CVE-2025-54566External Control of Critical State Data in Qemu

CWE-642External Control of Critical State Data7 documents7 sources
Severity
5.4MEDIUMNVD
CNA5.3OSV5.3
EPSS
0.0%
top 99.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Qemu
Timeline
PublishedJul 25

Description

hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

Debianqemu/qemu< 1:10.0.2+ds-2+deb13u1+1
CVEListV5qemu/qemu10.0.010.0.3
NVDqemu/qemu10.0.3

🔴Vulnerability Details

3
GHSA
GHSA-399m-rf4f-w5x4: hw/pci/pcie_sriov2025-07-25
OSV
CVE-2025-54566: hw/pci/pcie_sriov2025-07-25
CVEList
CVE-2025-54566: hw/pci/pcie_sriov2025-07-25

📋Vendor Advisories

3
Red Hat
qemu-kvm: QEMU SR-IOV Migration Inconsistency2025-07-25
Microsoft
hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.2025-07-08
Debian
CVE-2025-54566: qemu - hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, ...2025