Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling
CVE-2026-48914

6.7MEDIUM

Key Information:

Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Vendor
CVE Published:
12 June 2026

What is CVE-2026-48914?

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an out-of-bounds write in the host heap memory and a potential denial of service (DoS) for the QEMU process.

References

https://access.redhat.com/security/cve/CVE-2026-48914
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2488283
issue-trackingx_refsource_REDHAT
https://lore.kernel.org/qemu-devel/20260526154957.1741622...

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Feifan Qian <bea1e@proton.me> for reporting this issue.
.