4 matches found
CVE-2025-8860
A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFIVARSREGBUFFERSIZE, the .write callback uefivarswrite is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. Wh...
CVE-2025-8860 Qemu-kvm: uefi-vars: information disclosure vulnerability in uefi_vars_write callback
A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFIVARSREGBUFFERSIZE, the .write callback uefivarswrite is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. Wh...
CVE-2025-8860
CVE-2025-8860 affects QEMU by a flaw in the uefi-vars device: after writing to UEFI_VARS_REG_BUFFER_SIZE, a heap buffer is allocated without zeroing, leaving residual data that can be read later from UEFI_VARS_REG_PIO_BUFFER_TRANSFER, causing information disclosure. Oracle Linux advisories ELSA-2...
Linux Distros Unpatched Vulnerability : CVE-2025-8860
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFIVARSREGBUFFERSIZE, the .write callback uefivarswrite is invoked...