An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor crash) via a crafted PCI configuration space access. Given it's a heap overflow in a privileged hypervisor context, exploitation may enable arbitrary code execution or guest-to-host privilege escalation.
Metrics
Affected Vendors & Products
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 17 Oct 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-122 CWE-787 |
|
Metrics |
cvssV3_1
|
Thu, 16 Oct 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor crash) via a crafted PCI configuration space access. Given it's a heap overflow in a privileged hypervisor context, exploitation may enable arbitrary code execution or guest-to-host privilege escalation. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-10-17T13:28:08.648Z
Reserved: 2025-09-26T00:00:00.000Z
Link: CVE-2025-61553

Updated: 2025-10-17T13:27:06.442Z

Status : Received
Published: 2025-10-16T19:15:33.983
Modified: 2025-10-17T14:15:47.183
Link: CVE-2025-61553

No data.

No data.