CVE-2024-7730

A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.4 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2024-7730	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2304289	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-11-14 12:15

Updated : 2025-08-05 18:26

NVD link : CVE-2024-7730

Mitre link : CVE-2024-7730

CVE.ORG link : CVE-2024-7730

JSON object : View

Products Affected

qemu

qemu

CWE

CWE-122

Heap-based Buffer Overflow

{"id": "CVE-2024-7730", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.4}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-11-14T12:15:18.857", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-7730", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304289", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero."}, {"lang": "es", "value": "Se encontr\u00f3 un desbordamiento del b\u00fafer de mont\u00f3n en el dispositivo virtio-snd en QEMU. Al leer el audio de entrada en la devoluci\u00f3n de llamada de entrada virtio-snd, virtio_snd_pcm_in_cb, la funci\u00f3n no verific\u00f3 si el iov puede caber en el b\u00fafer de datos. Este problema puede desencadenar una escritura fuera de los l\u00edmites si el tama\u00f1o del elemento de cola virtio es igual a virtio_snd_pcm_status, lo que hace que el espacio disponible para los datos de audio sea cero."}], "lastModified": "2025-08-05T18:26:29.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE556470-EB2B-4214-8692-9B71A13DD1A6", "versionEndExcluding": "9.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}