CVE-2026-0665
📋 TL;DR
An off-by-one error in QEMU's KVM Xen guest support allows malicious guests to trigger out-of-bounds heap accesses via the Xen physdev hypercall interface. This could lead to denial of service or memory corruption in the QEMU process. Affects systems running QEMU with KVM Xen guest support enabled.
💻 Affected Systems
- QEMU
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Memory corruption leading to arbitrary code execution in the QEMU host process, potentially compromising the hypervisor and all guest VMs.
Likely Case
Denial of service through QEMU process crash, disrupting all VMs managed by that QEMU instance.
If Mitigated
Limited impact if Xen guest support is disabled or if proper isolation prevents guest-to-host escalation.
🎯 Exploit Status
Requires a malicious guest VM with ability to make Xen hypercalls; not exploitable from network.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check distribution-specific advisories (e.g., Red Hat, Ubuntu)
Vendor Advisory: https://access.redhat.com/security/cve/CVE-2026-0665
Restart Required: Yes
Instructions:
1. Check your distribution's security advisory. 2. Update QEMU packages to patched version. 3. Restart affected QEMU processes or host.
🔧 Temporary Workarounds
Disable Xen guest support
linuxDisable Xen guest support in QEMU/KVM configuration if not required
Edit QEMU configuration to remove Xen-related options
Ensure '-machine xen' or similar is not used
🧯 If You Can't Patch
- Isolate guest VMs using strict network segmentation and resource limits
- Monitor QEMU process crashes and suspicious guest behavior
🔍 How to Verify
Check if Vulnerable:
Check QEMU version and if Xen guest support is enabled in configurationCheck Version:
qemu-system-x86_64 --versionVerify Fix Applied:
Verify QEMU version is updated to patched version from vendor📡 Detection & Monitoring
Log Indicators:
- QEMU process crashes
- Kernel logs showing memory corruption in QEMU
Network Indicators:
- None (not network exploitable)
SIEM Query:
Process:qemu AND (EventID:1000 OR "segmentation fault")