CVE-2026-3195
Received Received - Intake
Heap Out-of-Bounds Write in QEMU virtio-snd Device

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: Fedora Project

Description
A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pcm_in_cb` function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2026-3195
EUVD
EUVD-2026-38043
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
qemu qemu *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a flaw in QEMU's virtio-snd device, specifically in the function `virtio_snd_pcm_in_cb` which handles input audio. The function does not properly check whether the input/output vector (iov) can hold the data buffer, which can lead to a heap out-of-bounds write.

This means that the program might write data outside the allocated memory area, potentially causing memory corruption.

The issue exists because a previous fix for CVE-2024-7730 was incomplete.

Impact Analysis

Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause a denial of service (DoS) by triggering the heap out-of-bounds write.

This means an attacker might gain control over the affected system or crash it, leading to potential data loss or system unavailability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3195. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart