Out-of-Bounds Write Vulnerability in QEMU Affects Virtual Machine Security
CVE-2026-3842
7.8HIGH
Key Information:
- Vendor
- CVE Published:
- 16 July 2026
What is CVE-2026-3842?
A flaw in QEMU has been identified that enables a local attacker operating within a guest virtual machine to write beyond its allocated memory boundaries. This scenario arises when the function cpu_physical_memory_map() returns a shorter length than expected, potentially leading to an out-of-bounds write. If exploited successfully, this vulnerability could grant unauthorized access to guest memory, permit corruption of heap-allocated objects, and raise serious concerns regarding information disclosure and data integrity, in addition to potentially causing denial of service.
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Red Hat would like to thank Oleh Konko (1seal) for reporting this issue.
