CVE-2026-48914
Awaiting Analysis Awaiting Analysis - Queue

Heap-based Buffer Overflow in QEMU virtio-blk Device

Vulnerability report for CVE-2026-48914, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: Red Hat, Inc.

Description

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an out-of-bounds write in the host heap memory and a potential denial of service (DoS) for the QEMU process.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-07-02
AI Q&A
2026-06-12
EPSS Evaluated
2026-07-01
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
qemu qemu *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability involves a heap buffer overflow in QEMU's virtio-blk device triggered by malformed SCSI requests from a malicious guest. Detection would require monitoring or analyzing virtio-blk SCSI requests for abnormal or malformed descriptors, specifically those with unusually small lengths (e.g., 1 byte) that could cause out-of-bounds writes.

There are no specific detection commands or signatures provided in the available resources. However, system administrators could consider monitoring QEMU logs for crashes or denial of service symptoms related to virtio-blk devices, or use debugging tools to trace virtio-blk SCSI request handling.

Mitigation Strategies

Immediate mitigation steps are not explicitly detailed in the provided resources. Generally, to mitigate this type of vulnerability, it is recommended to update QEMU to a version where this issue is fixed once a patch is available.

Until a patch is applied, restricting or disabling untrusted guest access to virtio-blk devices or limiting guest privileges may reduce the risk of exploitation.

Executive Summary

This vulnerability is a heap buffer overflow in QEMU's virtio-blk device related to how it handles SCSI requests. Specifically, the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges can submit a specially crafted virtio-blk SCSI request with a descriptor length of only 1 byte. QEMU allocates a buffer of that exact size but then writes 4 bytes without checking if there is enough space, causing an out-of-bounds write in the host's heap memory.

This flaw can lead to memory corruption in the QEMU process, potentially allowing arbitrary code execution or causing a denial of service (DoS) by crashing the QEMU process.

Impact Analysis

If you run QEMU with virtio-blk devices, a malicious guest with high privileges could exploit this vulnerability to cause an out-of-bounds write in the host's heap memory.

This can lead to denial of service by crashing the QEMU process or potentially allow an attacker to execute arbitrary code on the host, compromising the host system's security.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48914. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart