CVE-2026-0665 | THREATINT

Description

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption.

PUBLISHED Reserved 2026-01-07 | Published 2026-02-18 | Updated 2026-02-18 | Assigner fedora

MEDIUM: 6.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Problem types

Out-of-bounds Write

Product status

Default status

unaffected

8.0.0 (semver)

affected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Timeline

2026-01-12:	Reported to Red Hat.
2026-01-09:	Made public.

References

access.redhat.com/security/cve/CVE-2026-0665 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2428640 (RHBZ#2428640) issue-tracking

cve.org (CVE-2026-0665)

nvd.nist.gov (CVE-2026-0665)

Download JSON

help @ threatint.eu