A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero.
Metrics
Affected Vendors & Products
References
History
Thu, 14 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 14 Nov 2024 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb() | Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb() |
First Time appeared |
Redhat
Redhat advanced Virtualization Redhat enterprise Linux |
|
CPEs | cpe:/a:redhat:advanced_virtualization:8::el8 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat advanced Virtualization Redhat enterprise Linux |
|
References |
|
Fri, 16 Aug 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero. |
Tue, 13 Aug 2024 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb() | |
Weaknesses | CWE-122 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: fedora
Published: 2024-11-14T12:11:50.456Z
Updated: 2024-11-14T19:32:39.807Z
Reserved: 2024-08-13T09:37:50.839Z
Link: CVE-2024-7730
Vulnrichment
Updated: 2024-11-14T19:06:22.677Z
NVD
Status : Received
Published: 2024-11-14T12:15:18.857
Modified: 2024-11-14T12:15:18.857
Link: CVE-2024-7730
Redhat