VYPR
Medium severity6.7NVD Advisory· Published Mar 30, 2026· Updated Apr 28, 2026

CVE-2026-5165

CVE-2026-5165

Description

A flaw was found in virtio-win, specifically within the VirtIO Block (BLK) device. When the device undergoes a reset, it fails to properly manage memory, resulting in a use-after-free vulnerability. This issue could allow a local attacker to corrupt system memory, potentially leading to system instability or unexpected behavior.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:a:redhat:virtio-win:-:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:redhat:virtio-win:-:*:*:*:*:*:*:*
    • (no CPE)
  • cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.