Home > Vulnerability Database > CVE-2025-12464

Mend.io Vulnerability Database

CVE-2025-12464

Good to know:

Date: October 31, 2025

A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This could lead to a buffer overrun in the e1000_receive_iov() function via the loopback code path. A malicious guest user could use this vulnerability to crash the QEMU process on the host, resulting in a denial of service.

Severity Score

6.2

Related Resources (5)

Url: https://access.redhat.com/security/cve/CVE-2025-12464

Url: https://lore.kernel.org/qemu-devel/20251028160042.3321933-1-peter.maydell@linaro.org/T/#u

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-12464

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2408845

Url: https://www.mend.io/vulnerability-database/CVE-2025-12464

Severity Score

6.2

Weakness Type (CWE)

Stack-based Buffer Overflow

CWE-121

CVSS v3.1

Base Score:	6.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-12464

Good to know:

Date: October 31, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?