CVE-2025-12464

A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This could lead to a buffer overrun in the e1000receiveiov() function via the loopback code path. A malicious guest user could use this vulnerability to crash the QEMU process on the host, resulting in a denial of service.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/12xxx/CVE-2025-12464.json",
    "cwe_ids": [
        "CWE-121"
    ],
    "cna_assigner": "redhat"
}

References

Affected packages

Git / gitlab.com/qemu-project/qemu

Affected ranges

Type

GIT

Repo

https://gitlab.com/qemu-project/qemu

Events

Introduced

7e5a8bb22368b3555644cb2debd3df24592f3a21

Fixed

93be9e6bd43e460a6d497aa96c282c5b5acf4d06

Database specific

{
    "extracted_events": [
        {
            "introduced": "8.1.0"
        },
        {
            "fixed": "10.1.3"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

v10.*

v10.0.0

v10.0.0-rc0

v10.0.0-rc1

v10.0.0-rc2

v10.0.0-rc3

v10.0.0-rc4

v10.1.0

v10.1.0-rc0

v10.1.0-rc1

v10.1.0-rc2

v10.1.0-rc3

v10.1.0-rc4

v10.1.1

v10.1.2

v8.*

v8.1.0

v8.2.0

v8.2.0-rc0

v8.2.0-rc1

v8.2.0-rc2

v8.2.0-rc3

v8.2.0-rc4

v9.*

v9.0.0

v9.0.0-rc0

v9.0.0-rc1

v9.0.0-rc2

v9.0.0-rc3

v9.0.0-rc4

v9.1.0

v9.1.0-rc0

v9.1.0-rc1

v9.1.0-rc2

v9.1.0-rc3

v9.1.0-rc4

v9.2.0

v9.2.0-rc0

v9.2.0-rc1

v9.2.0-rc2

v9.2.0-rc3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-12464.json"