CVE-2025-12464 in QEMUinfo

Zusammenfassung

von MITRE • 01.11.2025

A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This could lead to a buffer overrun in the e1000_receive_iov() function via the loopback code path. A malicious guest user could use this vulnerability to crash the QEMU process on the host, resulting in a denial of service.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Veröffentlichung

01.11.2025

Moderieren

akzeptiert

Eintrag

VDB-330820

CPE

bereit

CWE

CWE-121 (bestätigt)

CVSS

6.2 (CNA)

EPSS

0.00038

KEV

nein

Aktivitäten

very low

Sektor

Energy, Industry, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-12464
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-12464
CVE Details	https://www.cvedetails.com/cve/CVE-2025-12464/

◂ Zurück Übersicht Weiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!