CVE-2025-8412 PUBLISHED

VMDP: Potential buffer overflow in the RtlQueryRegistryValues function

Assigner: suse
Reserved: 31.07.2025 Published: 14.07.2026 Updated: 14.07.2026

A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in SUSE Virtual Machine Driver Pack allows an attacker with the ability to modify the registry to affect the integrity of the driver. We're not aware of a feasible way to exploit this currently.

This issue affects Virtual Machine Driver Pack: before e7a602ec232756ead019bdf19d6d3b9d010cc94b.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
CVSS Score: 2

Product Status

Vendor SUSE
Product Virtual Machine Driver Pack
Versions Default: unaffected
  • affected from 0 to e7a602ec232756ead019bdf19d6d3b9d010cc94b (excl.)

Credits

  • Andrea Monzani finder

References

Problem Types

  • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE