CVE-2026-9539

MEDIUM EPSS 1.3%

Published Jun 24, 20266d ago · Modified Jun 24, 20266d ago

6.5 CVSS 3.1

Medium

Published Jun 24, 2026 6d ago

Last Modified Jun 24, 2026 6d ago

Description

An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments (e.g., QEMU) allows a privileged guest VM attacker (root or CAP_NET_RAW) to leak gigabytes of sensitive host-process heap memory via sending crafted TCP segments with manipulated URG flags and urgent pointers (ti_urp).

CVSS Details

Base Score

6.5

Exploitability

2.0

Impact

4.0

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Changed

Confidentiality High

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

1.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

References 3

gitlab.freedesktop.org https://gitlab.freedesktop.org/slirp/libslirp/-/commit/927bca7344e31fd58e2f7afaca784aad4400eb84
gitlab.freedesktop.org https://gitlab.freedesktop.org/slirp/libslirp/-/releases/v4.9.2
gitlab.freedesktop.org https://gitlab.freedesktop.org/slirp/libslirp/-/work_items/93

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.