Description
A flaw was found in virtio-win. A low-integrity process can issue an IOCTL request to viosock.sys!VIOSockSelect with a maliciously crafted request that causes an integer overflow. This allows the process to circumvent bounds checking, resulting in a heap overflow in the NonPagedPool kernel heap. The flaw could be exploited to escalate privileges on Windows systems running this driver.
Published: n/a
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the virtio-win viosock.sys driver can be triggered by a low‑integrity process that sends a malicious IOCTL request to the VIOSockSelect function. The request causes an integer overflow that bypasses bounds checking, resulting in a heap‑based buffer overflow in the NonPagedPool kernel heap. An attacker could exploit this to execute arbitrary code in kernel mode, giving them full control of a Windows system and therefore enabling privilege escalation.

Affected Systems

The vulnerability affects Windows systems that load the virtio-win viosock.sys driver. No specific driver version numbers are listed, so any machine running a version prior to the patched release contains the flaw. This includes virtual machines that rely on virtio networking with the viosock driver.

Risk and Exploitability

The CVSS score of 7.8 indicates a high impact vulnerability. The EPSS score is not available, and the flaw is not currently listed in the CISA KEV catalog, suggesting moderate but not high exploitation probability at present. Exploitation requires a low‑integrity process to issue the crafted IOCTL, so the attack vector is local. If leveraged successfully, the integer overflow could be used to overwrite kernel memory and execute arbitrary code, resulting in complete privilege escalation.

Generated by OpenCVE AI on June 17, 2026 at 18:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest virtio-win driver update that fixes the integer overflow in viosock.sys.
  • Enforce stricter access control for low‑integrity processes so they cannot issue IOCTL requests to viosock.sys, for example by using AppLocker or device‑driver access policies.
  • Monitor system logs for abnormal viosock.sys activity and maintain up‑to‑date monitoring rules to detect potential exploitation attempts.

Generated by OpenCVE AI on June 17, 2026 at 18:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in virtio-win. A low-integrity process can issue an IOCTL request to viosock.sys!VIOSockSelect with a maliciously crafted request that causes an integer overflow. This allows the process to circumvent bounds checking, resulting in a heap overflow in the NonPagedPool kernel heap. The flaw could be exploited to escalate privileges on Windows systems running this driver.
Title virtio-win: viosock.sys: integer overflow in VIOSockSelect leads to heap-based buffer overflow
Weaknesses CWE-190
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Subscriptions

No data.

cve-icon MITRE

No data.

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-16T00:00:00Z

Links: CVE-2026-46655 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T18:15:10Z

Weaknesses
  • CWE-190

    Integer Overflow or Wraparound