CVE-2026-5744

Public on 2026-04-27
Modified on 2026-04-27
Description
hw/uefi: heap overflow

NOTE: Introduced with: https://gitlab.com/qemu-project/qemu/-/commit/90ca4e03c27dc8ac821a2e1686e705ae9a93d301 (v10.0.0-rc0)
NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/af74c9e46bb55e2da042315a0c65666f59c61686 (v11.0.0-rc3)
Severity
Medium severity
Medium
See what this means
CVSS v3 Base Score
5.2
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core qemu Not Affected
Amazon Linux 2023 qemu Not Affected
Amazon Linux 2 - Core qemu-kvm Not Affected

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2026-5744 Mitre: CVE-2026-5744