CVE-2026-48914

6.7 MEDIUM

A flaw was found in QEMU's virtio-blk device

Published: 2026-06-12 · Last updated: 2026-06-12

Severity and scoring

CVSS: 6.7 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H
CWE: CWE-122

Description

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an out-of-bounds write in the host heap memory and a potential denial of service (DoS) for the QEMU process.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-12030 — Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer... (8.3 HIGH)
CVE-2026-12010 — Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the rendere... (8.3 HIGH)
CVE-2026-53465 — ImageMagick is free and open-source software used for editing and manipulating digital images (6.2 MEDIUM)
CVE-2026-48994 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.9 MEDIUM)
CVE-2026-46692 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.1 MEDIUM)