CVE-2026-3195
ADVISORY - debianSummary
A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtio_snd_pcm_in_cb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730.
- qemu 1:10.2.2+ds-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129604) [trixie] - qemu 1:10.0.10+ds-0+deb13u1 [bookworm] - qemu (Incomplete fix for CVE-2024-7730 not applied) [bullseye] - qemu (Incomplete fix for CVE-2024-7730 not applied) CVE exists for an incomplete fix for CVE-2024-7730 https://lore.kernel.org/qemu-devel/20260220-virtio-snd-series-v1-0-207c4f7200a2@linaro.org/ Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/bcb53328aa70023f1405fade4e253e7f77567261 (11.0.0-rc0) Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/7994203bb1b83a6604f3ab00fe9598909bb66164 (v11.0.0-rc0) Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/a730f98a7a199706c44dd86a39d961e80e2ad18f (v10.2.2) Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/298986525140149bd749c236c17cfbb507c69e23 (v10.2.2)
EPSS Score: 0.00126 (0.027)
Common Weakness Enumeration (CWE)
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in