Description
A flaw was found in virtio-win. A low-integrity process can issue an IOCTL request to viosock.sys!VIOSockSelect with a maliciously crafted request that causes an integer overflow. This allows the process to circumvent bounds checking, resulting in a heap overflow in the NonPagedPool kernel heap. The flaw could be exploited to escalate privileges on Windows systems running this driver.
Published: n/a
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Virtio-win
Virtio-win kvm-guest-drivers-windows
Vendors & Products Virtio-win
Virtio-win kvm-guest-drivers-windows

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in virtio-win. A low-integrity process can issue an IOCTL request to viosock.sys!VIOSockSelect with a maliciously crafted request that causes an integer overflow. This allows the process to circumvent bounds checking, resulting in a heap overflow in the NonPagedPool kernel heap. The flaw could be exploited to escalate privileges on Windows systems running this driver.
Title virtio-win: viosock.sys: integer overflow in VIOSockSelect leads to heap-based buffer overflow
Weaknesses CWE-190
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Subscriptions

Virtio-win Kvm-guest-drivers-windows
cve-icon MITRE

No data.

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-16T00:00:00Z

Links: CVE-2026-46655 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T16:04:10Z

Weaknesses