Main Vulnerability Database SB2026012391

SB2026012391 - SUSE update for libvirt

Published: January 23, 2026

Security Bulletin ID SB2026012391

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Resource exhaustion (CVE-ID: CVE-2025-12748)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling XML files. A remote user can pass a specially crafted XML file to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.

2) Incorrect default permissions (CVE-ID: CVE-2025-13193)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to external inactive snapshots for shut-down VMs are incorrectly created as world-readable. A remote user can inspect the guest OS contents.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2026/suse-su-20260279-1/