CVE-2024-26327 — Out-of-bounds Write in Qemu

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow CWE-642 — External Control of Critical State Data CWE-684 — Incorrect Provision of Specified Functionality CWE-120 — Classic Buffer Overflow23 documents8 sources

Severity

5.4MEDIUMNVD

NVD5.3CNA5.3OSV5.3

EPSS

0.2%

top 60.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu

Timeline

PublishedFeb 19

Latest updateJul 25

Description

An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages4 packages

▶Debianqemu/qemu< 1:7.2+dfsg-7+deb12u6+4

▶Ubuntuqemu/qemu< 1:8.2.2+ds-0ubuntu1.2

▶CVEListV5qemu/qemu10.0.0 — 10.0.3

▶NVDqemu/qemu7.1.0 — 8.2.1+1

Patches

Patch: lore.kernel.org ↗Patch: lore.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-399m-rf4f-w5x4: hw/pci/pcie_sriov↗2025-07-25

▶

GHSA

GHSA-c2q6-w8rj-wvhw: hw/pci/pcie_sriov↗2025-07-25

▶

OSV

CVE-2025-54566: hw/pci/pcie_sriov↗2025-07-25

▶

CVEList

CVE-2025-54567: hw/pci/pcie_sriov↗2025-07-25

▶

CVEList

CVE-2025-54566: hw/pci/pcie_sriov↗2025-07-25

▶

📋Vendor Advisories

Red Hat

qemu-kvm: QEMU SR-IOV Migration Inconsistency↗2025-07-25

▶

Red Hat

qemu-kvm: QEMU SR-IOV Enable Mask Vulnerability↗2025-07-25

▶

Microsoft

hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.↗2025-07-08

▶

Microsoft

hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.↗2025-07-08

▶

Debian

CVE-2025-54567: qemu - hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write ma...↗2025

▶