CVE-2025-12464

CVSS v2.0

7.7

High

Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description A stack-based buffer overflow exists in the QEMU e1000 network device. The issue is due to the device’s receive code still processing short frames in loopback mode, despite the padding code being moved. This can lead to a buffer overrun in the e1000 receive iov() function through the loopback code path. A malicious guest user could exploit this to crash the QEMU process on the host, resulting in a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

AZL-69631

BDU:2026-00527

CVE-2025-12464

OESA-2026-1351

OESA-2026-1353

OESA-2026-1354

OESA-2026-1355

OESA-2026-1848

OPENSUSE-SU-2025:15821-1

OPENSUSE-SU-2025:20171-1

SUSE-SU-2025:21230-1

SUSE-SU-2025:21233-1

SUSE-SU-2026:0022-1

SUSE-SU-2026:0039-1

SUSE-SU-2026:0043-1

SUSE-SU-2026:0288-1

SUSE-SU-2026:20008-1

SUSE-SU-2026:20038-1

USN-8073-1

Affected Products

Debian

Linuxmint

Qemu

Ubuntu

CVE-2025-12464

Weakness Enumeration

Related Identifiers

Affected Products

References · 71