Stack-Based Buffer Overflow in QEMU e1000 Network Device by Red Hat
CVE-2025-12464

6.2MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
31 October 2025

What is CVE-2025-12464?

A vulnerability exists in the QEMU e1000 network device related to a stack-based buffer overflow. The issue arises when the padding code for short frames has been relocated from individual network device implementations to the core network code. Specifically, the device's receive function still processes short frames in loopback mode, potentially leading to a buffer overrun within the e1000_receive_iov() function. A guest user with malicious intent can exploit this vulnerability to crash the QEMU process on the host server, therefore causing a denial of service to the system.

References

https://access.redhat.com/security/cve/CVE-2025-12464
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2408845
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-12464 : Stack-Based Buffer Overflow in QEMU e1000 Network Device by Red Hat