Out-of-Bounds Heap Read in libslirp on Freedesktop.org Affects Multiple Hypervisor Environments
CVE-2026-9539

6.5MEDIUM

Key Information:

Vendor

Freedesktop.org

Status
Libslirp
Vendor
CVE Published:
24 June 2026

What is CVE-2026-9539?

An out-of-bounds heap read and integer underflow vulnerability exists in the TCP urgent data handling mechanism of the libslirp library on freedesktop.org. This issue affects hypervisor host environments such as QEMU and allows a privileged guest VM attacker to exploit the vulnerability. By sending specially crafted TCP segments with altered URG flags and urgent pointers, the attacker can leak significant amounts of sensitive heap memory from the host process, potentially compromising data integrity and confidentiality. Users are encouraged to update to libslirp version 4.9.2 or later to mitigate this risk.

Affected Version(s)

libslirp 0 < 4.9.2

References

https://gitlab.freedesktop.org/slirp/libslirp/-/work_item...
issue-tracking
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/92...
patch
https://gitlab.freedesktop.org/slirp/libslirp/-/releases/...
release-notes

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Bruce Chen of STAR Labs SG Pte. Ltd.
Shi Weiming of STAR Labs SG Pte. Ltd.
.