CVE Catalog

CVE-2026-3196

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition.

Risk Assessment

This vulnerability may lead to serious availability issues as unbounded memory allocation can exhaust the host's resources. Organizations should be aware of the risks associated with running malicious guests.

Recommendation

It is recommended to update virtualization software and to monitor and restrict resource access by guests to minimize the risk of exploitation of this vulnerability.

Original NVD description (English source)

An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS