Home

Description

A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition (DoS).

PUBLISHED Reserved 2026-02-09 | Published 2026-02-19 | Updated 2026-03-02 | Assigner redhat




MEDIUM: 5.1CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Problem types

Out-of-bounds Read

Product status

Default status
unaffected

Any version
affected

Default status
affected

Default status
unknown

Default status
unknown

Default status
unknown

Default status
affected

Default status
affected

Default status
affected

Timeline

2026-02-19:Reported to Red Hat.
2026-02-10:Made public.

Credits

Red Hat would like to thank Halil Oktay (oblivionsage) for reporting this issue.

References

access.redhat.com/security/cve/CVE-2026-2243 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2440934 (RHBZ#2440934) issue-tracking

cve.org (CVE-2026-2243)

nvd.nist.gov (CVE-2026-2243)

Download JSON