A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pcm_in_cb` function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730.
References
Configurations
No configuration.
History
30 Jun 2026, 03:19
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
| References | () https://access.redhat.com/security/cve/CVE-2026-3195 - | |
| References | () https://bugzilla.redhat.com/show_bug.cgi?id=2443817 - |
19 Jun 2026, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-19 17:16
Updated : 2026-07-15 02:20
NVD link : CVE-2026-3195
Mitre link : CVE-2026-3195
CVE.ORG link : CVE-2026-3195
JSON object : View
Products Affected
No product.
CWE
CWE-122
Heap-based Buffer Overflow
