VYPR
Medium severity6.7NVD Advisory· Published Mar 30, 2026· Updated Apr 28, 2026

CVE-2026-5164

CVE-2026-5164

Description

A flaw was found in virtio-win. The RhelDoUnMap() function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input validation vulnerability by supplying an excessive number of descriptors, leading to a buffer overrun. This can cause a system crash, resulting in a Denial of Service (DoS).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:a:redhat:virtio-win:-:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:redhat:virtio-win:-:*:*:*:*:*:*:*
    • (no CPE)
  • cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.