CVE-2024-7730

High CVSS 7.4

Overview

A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero.

CWE: CWE-122 Published: 2024-11-14T12:15:18.857

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.4 (HIGH)
Detected tags: buffer, oob_write (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags