CVE-2025-6603

Name of the Vulnerable Software and Affected Versions: coldfunction qCUDA up to db0085400c2f2011eed46fbc04fdc0873141688e

Description: A vulnerability was found in the function qcow make empty of the file qCUDA/qcu-device/block/qcow.c. The manipulation of the argument s->l1 size leads to integer overflow. The attack needs to be approached locally.

Recommendations: For coldfunction qCUDA up to db0085400c2f2011eed46fbc04fdc0873141688e, as a temporary workaround, consider restricting the use of the qcow make empty function until a fix is available. Additionally, be cautious when handling the s->l1 size argument to minimize the risk of integer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.