CVE-2026-3195

ADVISORY - debian

Summary

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtio_snd_pcm_in_cb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730.


EPSS Score: 0.00126 (0.027)

Common Weakness Enumeration (CWE)


Debian

CREATED

UPDATED

ADVISORY IDCVE-2026-3195
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2026-3195
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium