Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

UBUNTU-CVE-2026-0665 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceUBUNTU-CVE-2026-0665

UBUNTU-CVE-2026-0665

MEDIUM6.5

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall i

Published Feb 18, 2026

Modified 1 months ago

Fix available

Details

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption.

Affected Packages

qemu

Ubuntu 24.04 LTS

Fixed in:

1:8.2.2+ds-0ubuntu1.13

qemu

Ubuntu 25.10

Fixed in:

1:10.1.0+ds-5ubuntu2.4

References

https://lore.kernel.org/qemu-devel/13FE03BE60EA78D6+20260109023548.4047-1-vr@darknavy.com/

https://ubuntu.com/security/CVE-2026-0665

https://ubuntu.com/security/notices/USN-8073-1

https://www.cve.org/CVERecord?id=CVE-2026-0665

CVSS Analysis

CVSS v3.1

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

ChangedS:C

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Upstream

Related

Ecosystems

Ubuntu 24.04 LTS Ubuntu 25.10

Timeline

PublishedFeb 18, 2026

ModifiedMar 5, 2026