{}

{}

{}

{"bugzilla": {"description": "virtio-win: viosock.sys: integer overflow in VIOSockSelect leads to heap-based buffer overflow", "id": "2489170", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489170"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["A flaw was found in virtio-win. A low-integrity process can issue an IOCTL request to viosock.sys!VIOSockSelect with a maliciously crafted request that causes an integer overflow. This allows the process to circumvent bounds checking, resulting in a heap overflow in the NonPagedPool kernel heap. The flaw could be exploited to escalate privileges on Windows systems running this driver."], "name": "CVE-2026-46655", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "virtio-win", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "virtio-win", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "virtio-win", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "container-native-virtualization/virtio-win", "product_name": "Red Hat OpenShift Virtualization 4"}], "public_date": "2026-06-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-46655\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46655\nhttps://github.com/virtio-win/kvm-guest-drivers-windows/security/advisories/GHSA-qrhp-4mhp-hjwh"], "threat_severity": "Important"}

{}