CVE-2025-54567Incorrect Provision of Specified Functionality in Qemu

CWE-684Incorrect Provision of Specified Functionality7 documents7 sources
Severity
5.4MEDIUMNVD
CNA5.3OSV5.3
EPSS
0.0%
top 99.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Qemu
Timeline
PublishedJul 25

Description

hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

Debianqemu/qemu< 1:10.0.2+ds-2+deb13u1+1
CVEListV5qemu/qemu10.0.010.0.3
NVDqemu/qemu10.0.3

Patches

Patch: lore.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-c2q6-w8rj-wvhw: hw/pci/pcie_sriov2025-07-25
CVEList
CVE-2025-54567: hw/pci/pcie_sriov2025-07-25
OSV
CVE-2025-54567: hw/pci/pcie_sriov2025-07-25

📋Vendor Advisories

3
Red Hat
qemu-kvm: QEMU SR-IOV Enable Mask Vulnerability2025-07-25
Microsoft
hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.2025-07-08
Debian
CVE-2025-54567: qemu - hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write ma...2025