Suggestions search

All statuses

Filter by:

With package: virtio-win

Found 2 matching suggestions

View:

Compact

Detailed

Published

Permalink CVE-2026-5165

6.7 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 11 hours ago by @mweinelt Activity log

Created automatic suggestion 19 hours ago
@mweinelt accepted 11 hours ago
@mweinelt published on GitHub 11 hours ago

Virtio-win: virtio-win: memory corruption via use-after-free in virtio blk device reset

A flaw was found in virtio-win, specifically within the VirtIO Block (BLK) device. When the device undergoes a reset, it fails to properly manage memory, resulting in a use-after-free vulnerability. This issue could allow a local attacker to corrupt system memory, potentially leading to system instability or unexpected behavior.

References

https://access.redhat.com/security/cve/CVE-2026-5165 x_refsource_REDHAT vdb-entry
RHBZ#2453015 issue-tracking x_refsource_REDHAT
https://github.com/virtio-win/kvm-guest-drivers-windows/pull/1493

Affected products

virtio-win

Matching in nixpkgs

pkgs.virtio-win

Windows VirtIO Drivers

nixos-unstable 0.1.285-1
- nixpkgs-unstable 0.1.285-1
- nixos-unstable-small 0.1.285-1
nixos-25.11 0.1.285-1
- nixos-25.11-small 0.1.285-1
- nixpkgs-25.11-darwin 0.1.285-1

Package maintainers

@anthonyroussel Anthony Roussel <anthony@roussel.dev>

https://github.com/virtio-win/kvm-guest-drivers-windows/pull/1493