qemu Version: 1:10.0.2+ds-2 Severity: important Tags: security upstream Forwarded: https://lore.kernel.org/qemu-devel/[email protected]/ X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerabilities were published for qemu. CVE-2025-54566[0]: | hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state | inconsistency, a related issue to CVE-2024-26327. CVE-2025-54567[1]: | hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable | bit write mask, a related issue to CVE-2024-26327. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-54566 https://www.cve.org/CVERecord?id=CVE-2025-54566 [1] https://security-tracker.debian.org/tracker/CVE-2025-54567 https://www.cve.org/CVERecord?id=CVE-2025-54567 [2] https://lore.kernel.org/qemu-devel/[email protected]/ Regards, Salvatore
