Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2024-7730

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Vendors

  • Red Hat

Products

  • Red Hat Enterprise Linux 6,
  • Red Hat Enterprise Linux 7,
  • Red Hat Enterprise Linux 8,
  • Red Hat Enterprise Linux 8 Advanced Virtualization,
  • Red Hat Enterprise Linux 9

Additional Info

Technical Analysis