CVE-2024-7730

CVSS 3.1 Score 7.4 of 10 (high)

Details

Published Nov 14, 2024

Updated: Nov 15, 2024

CWE ID 122

Summary

CVE-2024-7730 is a newly discovered vulnerability affecting the virtio-snd device in QEMU. This issue involves a heap buffer overflow in the virtio_snd_pcm_in_cb input callback function. When processing audio input, this function fails to verify that the iov (Input/Output Vector) can accommodate the data buffer. Consequently, an out-of-bounds write can occur if the size of the virtio queue element matches virtio_snd_pcm_status, thereby reducing the available space for audio data to zero. This vulnerability poses a potential risk to systems utilizing QEMU and could lead to unintended code execution or denial-of-service conditions. Users are advised to update their QEMU installation as soon as a patch becomes available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Know What Matters

For Customers

For Partners

CVE-2024-7730

CVSS 3.1 Score 7.4 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations