CVE-2022-26354

Published: Mar 16, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.

Vendor	Product	Versions
n/a	qemu-kvm	affected `Affected QEMU versions <= 6.2.0`

Weaknesses (CWE)

CWE-772

References

https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf

x_refsource_MISC

[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update

mailing-list

x_refsource_MLIST

https://security.netapp.com/advisory/ntap-20220425-0003/

x_refsource_CONFIRM

DSA-5133

vendor-advisory

x_refsource_DEBIAN

GLSA-202208-27

vendor-advisory

x_refsource_GENTOO

[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-26354

Description

Affected Products

Weaknesses (CWE)

References