An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor crash) via a crafted PCI configuration space access. Given it's a heap overflow in a privileged hypervisor context, exploitation may enable arbitrary code execution or guest-to-host privilege escalation.
Metrics
Affected Vendors & Products
References
History
Thu, 23 Oct 2025 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Bitvisor
Bitvisor bitvisor |
|
Vendors & Products |
Bitvisor
Bitvisor bitvisor |
Fri, 17 Oct 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-122 CWE-787 |
|
Metrics |
cvssV3_1
|
Thu, 16 Oct 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor crash) via a crafted PCI configuration space access. Given it's a heap overflow in a privileged hypervisor context, exploitation may enable arbitrary code execution or guest-to-host privilege escalation. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-10-17T13:28:08.648Z
Reserved: 2025-09-26T00:00:00.000Z
Link: CVE-2025-61553

Updated: 2025-10-17T13:27:06.442Z

Status : Awaiting Analysis
Published: 2025-10-16T19:15:33.983
Modified: 2025-10-21T19:31:50.020
Link: CVE-2025-61553

No data.