CVE-2025-12464
BaseFortify
Publication date: 2025-10-31
Last updated on: 2026-05-06
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qemu | qemu | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in the QEMU-KVM e1000 network device. It happens because the code that pads short network frames was moved to the core network code, but the e1000 device's receive function still processes short frames in loopback mode without proper handling. This leads to a buffer overrun in the e1000_receive_iov() function when processing these short frames, which can be exploited by a malicious guest user to crash the QEMU process on the host. [1]
How can this vulnerability impact me? :
Exploiting this vulnerability allows a malicious guest user to cause the QEMU process on the host to crash, resulting in a denial of service (DoS). This means that the host system running QEMU-KVM could become unavailable or unstable due to the crash triggered by the buffer overflow. [1]