CVE-2025-54567 — MEDIUM (4.2)

Q: What is CVE-2025-54567?

CVE-2025-54567 is a vulnerability with a CVSS score of 4.2 (MEDIUM). hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.

Q: How severe is CVE-2025-54567?

CVE-2025-54567 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-54567?

Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu.

Vulnerability Description

hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.

CVSS Score

4.2

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Qemu	Qemu	<= 10.0.3

Related Weaknesses (CWE)

CWE-684

References

https://lore.kernel.org/qemu-devel/[email protected]Mailing ListPatch

FAQ

What is CVE-2025-54567?

CVE-2025-54567 is a vulnerability with a CVSS score of 4.2 (MEDIUM). hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.

How severe is CVE-2025-54567?

CVE-2025-54567 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-54567?

Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu.