CVE-2026-5165 virtio-win — Exploit & Vulnerability Details MEDIUM

CVE-2026-5165

MEDIUM CVSS 3.1: 6.7 EPSS 0.01%

Parameter	Value
CVSS	6.7 (MEDIUM)
Type	CWE-825
Vendor	virtio-win
Public PoC	No

A flaw was found in virtio-win, specifically within the VirtIO Block (BLK) device. When the device undergoes a reset, it fails to properly manage memory, resulting in a use-after-free vulnerability. This issue could allow a local attacker to corrupt system memory, potentially leading to system instability or unexpected behavior.

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

Low

Easy to exploit

Privileges Required

High

Admin privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-825

References 3

https://access.redhat.com/security/cve/CVE-2026-5165

secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2453015

secalert@redhat.com

https://github.com/virtio-win/kvm-guest-drivers-windows/pull/1493

secalert@redhat.com

Share Post Share Share Share

Menu

CVE-2026-5165

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 3

CVE Details

Editor's Choice

Menu

CVE-2026-5165

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 3

CVE Details

Editor's Choice

Stay informed on cybersecurity