CVE-2022-26354
N/A
N/A
Summary
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | qemu-kvm | Affected QEMU versions <= 6.2.0 | affected |
Weaknesses
- CWE-772: CWE-772
ADP Enrichment
CVE Program Container
Additional References
- https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf
- https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html
- https://security.netapp.com/advisory/ntap-20220425-0003/
- https://www.debian.org/security/2022/dsa-5133
- https://security.gentoo.org/glsa/202208-27
- https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
References
- https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf
- https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html
- https://security.netapp.com/advisory/ntap-20220425-0003/
- https://www.debian.org/security/2022/dsa-5133
- https://security.gentoo.org/glsa/202208-27
- https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.