NIXPKGS-2026-0869

GitHub issue published 2 months, 3 weeks ago

Permalink CVE-2026-5165

6.7 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): High (H)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): High (H)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 2 months, 3 weeks ago by @mweinelt Activity log

Created suggestion 2 months, 3 weeks ago
@mweinelt accepted 2 months, 3 weeks ago
@mweinelt published on GitHub 2 months, 3 weeks ago

Virtio-win: virtio-win: memory corruption via use-after-free in virtio blk device reset

A flaw was found in virtio-win, specifically within the VirtIO Block (BLK) device. When the device undergoes a reset, it fails to properly manage memory, resulting in a use-after-free vulnerability. This issue could allow a local attacker to corrupt system memory, potentially leading to system instability or unexpected behavior.

References

https://access.redhat.com/security/cve/CVE-2026-5165 x_refsource_REDHATvdb-entry
RHBZ#2453015 issue-trackingx_refsource_REDHAT
https://github.com/virtio-win/kvm-guest-drivers-windows/pull/1493

Affected products

virtio-win

Matching in nixpkgs

pkgs.virtio-win

Windows VirtIO Drivers

nixos-unstable 0.1.285-1
- nixpkgs-unstable 0.1.285-1
- nixos-unstable-small 0.1.285-1

Package maintainers

@anthonyroussel Anthony Roussel <anthony@roussel.dev>

https://github.com/virtio-win/kvm-guest-drivers-windows/pull/1493

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0869

References

Affected products

Matching in nixpkgs

pkgs.virtio-win

Package maintainers