CVE-2026-48914 PUBLISHED

Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling

Assigner: redhat
Reserved: 26.05.2026 Published: 12.06.2026 Updated: 12.06.2026

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an out-of-bounds write in the host heap memory and a potential denial of service (DoS) for the QEMU process.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H
CVSS Score: 6.7

Attack Vector	Local	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	High	Integrity Impact	Low
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Package Collection	https://gitlab.com/qemu-project/qemu
Package Name	qemu
Versions	Default: unaffected affected from 1.1.0 to 11.0.1 (incl.)

Vendor	Red Hat
Product	Red Hat Enterprise Linux 10
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 6
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 7
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 7
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 8
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 9
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux for NVIDIA 26
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat OpenShift Container Platform 4
Versions	Default: affected

Credits

Red Hat would like to thank Feifan Qian <bea1e@proton.me> for reporting this issue.

References

Problem Types

Heap-based Buffer Overflow CWE