CVE-2025-12464

EUVD-2025-37403

31.10.2025, 22:15

A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This could lead to a buffer overrun in the e1000_receive_iov() function via the loopback code path. A malicious guest user could use this vulnerability to crash the QEMU process on the host, resulting in a denial of service.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.2 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Debian Releases

Debian Product

Codename

qemu

bookworm	1:7.2+dfsg-7+deb12u18 fixed
bookworm (security)	1:7.2+dfsg-7+deb12u15 fixed
bullseye	1:5.2+dfsg-11+deb11u3 fixed
bullseye (security)	1:5.2+dfsg-11+deb11u5 fixed
forky	1:10.2.2+ds-1 fixed
sid	1:11.0.0+ds-2 fixed
trixie	1:10.0.8+ds-0+deb13u1 fixed
trixie (security)	vulnerable

Ubuntu Releases

Ubuntu Product

Codename

qemu

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	Fixed 1:8.2.2+ds-0ubuntu1.13 released
plucky	ignored
questing	Fixed 1:10.1.0+ds-5ubuntu2.4 released
trusty	not-affected
xenial	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

qemu

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-SLOF

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-accel-tcg-x86

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-arm

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-audio-alsa

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-audio-dbus

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-audio-pa

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-audio-pipewire

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-audio-spice

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-block-curl

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-block-iscsi

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-block-nfs

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-block-rbd

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-block-ssh

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-chardev-baum

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-chardev-spice

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-guest-agent

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-headless

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-hw-display-qxl

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-hw-display-virtio-gpu

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-hw-display-virtio-gpu-pci

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-hw-display-virtio-vga

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-hw-s390x-virtio-gpu-ccw

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-hw-usb-host

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-hw-usb-redirect

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-img

suse enterprise desktop 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-ipxe

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-ksm

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-kvm

suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed

qemu-lang

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-ppc

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-pr-helper

suse enterprise desktop 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-s390x

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-sgabios-8

suse enterprise sap 15 SP7	150500.49.36.2 fixed
suse enterprise server 15 SP4	150400.37.46.1 fixed
suse enterprise server 15 SP5	150500.49.36.2 fixed
suse enterprise server 15 SP7	150500.49.36.2 fixed

qemu-skiboot

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-spice

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-tools

suse enterprise desktop 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-ui-curses

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-ui-dbus

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-ui-gtk

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-ui-opengl

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-ui-spice-app

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-ui-spice-core

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-vmsr-helper

suse enterprise desktop 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

qemu-x86

suse enterprise sap 15 SP7	9.2.4-150700.3.11.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.46.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.36.2 fixed
suse enterprise server 15 SP6	8.2.10-150600.3.43.1 fixed
suse enterprise server 15 SP7	9.2.4-150700.3.11.1 fixed

Common Weakness Enumeration

CWE-121 - Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References

https://access.redhat.com/security/cve/CVE-2025-12464

https://bugzilla.redhat.com/show_bug.cgi?id=2408845

https://gitlab.com/qemu-project/qemu/-/issues/3043