CVE-2026-3195

HIGH

QEMU virtio-snd - Heap Buffer Overflow

Title source: manual

Description

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pcm_in_cb` function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730.

References (3)

Core 3

Core References

Vdb Entry, X_Refsource_Redhat vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2026-3195

Issue Tracking, X_Refsource_Redhat issue-tracking x_refsource_redhat

RHBZ#2443817

https://bugzilla.redhat.com/show_bug.cgi?id=2443817

Vendor Advisory

https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3195.json

Scores

CVSS v3 7.4

EPSS 0.0011

EPSS Percentile 1.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-122

Status published

Products (6)

Red Hat/Red Hat Enterprise Linux 10

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8

Red Hat/Red Hat Enterprise Linux 9

Red Hat/Red Hat OpenShift Container Platform 4

Published Jun 19, 2026

Tracked Since Jun 19, 2026