CVE-2025-12464

Advisory lineage Upstream: 0 Downstream: 13

Downstream

DEBIAN-CVE-2025-12464 OPENSUSE-SU-2025:15821-1 OPENSUSE-SU-2025:20171-1 SUSE-SU-2025:21230-1 SUSE-SU-2025:21233-1 SUSE-SU-2026:0022-1

Deferred

Published: 31 Oct 2025, 21:15

Last modified:06 May 2026, 15:30

Vulnerability Summary

Overall Risk (default)

medium

25/100

CVSS Score

6.2 MEDIUM

v3.1 (cve.org)

EPSS Score

0.04% LOW

0% probability +0.01%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

31 Oct 2025, 21:15

Published

Vulnerability first disclosed

06 May 2026, 15:30

Last Modified

Vulnerability information updated

Description

A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This could lead to a buffer overrun in the e1000_receive_iov() function via the loopback code path. A malicious guest user could use this vulnerability to crash the QEMU process on the host, resulting in a denial of service.

CVSS Metrics

v3.1•MEDIUM•Score: 6.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.04%• Percentile: 12%

Techniques & Countermeasures

CWE-121•Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).