Lucene search
K

4 matches found

NVD
NVD
added 2026/02/18 9:16 p.m.9 views

CVE-2025-8860

A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFIVARSREGBUFFERSIZE, the .write callback uefivarswrite is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. Wh...

3.3CVSS0.00147EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/18 8:49 p.m.3 views

CVE-2025-8860 Qemu-kvm: uefi-vars: information disclosure vulnerability in uefi_vars_write callback

A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFIVARSREGBUFFERSIZE, the .write callback uefivarswrite is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. Wh...

3.3CVSS5.7AI score0.00147EPSS
Exploits0References2
CVE
CVE
added 2026/02/18 8:49 p.m.32 views

CVE-2025-8860

CVE-2025-8860 affects QEMU by a flaw in the uefi-vars device: after writing to UEFI_VARS_REG_BUFFER_SIZE, a heap buffer is allocated without zeroing, leaving residual data that can be read later from UEFI_VARS_REG_PIO_BUFFER_TRANSFER, causing information disclosure. Oracle Linux advisories ELSA-2...

3.3CVSS5.6AI score0.00147EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-8860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFIVARSREGBUFFERSIZE, the .write callback uefivarswrite is invoked...

3.3CVSS6.6AI score0.00147EPSS
Exploits0References2
Rows per page
Query Builder