CVE-2026-3195

ADVISORY - debian

Summary

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtio_snd_pcm_in_cb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730.


EPSS Score: 0.00126 (0.027)

Common Weakness Enumeration (CWE)


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in