Heap-based Buffer Overflow

CVE-2024-7730

High

7.8/10

Summary

A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, "virtio_snd_pcm_in_cb", the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to "virtio_snd_pcm_status", which makes the available space for audio data zero. This issue affects versions 8.2.0-rc0 prior to v9.1.0-rc0.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-122 - Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References

Advisory
Issue
Issue

Advisory Timeline

Published Nov 14, 2024

Heap-based Buffer Overflow

CVE-2024-7730

Summary

CWE-122 - Heap-based Buffer Overflow

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS