CVE-2024-7730

A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.4 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2024-7730	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2304289	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

History

05 Aug 2025, 18:26

Type	Values Removed	Values Added
First Time		Qemu qemu Qemu
References	~~() https://access.redhat.com/security/cve/CVE-2024-7730 -~~	() https://access.redhat.com/security/cve/CVE-2024-7730 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2304289 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2304289 - Issue Tracking, Third Party Advisory
CPE		cpe:2.3:a:qemu:qemu::::::::

15 Nov 2024, 13:58

Type	Values Removed	Values Added
Summary		(es) Se encontró un desbordamiento del búfer de montón en el dispositivo virtio-snd en QEMU. Al leer el audio de entrada en la devolución de llamada de entrada virtio-snd, virtio_snd_pcm_in_cb, la función no verificó si el iov puede caber en el búfer de datos. Este problema puede desencadenar una escritura fuera de los límites si el tamaño del elemento de cola virtio es igual a virtio_snd_pcm_status, lo que hace que el espacio disponible para los datos de audio sea cero.

14 Nov 2024, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-14 12:15

Updated : 2025-08-05 18:26

NVD link : CVE-2024-7730

Mitre link : CVE-2024-7730

CVE.ORG link : CVE-2024-7730

JSON object : View

Products Affected

qemu

qemu

CWE

CWE-122

Heap-based Buffer Overflow

{"id": "CVE-2024-7730", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.4}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-11-14T12:15:18.857", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-7730", "tags": ["Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304289", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero."}, {"lang": "es", "value": "Se encontr\u00f3 un desbordamiento del b\u00fafer de mont\u00f3n en el dispositivo virtio-snd en QEMU. Al leer el audio de entrada en la devoluci\u00f3n de llamada de entrada virtio-snd, virtio_snd_pcm_in_cb, la funci\u00f3n no verific\u00f3 si el iov puede caber en el b\u00fafer de datos. Este problema puede desencadenar una escritura fuera de los l\u00edmites si el tama\u00f1o del elemento de cola virtio es igual a virtio_snd_pcm_status, lo que hace que el espacio disponible para los datos de audio sea cero."}], "lastModified": "2025-08-05T18:26:29.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE556470-EB2B-4214-8692-9B71A13DD1A6", "versionEndExcluding": "9.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}