Updated: 2026-02-27 02:46:52.592091
Description:
A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | MEDIUM | 5.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | qemu-kvm | 7.2.0 | 5.3 | MEDIUM | Ignored | 2025-10-11 00:20:43 | This issue is only reachable when the virtio-net device and guest explicitly negotiate three feature... | |
| AlmaLinux 9.2 ESU | hivex | 1.3.21 | 5.3 | MEDIUM | Ignored | 2025-09-10 14:15:10 | This issue is only reachable when the virtio-net device and guest explicitly negotiate three feature... | |
| AlmaLinux 9.2 ESU | libvirt | 9.0.0 | 5.3 | MEDIUM | Ignored | 2025-09-10 14:23:32 | This issue is only reachable when the virtio-net device and guest explicitly negotiate three feature... | |
| CentOS 8.4 ELS | hivex | 1.3.18-21 | 5.3 | MEDIUM | Not Vulnerable | 2025-03-25 03:21:28 | ||
| CentOS 8.4 ELS | libvirt | 6.0.0-35.1 | 5.3 | MEDIUM | Not Vulnerable | 2025-02-20 06:38:02 | ||
| CentOS 8.5 ELS | libvirt | 6.0.0-37 | 5.3 | MEDIUM | Not Vulnerable | 2025-02-20 06:38:03 | ||
| CentOS 8.5 ELS | hivex | 1.3.18-21 | 5.3 | MEDIUM | Not Vulnerable | 2025-03-25 03:21:28 |