CVE-2026-3195

high

Red Hat

CVSS v3 Base Score

7.4

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: February 20, 2026

Last Modified: February 20, 2026

Vendor: Red Hat

Description

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pcm_in_cb` function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730.

CWE

CWE-122

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov

CVE-2026-3195

Vulnerability Report

Description

CWE

Affected Products

References