Detections
Analytics

QEMU 8.1.x < 10.0.10 / 10.2.x < 10.2.3 / 11.0.x < 11.0.1 Privilege Escalation

high Nessus Plugin ID 320870

Synopsis

The remote host has virtualization software installed that is affected by a privilege escalation vulnerability.

Description

The version of QEMU installed on the remote Windows host is affected by a privilege escalation vulnerability:

 - An integer overflow exists in the calc_image_hostmem function within the virtio-gpu driver due to the lack of proper validation of user-supplied data before allocating a buffer. A local attacker who has obtained the ability to execute low-privileged code on the target guest system can exploit this to escalate privileges and execute arbitrary code in the context of the host system. (CVE-2026-3886)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to QEMU 10.0.10 / 10.2.3 / 11.0.1 or later.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-26-332/

http://www.nessus.org/u?f2775493

Plugin Details

Severity: High

ID: 320870

File Name: qemu_win_10_0_10.nasl

Version: 1.1

Type: Local

Agent: windows

Family: Windows

Published: 6/12/2026

Updated: 6/12/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-3886

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:qemu:qemu

Required KB Items: installed_sw/QEMU

Patch Publication Date: 6/9/2026

Vulnerability Publication Date: 6/9/2026

Reference Information

CVE: CVE-2026-3886

IAVB: 2026-B-0152