[Git][security-tracker-team/security-tracker][master] Add CVE-2026-3195 and update relation from CVE-2024-7730

Mon, 02 Mar 2026 23:14:52 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8d1b0128 by Salvatore Bonaccorso at 2026-03-03T08:14:06+01:00
Add CVE-2026-3195 and update relation from CVE-2024-7730

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -186663,6 +186663,14 @@ CVE-2024-20083 (In venc, there is a possible out of 
bounds write due to a missin
        NOT-FOR-US: Mediatek
 CVE-2024-20082 (In Modem, there is a possible memory corruption due to a 
missing bound ...)
        NOT-FOR-US: Mediatek
+CVE-2026-3195
+       - qemu <unfixed>
+       [bookworm] - qemu <not-affected> (Incomplete fix for CVE-2024-7730 not 
applied)
+       [bullseye] - qemu <not-affected> (Incomplete fix for CVE-2024-7730 not 
applied)
+       NOTE: CVE exists for an incomplete fix for CVE-2024-7730
+       NOTE: 
https://lore.kernel.org/qemu-devel/[email protected]/
+       NOTE: Fixed by: 
https://gitlab.com/qemu-project/qemu/-/commit/bcb53328aa70023f1405fade4e253e7f77567261
+       NOTE: Fixed by: 
https://gitlab.com/qemu-project/qemu/-/commit/7994203bb1b83a6604f3ab00fe9598909bb66164
 CVE-2024-7730 (A heap buffer overflow was found in the virtio-snd device in 
QEMU. Whe ...)
        - qemu 1:9.1.0+ds-1
        [bookworm] - qemu <no-dsa> (Minor issue)
@@ -186670,6 +186678,7 @@ CVE-2024-7730 (A heap buffer overflow was found in 
the virtio-snd device in QEMU
        NOTE: 
https://lore.kernel.org/qemu-devel/[email protected]/
        NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2427
        NOTE: Fixed by: 
https://gitlab.com/qemu-project/qemu/-/commit/98e77e3dd8dd6e7aa9a7dffa60f49c8c8a49d4e3
 (v9.1.0-rc0)
+       NOTE: When fixing this issue make sure to make the fixes complete to 
not open up CVE-2026-3195
 CVE-2024-7746 (Use of Default Credentials vulnerability in Tananaev Solutions 
Traccar ...)
        NOT-FOR-US: Tananaev Solutions Traccar Server
 CVE-2024-7741 (A vulnerability was found in wanglongcn ltcms 1.0.20 and 
classified as ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d1b012867fc269ae79f5b18d92af13c4c8574a2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d1b012867fc269ae79f5b18d92af13c4c8574a2
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to