Skip to main content

Virtual Machine Driver Pack EUVDEUVD-2025-210459

| CVE-2025-8412 LOW
Classic Buffer Overflow (CWE-120)
2026-07-14 suse GHSA-5827-wp8x-c8xh
2.0
CVSS 4.0 · Vendor: suse

Severity by source

Vendor (suse) PRIMARY
2.0 LOW
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
3.6 LOW

Registry write requires local low-privileged access (AV:L, PR:L); high complexity (AC:H) reflects AT:P triggering condition; no confidentiality impact and no scope change confirmed.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
4.0 AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (suse).

CVSS VectorVendor: suse

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 14, 2026 - 08:45 vuln.today

DescriptionCVE.org

A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in SUSE Virtual Machine Driver Pack allows an attacker with the ability to modify the registry to affect the integrity of the driver. We're not aware of a feasible way to exploit this currently.

This issue affects Virtual Machine Driver Pack: before e7a602ec232756ead019bdf19d6d3b9d010cc94b.

AnalysisAI

Buffer overflow in SUSE Virtual Machine Driver Pack allows a local attacker with registry modification rights to corrupt driver integrity. Affected are all versions of the pack before upstream commit e7a602ec232756ead019bdf19d6d3b9d010cc94b, targeting virtualized guest environments running SUSE's paravirtual drivers. No public exploit exists and the vendor explicitly states no feasible exploitation path is currently known; no public exploit identified at time of analysis.

Technical ContextAI

CWE-120 (Classic Buffer Overflow) describes a code path that copies user-supplied data into a fixed-size buffer without first validating the input length. In this case, the driver pack reads attacker-controlled values from Windows registry keys and passes them into a driver-level buffer without size checking. The affected product, identified by CPE cpe:2.3:a:suse:virtual_machine_driver_pack:*:*:*:*:*:*:*:*, is a set of paravirtual device drivers-typically SCSI, network, and memory balloon drivers-installed inside Windows guest VMs running on SUSE-based hypervisor stacks (e.g., KVM/QEMU with SUSE management). The registry is the attack surface because Windows drivers commonly read configuration parameters from HKLM registry paths at initialization or device enumeration time. The CVSS 4.0 AT:P metric indicates the vulnerable code path is only reachable when a specific attack target condition is present, consistent with a driver initialization scenario that may not be triggered continuously.

RemediationAI

Update the SUSE Virtual Machine Driver Pack to the build incorporating upstream commit e7a602ec232756ead019bdf19d6d3b9d010cc94b. Because no tagged release version was independently confirmed at time of analysis, administrators should consult the SUSE Bugzilla entry at https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-8412 to identify the corresponding package version available via SUSE's update channels. As a compensating control, restrict local user privileges inside Windows guest VMs to prevent non-administrative accounts from writing to driver-related registry keys under HKLM; this directly eliminates the attack surface by removing the attacker's ability to supply the malformed input. Note that full administrative lockdown inside a guest VM may impact legitimate software that requires registry write access. Given the vendor's assessment that no feasible exploit path currently exists, patching can be scheduled within a normal maintenance window rather than treated as emergency response.

Share

EUVD-2025-210459 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy