Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.bugs.dist > #1284510

Bug#1129605: qemu: CVE-2026-3196: virtio-snd: integer overflow leading to unbounded memory allocation

From Salvatore Bonaccorso <carnil@debian.org>
Newsgroups linux.debian.bugs.dist
Subject Bug#1129605: qemu: CVE-2026-3196: virtio-snd: integer overflow leading to unbounded memory allocation
Date 2026-03-03 22:10 +0100
Message-ID <MuFa9-4O14-5@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

Source: qemu
Version: 1:10.2.1+ds-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for qemu.

CVE-2026-3196[0]:
| virtio-snd: integer overflow leading to unbounded memory allocation


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-3196
    https://www.cve.org/CVERecord?id=CVE-2026-3196
[1] https://lore.kernel.org/qemu-devel/20260220-virtio-snd-series-v1-0-207c4f7200a2@linaro.org/
[2] https://gitlab.com/qemu-project/qemu/-/commit/61679d7dcfa2dffc8fb115aa19b09e0e7cf5ea5c

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Back to linux.debian.bugs.dist | Previous | Next | Find similar

Thread

Bug#1129605: qemu: CVE-2026-3196: virtio-snd: integer overflow leading to unbounded memory allocation Salvatore Bonaccorso <carnil@debian.org> - 2026-03-03 22:10 +0100

csiph-web