CVE-2026-0665

Published: Feb 18, 2026Modified: Feb 19, 2026

6.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Exploitability: 2.0 / Impact: 4.0

Source: patrick@puiterwijk.org (Secondary)

Description

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption.

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://access.redhat.com/security/cve/CVE-2026-0665

Source: patrick@puiterwijk.org

https://bugzilla.redhat.com/show_bug.cgi?id=2428640

Source: patrick@puiterwijk.org

Timeline

No history available yet.