[Git][security-tracker-team/security-tracker][master] Add CVE-2026-3195 and update relation from CVE-2024-7730

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 3 07:14:43 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8d1b0128 by Salvatore Bonaccorso at 2026-03-03T08:14:06+01:00
Add CVE-2026-3195 and update relation from CVE-2024-7730

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -186663,6 +186663,14 @@ CVE-2024-20083 (In venc, there is a possible out of bounds write due to a missin
 	NOT-FOR-US: Mediatek
 CVE-2024-20082 (In Modem, there is a possible memory corruption due to a missing bound ...)
 	NOT-FOR-US: Mediatek
+CVE-2026-3195
+	- qemu <unfixed>
+	[bookworm] - qemu <not-affected> (Incomplete fix for CVE-2024-7730 not applied)
+	[bullseye] - qemu <not-affected> (Incomplete fix for CVE-2024-7730 not applied)
+	NOTE: CVE exists for an incomplete fix for CVE-2024-7730
+	NOTE: https://lore.kernel.org/qemu-devel/20260220-virtio-snd-series-v1-0-207c4f7200a2@linaro.org/
+	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/bcb53328aa70023f1405fade4e253e7f77567261
+	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/7994203bb1b83a6604f3ab00fe9598909bb66164
 CVE-2024-7730 (A heap buffer overflow was found in the virtio-snd device in QEMU. Whe ...)
 	- qemu 1:9.1.0+ds-1
 	[bookworm] - qemu <no-dsa> (Minor issue)
@@ -186670,6 +186678,7 @@ CVE-2024-7730 (A heap buffer overflow was found in the virtio-snd device in QEMU
 	NOTE: https://lore.kernel.org/qemu-devel/virtio-snd-fuzz-2427-fix-v1-manos.pitsidianakis@linaro.org/
 	NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2427
 	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/98e77e3dd8dd6e7aa9a7dffa60f49c8c8a49d4e3 (v9.1.0-rc0)
+	NOTE: When fixing this issue make sure to make the fixes complete to not open up CVE-2026-3195
 CVE-2024-7746 (Use of Default Credentials vulnerability in Tananaev Solutions Traccar ...)
 	NOT-FOR-US: Tananaev Solutions Traccar Server
 CVE-2024-7741 (A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d1b012867fc269ae79f5b18d92af13c4c8574a2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d1b012867fc269ae79f5b18d92af13c4c8574a2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260303/13b8a47f/attachment.htm>

More information about the debian-security-tracker-commits mailing list