CVE-2025-12464: Stack-based Buffer Overflow
A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This could lead to a buffer overrun in the e1000_receive_iov() function via the loopback code path. A malicious guest user could use this vulnerability to crash the QEMU process on the host, resulting in a denial of service.
AI Analysis
Technical Summary
This vulnerability involves a stack-based buffer overflow in the QEMU e1000 network device's receive code, specifically in the e1000_receive_iov() function when handling short frames in loopback mode. The code for padding short frames was moved to the net core, but the e1000 device still processes short frames, causing a buffer overrun. Exploitation by a malicious guest user can crash the QEMU process on the host, resulting in denial of service. The CVSS 3.1 score is 6.2 (medium severity) with attack vector local, low attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality or integrity impact, and high availability impact.
Potential Impact
The vulnerability allows a malicious guest user to cause a denial of service by crashing the QEMU process on the host through a stack-based buffer overflow in the e1000 network device's receive code. There is no impact on confidentiality or integrity. No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2025-12464 for current remediation guidance. Until an official fix is confirmed, consider restricting untrusted guest access or disabling the affected network device if feasible to reduce risk.
CVE-2025-12464: Stack-based Buffer Overflow
Description
A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This could lead to a buffer overrun in the e1000_receive_iov() function via the loopback code path. A malicious guest user could use this vulnerability to crash the QEMU process on the host, resulting in a denial of service.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a stack-based buffer overflow in the QEMU e1000 network device's receive code, specifically in the e1000_receive_iov() function when handling short frames in loopback mode. The code for padding short frames was moved to the net core, but the e1000 device still processes short frames, causing a buffer overrun. Exploitation by a malicious guest user can crash the QEMU process on the host, resulting in denial of service. The CVSS 3.1 score is 6.2 (medium severity) with attack vector local, low attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality or integrity impact, and high availability impact.
Potential Impact
The vulnerability allows a malicious guest user to cause a denial of service by crashing the QEMU process on the host through a stack-based buffer overflow in the e1000 network device's receive code. There is no impact on confidentiality or integrity. No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2025-12464 for current remediation guidance. Until an official fix is confirmed, consider restricting untrusted guest access or disabling the affected network device if feasible to reduce risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2025-10-29T11:52:28.148Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2025-12464","vendor":"Red Hat"}]
Threat ID: 6905290a5a7d71ee5de3edbb
Added to database: 10/31/2025, 9:24:26 PM
Last enriched: 5/7/2026, 1:46:27 AM
Last updated: 5/10/2026, 5:00:14 AM
Views: 216
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.