CVE-2025-14876

Publication date 22 December 2025

Last updated 15 January 2026

Ubuntu priority

Why this priority?

Description

QEMU OOM on huge request from guest

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
qemu	25.10 questing	Vulnerable, fix deferred
	25.04 plucky	Ignored end of life, was deferred [2026-01-15]
	24.04 LTS noble	Vulnerable, fix deferred
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not affected

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

as of 2026-01-15, the proposed patch has not been commited into the qemu repository Issue introduced in 7.1.0 via: https://gitlab.com/qemu-project/qemu/-/commit/0e660a6f90abf8b517d7317595bcc8e8da31f2a1

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2025-14876
https://lore.kernel.org/qemu-devel/[email protected]/T/#u