Skip to main content

Red Hat CVE-2026-0665

MEDIUM
Out-of-bounds Write (CWE-787)
2026-02-18 patrick@puiterwijk.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Patch released
Apr 09, 2026 - 14:30 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 18, 2026 - 21:16 nvd
MEDIUM 6.5

DescriptionCVE.org

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption.

AnalysisAI

QEMU's KVM Xen guest support contains an off-by-one error in the physdev hypercall interface that allows authenticated guest users to trigger out-of-bounds heap memory access within the hypervisor process. This vulnerability can lead to denial of service through memory corruption, potentially affecting virtualized environments running QEMU with Xen guest support enabled. No patch is currently available.

Technical ContextAI

Classified as CWE-787 (Out-of-bounds Write). An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption.

Affected ProductsAI

Component: emulated Xen physdev hypercall.

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.56 Container suse/sl-micro/6.0/base-os-container:2.1.3-7.24 Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.58 Container suse/sl-micro/6.0/toolbox:13.2-9.16 Image SL-Micro Affected
Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.122 Affected
Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.52 Container suse/sl-micro/6.1/base-os-container:2.2.1-5.72 Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.66 Affected
Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.75 Affected
Image SL-Micro-Azure Image SL-Micro-BYOS-Azure Image SL-Micro-BYOS-EC2 Image SL-Micro-BYOS-GCE Image SL-Micro-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-Azure Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-Azure-llc Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-Azure Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd Affected

Share

CVE-2026-0665 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy