CVE-2025-12464 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-12464 PUBLISHED CVSS 6.199999809265137 MEDIUM

A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This could lead to a buffer overrun in the e1000_receive_iov() function via the loopback code path. A malicious guest user could use this vulnerability to crash the QEMU process on the host, resulting in a denial of service.

EPSS 0.04% · 12.1th percentile

Risk Scores

CVSS v3.1

6.199999809265137

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.04%

12.1th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Enterprise Linux 10
Red Hat	Red Hat Enterprise Linux 7
Red Hat	Red Hat Enterprise Linux 9
		8.1.0
Red Hat	Red Hat OpenShift Container Platform 4
Red Hat	Red Hat Enterprise Linux 6
Red Hat	Red Hat Enterprise Linux 8
Red Hat	Red Hat Enterprise Linux 7

Timeline

Oct 31, 2025 Coalition ESS Score
Oct 31, 2025 CVE Published
Nov 1, 2025 EPSS Score
Nov 2, 2025 Coalition ESS Score
Nov 4, 2025 Coalition ESS Score
Nov 6, 2025 EPSS Score
Nov 7, 2025 Coalition ESS Score
Nov 11, 2025 EPSS Score
Nov 16, 2025 EPSS Score
Nov 21, 2025 EPSS Score
Nov 26, 2025 EPSS Score
Dec 1, 2025 EPSS Score

References

https://access.redhat.com/security/cve/CVE-2025-12464 vdb
RHBZ#2408845 issue
https://nvd.nist.gov/vuln/detail/CVE-2025-12464 advisory

Open in Interactive Console →