Nixpkgs security tracker

Untriaged

Permalink CVE-2026-5164

6.7 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 weeks, 5 days ago

Virtio-win: virtio-win: denial of service via unvalidated descriptor count in unmap request

A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input validation vulnerability by supplying an excessive number of descriptors, leading to a buffer overrun. This can cause a system crash, resulting in a Denial of Service (DoS).

References

https://access.redhat.com/security/cve/CVE-2026-5164 vdb-entryx_refsource_REDHAT
RHBZ#2453014 issue-trackingx_refsource_REDHAT
https://github.com/virtio-win/kvm-guest-drivers-windows/pull/1504

Affected products

virtio-win

Matching in nixpkgs

pkgs.virtio-win

Windows VirtIO Drivers

nixos-unstable 0.1.285-1
- nixpkgs-unstable 0.1.285-1
- nixos-unstable-small 0.1.285-1
nixos-25.11 0.1.285-1
- nixos-25.11-small 0.1.285-1
- nixpkgs-25.11-darwin 0.1.285-1

Package maintainers

@anthonyroussel Anthony Roussel <anthony@roussel.dev>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.virtio-win

Package maintainers