2440934 – (CVE-2026-2243) CVE-2026-2243 qemu-kvm: Heap buffer out-of-bounds read in VMDK compressed grain parsing

Bug 2440934 (CVE-2026-2243) - CVE-2026-2243 qemu-kvm: Heap buffer out-of-bounds read in VMDK compressed grain parsing

Summary: CVE-2026-2243 qemu-kvm: Heap buffer out-of-bounds read in VMDK compressed gra...

Keywords:
Status:	NEW
Alias:	CVE-2026-2243
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2440943
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-19 11:38 UTC by OSIDB Bzimport
Modified:	2026-04-14 08:41 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-19 11:38:36 UTC

A heap buffer over-read was found in block/vmdk.c. A crafted VMDK file can make qemu-img (or qemu with vmdk disk) read past an allocated buffer, potentially leading to a 12-byte information leak or denial of service.

Patch:
https://lore.kernel.org/qemu-devel/CAJ9qJssSwxkmEVethg57-Ph6maEfButSaV-r07ma9_x1sp6wYg@mail.gmail.com/

Credit:
Halil Oktay (oblivionsage)

Comment 2 Mauro Matteo Cascella 2026-04-14 08:41:28 UTC

Upstream fix:
https://gitlab.com/qemu-project/qemu/-/commit/cfda94eddb6c9c49b66461c950b22845a46a75c9

Note You need to log in before you can comment on or make changes to this bug.