CVE-2026-10047

Published: Giu 02, 2026 Last Modified: Giu 02, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,5

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With SS=0xFFFF and ESP=0xFFFF, the computed offset can reach 0x10FFEF, exceeding the RealModeMemory buffer by 65,519 bytes. The IRET frame push can therefore write past the end of the buffer into the hypervisor heap. The product is end-of-life and unsupported when assigned.

787

Out-of-bounds Write

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Availability Other

Potential Impacts:

Modify Memory Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Unexpected State

Applicable Platforms

Languages: Memory-Unsafe, C, C++, Assembly

Technologies: ICS/OT

Likelihood of Exploit: High

View CWE Details

https://www.bitdefender.com/support/security-advisories/out…

https://www.bitdefender.com/support/security-advisories/out-of-bounds-write-in-…

CVE-2026-10047

Description

Out-of-bounds Write

Common Consequences

Applicable Platforms

Iscriviti alla newsletter