Oracle Linux 9 : qemu-kvm (ELSA-2026-50241)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50241 advisory. - Document CVEs Mark Kanda CVE-2025-54566 CVE-2025-54567 CVE-2025-8860 CVE-2026-0665 CVE-2026-3886 - hw/usb/hcd-ohci: check for MPS=0 to avoid infinit...

CVE-2026-0665

CVE-2026-0665 affects QEMU with the Xen guest support, enabling an attacker in the guest to trigger out-of-bounds heap access through xen_physdev_map_pirq, potentially causing denial of service or memory corruption. The connected advisories confirm a fix in QEMU (update to version 10.0.8) across ...

SUSE-SU-2026:0445-1 Security update for qemu

This update for qemu fixes the following issues: - CVE-2026-0665: Added PIRQ bounds check in xenphysdevmappirq to avoid an out-of-bounds heap. bsc1256484 Other fixes: - Fixed that QEMU migration fails if a qemu-vdagent channel is present in the VM bsc1257474...

SUSE CVE-2026-0665

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption...

Linux Distros Unpatched Vulnerability : CVE-2026-0665

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process...