Severity by source
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Registry write requires local low-privileged access (AV:L, PR:L); high complexity (AC:H) reflects AT:P triggering condition; no confidentiality impact and no scope change confirmed.
Primary rating from Vendor (suse).
CVSS VectorVendor: suse
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in SUSE Virtual Machine Driver Pack allows an attacker with the ability to modify the registry to affect the integrity of the driver. We're not aware of a feasible way to exploit this currently.
This issue affects Virtual Machine Driver Pack: before e7a602ec232756ead019bdf19d6d3b9d010cc94b.
AnalysisAI
Buffer overflow in SUSE Virtual Machine Driver Pack allows a local attacker with registry modification rights to corrupt driver integrity. Affected are all versions of the pack before upstream commit e7a602ec232756ead019bdf19d6d3b9d010cc94b, targeting virtualized guest environments running SUSE's paravirtual drivers. No public exploit exists and the vendor explicitly states no feasible exploitation path is currently known; no public exploit identified at time of analysis.
Technical ContextAI
CWE-120 (Classic Buffer Overflow) describes a code path that copies user-supplied data into a fixed-size buffer without first validating the input length. In this case, the driver pack reads attacker-controlled values from Windows registry keys and passes them into a driver-level buffer without size checking. The affected product, identified by CPE cpe:2.3:a:suse:virtual_machine_driver_pack:*:*:*:*:*:*:*:*, is a set of paravirtual device drivers-typically SCSI, network, and memory balloon drivers-installed inside Windows guest VMs running on SUSE-based hypervisor stacks (e.g., KVM/QEMU with SUSE management). The registry is the attack surface because Windows drivers commonly read configuration parameters from HKLM registry paths at initialization or device enumeration time. The CVSS 4.0 AT:P metric indicates the vulnerable code path is only reachable when a specific attack target condition is present, consistent with a driver initialization scenario that may not be triggered continuously.
RemediationAI
Update the SUSE Virtual Machine Driver Pack to the build incorporating upstream commit e7a602ec232756ead019bdf19d6d3b9d010cc94b. Because no tagged release version was independently confirmed at time of analysis, administrators should consult the SUSE Bugzilla entry at https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-8412 to identify the corresponding package version available via SUSE's update channels. As a compensating control, restrict local user privileges inside Windows guest VMs to prevent non-administrative accounts from writing to driver-related registry keys under HKLM; this directly eliminates the attack surface by removing the attacker's ability to supply the malformed input. Note that full administrative lockdown inside a guest VM may impact legitimate software that requires registry write access. Given the vendor's assessment that no feasible exploit path currently exists, patching can be scheduled within a normal maintenance window rather than treated as emergency response.
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210459
GHSA-5827-wp8x-c8xh