CVE-2025-54566

Name of the Vulnerable Software and Affected Versions: QEMU versions through 10.0.3 QEMU version 7.2+dfsg-7+deb12u15 QEMU version 10.0.2+ds-2+deb13u1

Description: QEMU contains a migration state inconsistency related to SR-IOV. Additionally, the update removes the usage of the C (Credential) flag for the binfmt misc registration within the qemu-user package, which previously allowed for privilege escalation when running a suid/sgid binary under qemu-user. This affected cloud, virtualization, and container security.

Recommendations: QEMU versions through 10.0.3: Upgrade to a newer version. QEMU version 7.2+dfsg-7+deb12u15: Upgrade to a newer version. QEMU version 10.0.2+ds-2+deb13u1: Upgrade to a newer version. If you previously relied on running suid/sgid foreign-architecture binaries under qemu-user, adjust your deployment accordingly.