CVE-2026-5164 in virtio-win kvm-guest-drivers-windows
Résumé (Anglaise)
A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input validation vulnerability by supplying an excessive number of descriptors, leading to a buffer overrun. This can cause a system crash, resulting in a Denial of Service (DoS).
Responsable
redhat
Réserver
30/03/2026
Divulgation
30/03/2026
Entrées
| ID | Vulnérabilité | CWE | Base | Temp | 0day | Aujourd'hui | Exp | KEV | EPSS | CTI | Con | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 354198 | virtio-win kvm-guest-drivers-windows RhelDoUnMap buffer overflow | 120 | 6.7 | 6.6 | $0-$5k | $0-$5k | Non défini | 0.00000 | 3.31+ | Correctif officiel | CVE-2026-5164 |