A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
References
Link | Resource |
---|---|
https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202208-27 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220425-0003/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5133 | Third Party Advisory |
Configurations
History
26 Oct 2022, 17:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202208-27 - Third Party Advisory |
05 Sep 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Aug 2022, 11:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 May 2022, 20:47
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5133 - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220425-0003/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html - Mailing List, Third Party Advisory |
10 May 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Apr 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Apr 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Mar 2022, 18:22
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 3.2 |
CWE | CWE-772 | |
References | (MISC) https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* |
16 Mar 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-16 15:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-26354
Mitre link : CVE-2022-26354
CVE.ORG link : CVE-2022-26354
JSON object : View
Products Affected
debian
- debian_linux
qemu
- qemu
CWE
CWE-772
Missing Release of Resource after Effective Lifetime