QEMU 10.0.3 PCIe SR-IOV VF Enable Bit
CVE-2025-54567 Published on July 25, 2025
hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.
Weakness Type
Incorrect Provision of Specified Functionality
The code does not function according to its published specifications, potentially leading to incorrect usage. When providing functionality to an external party, it is important that the software behaves in accordance with the details specified. When requirements of nuances are not documented, the functionality may produce unintended behaviors for the caller, possibly leading to an exploitable state.
Products Associated with CVE-2025-54567
Want to know whenever a new CVE is published for QEMU? stack.watch will email you.
Affected Versions
QEMU:- Version 10.0.0, <= 10.0.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.