Description
A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input validation vulnerability by supplying an excessive number of descriptors, leading to a buffer overrun. This can cause a system crash, resulting in a Denial of Service (DoS).
Published: 2026-03-30
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Assess Impact
AI Analysis

Impact

A buffer overrun flaw exists in the virtio-win driver’s RhelDoUnMap() function, where the number of descriptors supplied by a user during an unmap request is not validated. This oversight allows a local user to provide an excessive count, causing the driver to write beyond its bounds and crash the operating system. The primary consequence is a system crash, resulting in a denial of service.

Affected Systems

Red Hat Enterprise Linux 8, 9, and 10 systems that include the virtio-win driver for KVM virtual machines are affected. The vulnerability is present in the virtual device driver used to provide Windows guest drivers on Red Hat hosts.

Risk and Exploitability

The CVSS score of 6.7 indicates medium severity, but the flaw is only exploitable by a local or privileged user within the guest environment. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting that widespread exploitation is not yet documented. Attackers would need to run code inside the guest that communicates with the virtio‑win driver, and can trigger the crash by requesting an unmap operation with an oversized descriptor count.

Generated by OpenCVE AI on March 30, 2026 at 16:21 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

OpenCVE Recommended Actions

  • Check the Red Hat Security page periodically for an updated kernel or driver patch that addresses this flaw.
  • Limit the privileges of guest users and ensure only trusted administrators can perform operations that interact with the virtio‑win driver.
  • Apply any available kernel or driver updates as soon as they are released to eliminate the vulnerability.
  • If a temporary patch is not provided, monitor the system for crashes and consider moving critical services to more resilient environments until a fix is available.

Generated by OpenCVE AI on March 30, 2026 at 16:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 30 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input validation vulnerability by supplying an excessive number of descriptors, leading to a buffer overrun. This can cause a system crash, resulting in a Denial of Service (DoS).
Title Virtio-win: virtio-win: denial of service via unvalidated descriptor count in unmap request
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-120
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-30T15:30:38.407Z

Reserved: 2026-03-30T14:47:34.383Z

Link: CVE-2026-5164

cve-icon Vulnrichment

Updated: 2026-03-30T15:19:36.016Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-30T15:16:36.180

Modified: 2026-04-01T14:24:21.833

Link: CVE-2026-5164

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-30T12:34:00Z

Links: CVE-2026-5164 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:11:18Z

Weaknesses