CVE-2026-2243: Qemu-kvm: heap buffer out-of-bounds read in vmdk compressed grain parsing
Published Feb 19, 2026
·Updated
A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition (DoS).
Affected Software
1 affected component
Qemu Qemu
Event History
Feb 19, 2026
Data Sourced
via Red Hat·11:38 AM
DescriptionSeverityAffected Software
CVE Published
via MITRE·05:47 PM
Data Sourced
via MITRE·05:47 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·06:25 PM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2026-2243?
CVE-2026-2243 is considered a moderate severity vulnerability due to its potential to leak sensitive information and cause denial of service.
2
How do I fix CVE-2026-2243?
To fix CVE-2026-2243, upgrade to the latest version of QEMU where this vulnerability has been patched.
3
What type of vulnerability is CVE-2026-2243?
CVE-2026-2243 is an out-of-bounds read vulnerability affecting the handling of specially crafted VMDK images.
4
What are the potential impacts of CVE-2026-2243?
The impacts of CVE-2026-2243 include a 12-byte leak of sensitive information and possible denial of service conditions.
5
Which software is affected by CVE-2026-2243?
CVE-2026-2243 affects the QEMU virtualization software.