CVE-2026-48914
Received Received - Intake
Heap-based Buffer Overflow in QEMU virtio-blk Device

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: Red Hat, Inc.

Description
A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an out-of-bounds write in the host heap memory and a potential denial of service (DoS) for the QEMU process.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-12
AI Q&A
2026-06-12
EPSS Evaluated
N/A
NVD
CVE-2026-48914
EUVD
EUVD-2026-36408
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
qemu qemu *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a heap buffer overflow in QEMU's virtio-blk device related to how it handles SCSI requests. Specifically, the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges can submit a specially crafted virtio-blk SCSI request with a descriptor length of only 1 byte. QEMU allocates a buffer of that exact size but then writes 4 bytes without checking if there is enough space, causing an out-of-bounds write in the host's heap memory.

This flaw can lead to memory corruption in the QEMU process, potentially allowing arbitrary code execution or causing a denial of service (DoS) by crashing the QEMU process.

Impact Analysis

If you run QEMU with virtio-blk devices, a malicious guest with high privileges could exploit this vulnerability to cause an out-of-bounds write in the host's heap memory.

This can lead to denial of service by crashing the QEMU process or potentially allow an attacker to execute arbitrary code on the host, compromising the host system's security.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48914. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart