Description
A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition (DoS).
Published: 2026-02-19
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch Now
AI Analysis

Impact

A specially crafted VMDK image can trigger a heap buffer out-of-bounds read within QEMU’s vmdk compressed grain parsing logic, potentially leaking 12 bytes of sensitive memory content and, if the error propagates to the host, causing a denial of service by aborting the image import. The flaw is a classic Out‑of‑Bounds Read (CWE‑125).

Affected Systems

The vulnerability affects QEMU binaries shipped with Red Hat products. Specifically, Red Hat Enterprise Linux release 6 through 10 and the Red Hat OpenShift Container Platform 4 are impacted as noted by the CNA. All hosts running these distributions with the vulnerable QEMU version remain at risk until a patched kernel module is installed.

Risk and Exploitability

The CVSS score of 5.1 places this vulnerability in the medium severity range. The EPSS value is below 1 %, indicating a very low probability of an in‑the‑wild exploit at the time of analysis. The vulnerability is not listed in the CISA KEV catalog, so no public exploitation has been reported. The likely attack vector is inferred from the description: an attacker who can supply a malicious VMDK file to the host or a virtual machine using QEMU may trigger the read. If control over the input is possible, the attacker can read a small memory fragment or cause a host crash; however, the impact is limited to a brief data leak and possible instability rather than full system compromise.

Generated by OpenCVE AI on April 17, 2026 at 18:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update QEMU to a version that includes the CVE‑2026‑2243 fix, as released by Red Hat, on all affected RHEL and OpenShift hosts.
  • Restrict creation and import of VMDK images to trusted personnel and enforce integrity checks or digital signatures prior to use.
  • Enable monitoring of QEMU logs for abnormal VMDK processing failures, and configure alerts for repeated import errors that could signal an attempted exploitation.

Generated by OpenCVE AI on April 17, 2026 at 18:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 21 Feb 2026 07:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Red Hat
Red Hat enterprise Linux
Redhat openshift Container Platform
Vendors & Products Red Hat
Red Hat enterprise Linux
Redhat openshift Container Platform

Fri, 20 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Low

Thu, 19 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition (DoS).
Title Qemu-kvm: heap buffer out-of-bounds read in vmdk compressed grain parsing
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-125
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}

Subscriptions

Red Hat Enterprise Linux
Redhat Enterprise Linux Openshift Openshift Container Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-02T17:29:49.090Z

Reserved: 2026-02-09T09:44:40.684Z

Link: CVE-2026-2243

cve-icon Vulnrichment

Updated: 2026-02-20T20:23:54.611Z

cve-icon NVD

Status : Deferred

Published: 2026-02-19T18:25:00.337

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-2243

cve-icon Redhat

Severity : Low

Publid Date: 2026-02-10T00:00:00Z

Links: CVE-2026-2243 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T18:15:26Z

Weaknesses