PT-2024-8584 · Qemu+4 · Qemu+4
Mauro Matteo Cascella
·
Published
2024-07-05
·
Updated
2024-11-19
·
CVE-2024-7730
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
QEMU (affected versions not specified)
Description
A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback,
virtio snd pcm in cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio snd pcm status, which makes the available space for audio data zero. The exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Debian
Linuxmint
Qemu
Ubuntu