CVE-2026-3196
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition.
Risk Assessment
This vulnerability may lead to serious availability issues as unbounded memory allocation can exhaust the host's resources. Organizations should be aware of the risks associated with running malicious guests.
Recommendation
It is recommended to update virtualization software and to monitor and restrict resource access by guests to minimize the risk of exploitation of this vulnerability.
Original NVD description (English source)
An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition.

