CVE-2026-3195
HighCVSS 7.4Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
A vulnerability was found in QEMU's virtio-snd driver. The `virtio_snd_pcm_in_cb` function does not check if the iov buffer is large enough for audio data, potentially leading to a heap out-of-bounds write. This issue is due to an incomplete fix for CVE-2024-7730.
Risk Assessment
An attacker within a virtual machine could exploit this vulnerability to write beyond the heap, potentially causing QEMU to crash or leading to privilege escalation on the host system.
Recommendation
It is recommended to immediately update QEMU to a version containing the complete fix for CVE-2024-7730 and this vulnerability. If an update is not possible, temporarily disable the virtio-snd device in virtual machine configurations.
Original NVD description (English source)
A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pcm_in_cb` function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730.

