QEMU KVM Xen Guest Off-By-One heap OOB access in Xen physdev
CVE-2026-0665 Published on February 18, 2026

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption.

NVD

Vulnerability Analysis

CVE-2026-0665 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

What is a Memory Corruption Vulnerability?

The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.

CVE-2026-0665 has been classified to as a Memory Corruption vulnerability or weakness.


Products Associated with CVE-2026-0665

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-0665 are published in these products:

Red Hat Enterprise Linux (RHEL)
 
Red Hat Openshift
 
QEMU