Vulnerabilities > CVE-2022-26354
Attack vector
LOCAL Attack complexity
LOW Privileges required
HIGH Confidentiality impact
NONE Integrity impact
NONE Availability impact
LOW Summary
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
Vulnerable Configurations
References
- https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf
- https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf
- https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html
- https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html
- https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
- https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
- https://security.gentoo.org/glsa/202208-27
- https://security.gentoo.org/glsa/202208-27
- https://security.netapp.com/advisory/ntap-20220425-0003/
- https://security.netapp.com/advisory/ntap-20220425-0003/
- https://www.debian.org/security/2022/dsa-5133
- https://www.debian.org/security/2022/dsa-5133