VF Enable Bit Write Mask Vulnerability in QEMU by Red Hat
CVE-2025-54567

4.2MEDIUM

Key Information:

Vendor: Qemu
Status: Qemu
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-54567?

A vulnerability exists in QEMU versions prior to 10.0.3, where the VF Enable bit write mask is mishandled in the hw/pci/pcie_sriov.c file. This flaw can lead to potential exploitation, affecting the overall security integrity of systems running the software. This issue is related to a previous concern identified in CVE-2024-26327, emphasizing the need for urgent updates to maintain system defenses against possible attacks.

Affected Version(s)

QEMU 10.0.0 <= 10.0.3

References

https://lore.kernel.org/qemu-devel/20250713-wmask-v1-1-4c...

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Jul 25, 2025

Qemu

What is CVE-2025-54567?

Affected Version(s)

References

CVSS V3.1

Timeline