CVE-2024-7730 Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb()

🗓️ 14 Nov 2024 12:11:50Reported by fedoraType

Heap buffer overflow in virtio-snd device reading input audi

Reporter	Title	Published	Views	Family All 41
AstraLinux	Astra Linux - уязвимость в qemu	11 Feb 202507:35	–	astralinux
Tenable Nessus	Azure Linux 3.0 Security Update: qemu (CVE-2024-7730)	22 Jan 202600:00	–	nessus
Tenable Nessus	NewStart CGSL MAIN 7.02 : qemu Multiple Vulnerabilities (NS-SA-2025-0072)	9 Jun 202500:00	–	nessus
Tenable Nessus	NewStart CGSL MAIN 7.02 : qemu Multiple Vulnerabilities (NS-SA-2025-0153)	25 Jul 202500:00	–	nessus
Tenable Nessus	TencentOS Server 4: qemu (TSSA-2024:0500)	16 Jun 202500:00	–	nessus
Tenable Nessus	TencentOS Server 4: qemu (TSSA-2026:0167)	16 Mar 202600:00	–	nessus
Tenable Nessus	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : QEMU vulnerabilities (USN-7094-1)	11 Nov 202400:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2024-7730	6 Mar 202500:00	–	nessus
BDU FSTEC	The vulnerability of the virtio_snd_pcm_in_cb function in the QEMU hardware emulation software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.	22 Nov 202400:00	–	bdu_fstec
CBLMariner	CVE-2024-7730 affecting package qemu for versions less than 8.2.0-14	6 May 202521:21	–	cbl_mariner

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "9.1.0",
        "versionType": "semver"
      }
    ],
    "packageName": "qemu",
    "collectionURL": "https://gitlab.com/qemu-project/qemu"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm-ma",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "virt:rhel/qemu-kvm",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "virt:av/qemu-kvm",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:advanced_virtualization:8::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2024-7730
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

14 Nov 2024 12:11Current

CVSS 3.17.4

EPSS0.00038

CWE-122