Skip to main content
CVE Vulnerability Database

CVE-2026-3195: QEMU Buffer Overflow Vulnerability

CVE-2026-3195 is a buffer overflow flaw in QEMU's virtio-snd device that can lead to heap out-of-bounds write during audio input processing. This article covers technical details, affected versions, impact, and mitigation.

Published:

CVE-2026-3195 Overview

CVE-2026-3195 is a heap out-of-bounds write vulnerability in QEMU's virtio-snd paravirtualized sound device. The flaw resides in the virtio_snd_pcm_in_cb input callback, which fails to verify that the I/O vector (iov) can accommodate the incoming audio data buffer. A guest with access to the virtio-snd device can trigger a write past the bounds of a heap allocation in the QEMU host process. The issue stems from an incomplete fix for CVE-2024-7730, leaving the same code path exploitable through a different boundary condition. The weakness is classified as [CWE-122] Heap-based Buffer Overflow.

Critical Impact

A local attacker inside a guest virtual machine can corrupt heap memory in the QEMU host process, leading to denial of service or potential code execution on the hypervisor host.

Affected Products

  • QEMU builds that include the virtio-snd device
  • Linux distributions shipping affected QEMU versions (per Red Hat advisory)
  • Virtualization stacks layered on QEMU/KVM exposing virtio-snd to guests

Discovery Timeline

  • 2026-06-19 - CVE-2026-3195 published to NVD
  • 2026-06-22 - Last updated in NVD database

Technical Details for CVE-2026-3195

Vulnerability Analysis

QEMU's virtio-snd device emulates a paravirtualized sound card for guests using the VirtIO transport. The virtio_snd_pcm_in_cb callback handles input (capture) audio buffers returned to the guest. When the host delivers PCM data into the guest-provided scatter-gather list, the callback copies bytes into the I/O vector without confirming the vector's total capacity matches or exceeds the source buffer length. When the data length exceeds the destination vector size, the copy overflows the heap allocation backing the I/O vector.

This vulnerability is a regression of CVE-2024-7730. The earlier patch addressed a similar boundary issue on a related path, but the input callback retained an unchecked length, leaving an equivalent overflow reachable. Successful exploitation corrupts adjacent heap metadata or object fields in the QEMU process, enabling host-side memory corruption from inside the guest.

Root Cause

The root cause is missing length validation between the source audio payload and the destination iov in virtio_snd_pcm_in_cb. The function assumes the guest-provided scatter-gather list is large enough to hold the audio data without comparing the cumulative iov length to the buffer size.

Attack Vector

The attack vector is local to the virtualization host: an attacker must already control a guest VM that has the virtio-snd device attached. By manipulating the queued capture descriptors so that the aggregate iov length is smaller than the audio data delivered by the callback, the attacker triggers the out-of-bounds write into the QEMU host heap. Attack complexity is high because the attacker must shape host heap layout and time the capture callback. No host-side authentication or user interaction is required. Refer to the Red Hat CVE-2026-3195 Advisory and Red Hat Bugzilla Report #2443817 for upstream analysis.

Detection Methods for CVE-2026-3195

Indicators of Compromise

  • Unexpected QEMU process crashes, SIGABRT events, or glibc heap corruption messages such as malloc(): corrupted originating from VMs with virtio-snd attached
  • Guest workloads issuing anomalous virtio-snd capture descriptor patterns with mismatched iov lengths
  • Coredumps of qemu-system-* referencing virtio_snd_pcm_in_cb on the call stack

Detection Strategies

  • Audit running QEMU instances to enumerate guests with the virtio-snd device attached and prioritize them for monitoring
  • Enable AddressSanitizer or glibc malloc hardening (MALLOC_CHECK_, GLIBC_TUNABLES) on test hosts to surface the overflow during validation
  • Correlate host kernel and hypervisor logs with guest activity to identify suspicious VMs producing repeated QEMU faults

Monitoring Recommendations

  • Alert on abnormal termination of qemu-system-* processes and capture coredumps for forensic review
  • Track package versions of qemu, qemu-kvm, and related components across the fleet to confirm patch coverage
  • Monitor virtualization audit logs for unexpected device hot-plug of virtio-snd into guests that should not have audio

How to Mitigate CVE-2026-3195

Immediate Actions Required

  • Inventory all hypervisor hosts and identify QEMU instances exposing the virtio-snd device to guests
  • Detach the virtio-snd device from guests that do not require audio emulation until patches are applied
  • Restrict guest provisioning so that only trusted tenants can request virtio-snd

Patch Information

Apply the QEMU updates referenced in the Red Hat CVE-2026-3195 Advisory. Because this CVE is documented as an incomplete fix for CVE-2024-7730, confirm that the deployed package includes the new length validation in virtio_snd_pcm_in_cb and not only the prior CVE-2024-7730 fix. Rebuild or redeploy guests after upgrading the host QEMU binaries and restarting affected VMs.

Workarounds

  • Remove the virtio-sound-pci (or equivalent virtio-snd) device from guest domain XML or command-line definitions where audio is not required
  • Use sVirt/SELinux confinement and run QEMU under a dedicated, least-privileged user to limit the blast radius of host-side memory corruption
  • Apply mandatory access control profiles (AppArmor, SELinux svirt_t) to prevent a compromised QEMU process from accessing other VM disk images or host resources
bash
# Example: remove virtio-snd from a libvirt guest until patched
virsh dumpxml <guest> > /tmp/<guest>.xml
# Edit /tmp/<guest>.xml and delete the <sound model='virtio'/> element
virsh define /tmp/<guest>.xml
virsh destroy <guest> && virsh start <guest>

# Verify patched QEMU package (Red Hat-based distros)
rpm -q --changelog qemu-kvm | grep -i CVE-2026-3195

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.