CVE-2026-3196 | An integer overflow vulnerability was found in the virtio-sn… | CVSS 5.5 MEDIUM

Description

An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition.

Metadata

CVE ID: CVE-2026-3196
State: PUBLISHED
Assigner: fedora
Reserved: 2026-02-25 11:09 UTC
Published: 2026-06-19 16:23 UTC
Last updated: 2026-06-19 16:23 UTC
Primary CWE: CWE-190
Integer Overflow or Wraparound
Sources: cve.org · NVD

Severity & Metrics

5.5 MEDIUM CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products (8)

Vendor	Product	Platform	Versions
—	—	—	8.2.0 ≤ 10.2.1
Red Hat	Red Hat Enterprise Linux 10	—	—
Red Hat	Red Hat Enterprise Linux 6	—	—
Red Hat	Red Hat Enterprise Linux 7	—	—
Red Hat	Red Hat Enterprise Linux 7	—	—
Red Hat	Red Hat Enterprise Linux 8	—	—
Red Hat	Red Hat Enterprise Linux 9	—	—
Red Hat	Red Hat OpenShift Container Platform 4	—	—

Weakness (CWE)

CWE	Source	Description
CWE-190	cna	Integer Overflow or Wraparound

CVSS scores (1)

Score	Severity	Version	Source	Vector
5.5	MEDIUM	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References (2)