Skip to main content

Red Hat CVE-2026-2243

MEDIUM
Out-of-bounds Read (CWE-125)
2026-02-19 secalert@redhat.com
5.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
SUSE
MEDIUM
qualitative
Red Hat
5.1 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low

Lifecycle Timeline

3
Patch released
Apr 09, 2026 - 20:30 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 22:03 vuln.today
CVE Published
Feb 19, 2026 - 18:25 nvd
MEDIUM 5.1

DescriptionCVE.org

A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition (DoS).

AnalysisAI

QEMU's VMDK image parser is vulnerable to an out-of-bounds read when processing maliciously crafted disk images, allowing local attackers to leak sensitive information or trigger denial of service. This vulnerability affects systems running QEMU with untrusted VMDK input and currently lacks an available patch.

Technical ContextAI

Classified as CWE-125 (Out-of-bounds Read). A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition (DoS).

Affected ProductsAI

QEMU

RemediationAI

Monitor vendor advisories for a patch.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.2 Fixed
SUSE Linux Enterprise Micro 5.3 Fixed

Share

CVE-2026-2243 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy