Description
A flaw was found in virtio-win, specifically within the VirtIO Block (BLK) device. When the device undergoes a reset, it fails to properly manage memory, resulting in a use-after-free vulnerability. This issue could allow a local attacker to corrupt system memory, potentially leading to system instability or unexpected behavior.
Published: 2026-03-30
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local memory corruption leading to instability
Action: Apply patch
AI Analysis

Impact

A use‑after‑free vulnerability exists in the VirtIO Block (BLK) device of virtio‑win. When the device is reset, memory is corrupted, which a local attacker could exploit to break system stability or produce unexpected behavior. This flaw falls under CWE‑825: Incorrect Memory Management.

Affected Systems

The vulnerability affects Red Hat Enterprise Linux 8, 9 and 10, where the virtio‑win package hosts the VirtIO Block driver used by virtual machines.

Risk and Exploitability

The flaw carries a CVSS score of 6.7, indicating moderate severity, and has no reported exploits or inclusion in CISA’s KEV catalog. Because the attack surface is local and requires initiating a device reset, the risk is limited to environments that expose virtio‑blk devices; however, the lack of an official patch or workaround emphasizes the need for monitoring until remediation is available.

Generated by OpenCVE AI on March 30, 2026 at 16:20 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

OpenCVE Recommended Actions

  • Apply any current Red Hat update for the virtio‑win package that addresses the use‑after‑free vulnerability.
  • If no update is available, limit the use of virtio‑blk devices or isolate vulnerable workloads until a patch is released.
  • Monitor system stability for signs of memory corruption and consult Red Hat support for further guidance.

Generated by OpenCVE AI on March 30, 2026 at 16:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat virtio-win
CPEs cpe:2.3:a:redhat:virtio-win:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Redhat virtio-win

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 30 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in virtio-win, specifically within the VirtIO Block (BLK) device. When the device undergoes a reset, it fails to properly manage memory, resulting in a use-after-free vulnerability. This issue could allow a local attacker to corrupt system memory, potentially leading to system instability or unexpected behavior.
Title Virtio-win: virtio-win: memory corruption via use-after-free in virtio blk device reset
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-825
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Enterprise Linux Virtio-win
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-28T14:35:37.734Z

Reserved: 2026-03-30T14:51:14.677Z

Link: CVE-2026-5165

cve-icon Vulnrichment

Updated: 2026-03-30T18:05:33.941Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-30T15:16:36.520

Modified: 2026-04-28T14:17:41.683

Link: CVE-2026-5165

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-30T12:34:00Z

Links: CVE-2026-5165 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:11:17Z

Weaknesses