{"id":"AZL-60907","summary":"CVE-2024-7730 affecting package qemu for versions less than 8.2.0-16","details":"A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero.","modified":"2026-04-01T05:19:54.031763Z","published":"2024-11-14T12:15:18Z","upstream":["CVE-2024-7730"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7730"}],"affected":[{"package":{"name":"qemu","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/qemu"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.2.0-16"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-60907.json"}}],"schema_version":"1.7.5"}