Description
A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9Attack Vector: Local
Complexity: Low
Privileges: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High
Affected Packages3 packages
🔴Vulnerability Details
4GHSAGHSA-pfxg-46gm-p35h: A heap buffer overflow was found in the virtio-snd device in QEMU↗2024-11-14 OSVCVE-2024-7730: A heap buffer overflow was found in the virtio-snd device in QEMU↗2024-11-14 CVEListQemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb()↗2024-11-14 OSVqemu vulnerabilities↗2024-11-08 📋Vendor Advisories
5Red Hatqemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete fix for CVE-2024-7730)↗2026-02-20 MicrosoftQemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb()↗2024-11-12 UbuntuQEMU vulnerabilities↗2024-11-08 Red Hatqemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb()↗2024-07-05 DebianCVE-2024-7730: qemu - A heap buffer overflow was found in the virtio-snd device in QEMU. When reading ...↗2024