Medium severity6.7NVD Advisory· Published Mar 30, 2026· Updated Apr 28, 2026

CVE-2026-5165

Description

A flaw was found in virtio-win, specifically within the VirtIO Block (BLK) device. When the device undergoes a reset, it fails to properly manage memory, resulting in a use-after-free vulnerability. This issue could allow a local attacker to corrupt system memory, potentially leading to system instability or unexpected behavior.

Affected products

Red Hat/Virtio Win
cpe:2.3:a:redhat:virtio-win:-:*:*:*:*:*:*:*
Red Hat/Enterprise Linux2 versions
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/security/cve/CVE-2026-5165nvdVendor Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor Advisory
github.com/virtio-win/kvm-guest-drivers-windows/pull/1493nvdIssue Tracking

News mentions

No linked articles in our index yet.

cvss	0.436
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000