{"id":"CVE-2026-3196","summary":"Qemu-kvm: virtio-snd: integer overflow leading to unbounded memory allocation","details":"An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition.","modified":"2026-07-15T01:49:10.161275889Z","published":"2026-06-19T16:23:02.849Z","related":["SUSE-SU-2026:21235-1","SUSE-SU-2026:21354-1","SUSE-SU-2026:21883-1","SUSE-SU-2026:21912-1","SUSE-SU-2026:2385-1","SUSE-SU-2026:2386-1","openSUSE-SU-2026:10395-1","openSUSE-SU-2026:20567-1"],"database_specific":{"cwe_ids":["CWE-190"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/3xxx/CVE-2026-3196.json","cna_assigner":"fedora"},"references":[{"type":"WEB","url":"https://access.redhat.com/downloads/content/package-browser/"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2026-3196"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/3xxx/CVE-2026-3196.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3196"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443789"},{"type":"PACKAGE","url":"https://gitlab.com/qemu-project/qemu"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/qemu-project/qemu","events":[{"introduced":"1600b9f46b1bd08b00fe86c46ef6dbb48cbe10d6"},{"last_affected":"2d3df8abca265c9bcc9e438d691d561592060998"}],"database_specific":{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"8.2.0"},{"last_affected":"10.2.1"}]}}],"versions":["v10.2.1","v10.2.0","v10.2.0-rc4","v10.2.0-rc3","v10.2.0-rc2","v10.2.0-rc1","v10.1.0","v10.1.0-rc4","v10.1.0-rc3","v10.1.0-rc2","v10.1.0-rc1","v10.1.0-rc0","v10.0.0","v10.0.0-rc4","v10.0.0-rc3","v10.0.0-rc2","v10.0.0-rc1","v10.0.0-rc0","v9.2.0","v9.2.0-rc3","v9.2.0-rc0","v9.2.0-rc2","v9.2.0-rc1","v9.1.0","v9.1.0-rc4","v9.1.0-rc3","v9.1.0-rc2","v9.1.0-rc1","v9.1.0-rc0","v9.0.0","v9.0.0-rc4","v9.0.0-rc3","v9.0.0-rc2","v9.0.0-rc1","v9.0.0-rc0","v8.2.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3196.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}