Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| qemu | unfixed | package | ||
| qemu | no-dsa | trixie | package | |
| qemu | not-affected | bookworm | package | |
| qemu | not-affected | bullseye | package |
Примечания
CVE exists for an incomplete fix for CVE-2024-7730
https://lore.kernel.org/qemu-devel/20260220-virtio-snd-series-v1-0-207c4f7200a2@linaro.org/
Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/bcb53328aa70023f1405fade4e253e7f77567261
Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/7994203bb1b83a6604f3ab00fe9598909bb66164
Связанные уязвимости
CVSS3: 7.4
redhat
около 1 месяца назад
A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pcm_in_cb` function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730.