Skip to main content

Red Hat Enterprise Linux 10 CVE-2026-5165

| EUVDEUVD-2026-17113 MEDIUM
Expired Pointer Dereference (CWE-825)
2026-03-30 redhat
6.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Red Hat
6.7 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 30, 2026 - 15:15 euvd
EUVD-2026-17113
Analysis Generated
Mar 30, 2026 - 15:15 vuln.today
CVE Published
Mar 30, 2026 - 15:02 nvd
MEDIUM 6.7

DescriptionCVE.org

A flaw was found in virtio-win, specifically within the VirtIO Block (BLK) device. When the device undergoes a reset, it fails to properly manage memory, resulting in a use-after-free vulnerability. This issue could allow a local attacker to corrupt system memory, potentially leading to system instability or unexpected behavior.

AnalysisAI

VirtIO Block device driver in virtio-win fails to properly release memory during device reset, enabling a use-after-free vulnerability that allows high-privileged local attackers to corrupt kernel memory and cause system instability or denial of service. Affected versions span Red Hat Enterprise Linux 8, 9, and 10; no public exploit code or active exploitation has been identified at time of analysis, though upstream fix is available via GitHub PR.

Technical ContextAI

VirtIO is a standardized interface for efficient I/O virtualization in KVM and other hypervisors. The VirtIO Block (BLK) device driver handles virtual disk operations. The vulnerability resides in the reset code path-when the BLK device is reset (typically during VM lifecycle events or error recovery), the driver fails to properly deallocate or invalidate memory structures associated with pending I/O operations. This violates CWE-825 (Expired Pointer Dereference), where freed memory is accessed after being released, allowing an attacker with high privileges to write or read sensitive kernel state. The issue affects virtio-win's guest driver implementations across multiple Red Hat Enterprise Linux major versions, indicating either a common code base or shared dependency.

RemediationAI

Update virtio-win drivers to a patched version released after GitHub PR #1493 (https://github.com/virtio-win/kvm-guest-drivers-windows/pull/1493) is merged and tagged. Consult Red Hat advisory (https://access.redhat.com/security/cve/CVE-2026-5165) for official errata and supported patched versions for RHEL 8, 9, and 10. If immediate patching is not feasible, restrict device reset operations to trusted administrators only and disable unnecessary VirtIO Block device hot-plug/hot-unplug cycles where possible. Verify patch applicability with your guest OS version and re-test virtual disk I/O stability after patching.

CVE-2026-4631 CRITICAL POC
9.8 Apr 07

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-14544 CRITICAL
9.8 Jul 03

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter

CVE-2026-28369 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow (the embedded web server underpinning JBoss EAP, Red Hat Data Grid, and Apache Camel

CVE-2026-28368 CRITICAL
9.1 Mar 27

HTTP request smuggling in Red Hat Undertow allows remote unauthenticated attackers to bypass front-end security controls

CVE-2026-33845 CRITICAL
9.1 Apr 30

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege

CVE-2026-28367 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow allows remote unauthenticated attackers to send `\r\r\r` as a header block terminator

CVE-2026-11610 HIGH
8.8 Jul 07

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD

CVE-2026-14474 HIGH
8.8 Jul 07

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

CVE-2026-0966 HIGH
8.2 Mar 26

Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon proces

Vendor StatusVendor

Share

CVE-2026-5165 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy