216.73.217.22

CVE-2026-10046

· Published 02/06/2026 16:16 · Modified 02/06/2026 17:14

Labels: CVE-2026-10046 2026-06-02CVE-2026-10046CWE-787[email protected]

Essential information

Published
02/06/2026 16:16
Modified
02/06/2026 17:14
Author
Creator
CVSS
8.5 HIGH (v3) 8.5 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_handlers.c. The handler computes a destination offset into the guest RealModeMemory buffer from guest-controlled ES and EDI register values without validating that the resulting address remains within the 1MB RealModeMemory allocation. A malicious guest operating in real mode can trigger the issue by invoking INT 0x15 with AX=0xE820, EDX=0x534D4150, ECX greater than or equal to 20, EBX=0, ES=0xFFFF, and EDI=0xFFFF. This can cause a write of up to 20 bytes past the end of the RealModeMemory buffer into the hypervisor heap. The product is end-of-life and unsupported when assigned.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
bitdefender / napoca cpe:2.3:a:bitdefender:napoca:*:*:*:*:*:*:*:*
bitdefender / bare-metal hypervisor cpe:2.3:a:bitdefender:bare-metal_hypervisor:*:*:*:*:*:*:*:*

References