CVE-2025-12464

EUVD-2025-37403

31.10.2025, 22:15

A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This could lead to a buffer overrun in the e1000_receive_iov() function via the loopback code path. A malicious guest user could use this vulnerability to crash the QEMU process on the host, resulting in a denial of service.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.2 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhat	CNA	6.2 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Debian Releases

Debian Product

Codename

qemu

bookworm	1:7.2+dfsg-7+deb12u18 not-affected
bookworm (security)	1:7.2+dfsg-7+deb12u15 fixed
bullseye	1:5.2+dfsg-11+deb11u3 not-affected
bullseye (security)	1:5.2+dfsg-11+deb11u5 fixed
forky	1:10.2.0+ds-2 fixed
sid	1:10.2.1+ds-1 fixed
trixie	1:10.0.7+ds-0+deb13u1 fixed
trixie (security)	vulnerable

Ubuntu Releases

Ubuntu Product

Codename

qemu

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	needed
plucky	ignored
questing	needed
trusty	not-affected
xenial	not-affected

Common Weakness Enumeration

CWE-121 - Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References

https://access.redhat.com/security/cve/CVE-2025-12464

https://bugzilla.redhat.com/show_bug.cgi?id=2408845