CVE-2026-0665 — Out-of-bounds Write in Qemu

CWE-787 — Out-of-bounds Write8 documents7 sources

Severity

6.5MEDIUMNVD

OSV5.5

EPSS

0.0%

top 99.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu

Timeline

PublishedFeb 18

Latest updateMar 4

Description

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

▶debiandebian/qemu< qemu 1:10.2.0+ds-2 (forky)

▶Debianqemu/qemu< 1:10.0.8+ds-0+deb13u1+1

▶Ubuntuqemu/qemu< 1:6.2+dfsg-2ubuntu6.28+2

🔴Vulnerability Details

OSV

qemu vulnerabilities↗2026-03-04

▶

GHSA

GHSA-4pq4-6gr5-cr69: An off-by-one error was found in QEMU's KVM Xen guest support↗2026-02-18

▶

OSV

CVE-2026-0665: An off-by-one error was found in QEMU's KVM Xen guest support↗2026-02-18

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2026-03-04

▶

Red Hat

qemu-kvm: Heap off-by-one in KVM Xen PHYSDEVOP_map_pirq↗2026-01-09

▶

Debian

CVE-2026-0665: qemu - An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-0665 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶