Description
An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition.
Problem types
Integer Overflow or Wraparound
Product status
8.2.0 (semver)
Timeline
| 2026-03-02: | Reported to Red Hat. |
| 2026-02-20: | Made public. |
Credits
Red Hat would like to thank Mingyuan Luo for reporting this issue.
References
access.redhat.com/security/cve/CVE-2026-3196
bugzilla.redhat.com/show_bug.cgi?id=2443789 (RHBZ#2443789)