PT-2026-48843 · Red Hat · Red Hat Enterprise Linux 10+6

Published

2026-06-12

·

Updated

2026-06-12

·

CVE-2026-48914

CVSS v3.1

6.7

Medium

VectorAV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H
A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an out-of-bounds write in the host heap memory and a potential denial of service (DoS) for the QEMU process.

Fix

Heap Based Buffer Overflow

Weakness Enumeration

CWE-122

Related Identifiers

CVE-2026-48914

Affected Products

Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Red Hat Enterprise Linux For Nvidia 26
Red Hat Openshift Container Platform 4