CVE-2026-3195 Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete fix for cve-2024-7730)

🗓️ 19 Jun 2026 16:23:57Reported by fedoraType

Heap overflow in QEMU virtio-snd input callback due to unchecked iov size; incomplete fix for CVE-2024-7730.

Reporter	Title	Published	Views	Family All 37
ATTACKERKB	CVE-2026-3195	19 Jun 202616:23	–	attackerkb
Circl	CVE-2026-3195	19 Mar 202600:00	–	circl
CVE	CVE-2026-3195	19 Jun 202616:23	–	cve
Debian CVE	CVE-2026-3195	19 Jun 202616:23	–	debiancve
EUVD	EUVD-2026-38043	19 Jun 202616:23	–	euvd
NVD	CVE-2026-3195	19 Jun 202617:16	–	nvd
Tenable Nessus	openSUSE 16 Security Update : qemu (openSUSE-SU-2026:20567-1)	22 Apr 202600:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2026:2385-1)	14 Jun 202600:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : qemu (SUSE-SU-2026:2386-1)	14 Jun 202600:00	–	nessus
Tenable Nessus	TencentOS Server 4: qemu (TSSA-2026:0167)	16 Mar 202600:00	–	nessus

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "8.2.0",
        "versionType": "semver",
        "lessThanOrEqual": "10.2.1"
      }
    ],
    "packageName": "qemu",
    "collectionURL": "https://gitlab.com/qemu-project/qemu",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm-ma",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "virt:rhel/qemu-kvm",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhcos",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2026-3195
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

19 Jun 2026 16:23Current

CVSS 3.17.4

CWE-122