CVE-2022-26354
Summary
| CVE | CVE-2022-26354 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-03-16 15:15:00 UTC |
|---|
| Updated | 2023-02-12 22:15:00 UTC |
|---|
| Description | A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| vhost-vsock: detach the virqueue element in case of error (8d1b247f) · Commits · QEMU / QEMU · GitLab |
MISC |
gitlab.com |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| March 2022 QEMU Vulnerabilities in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| [SECURITY] [DLA 3099-1] qemu security update |
MLIST |
lists.debian.org |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| 2063257 – (CVE-2022-26354) CVE-2022-26354 QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak |
MISC |
bugzilla.redhat.com |
|
| Debian -- Security Information -- DSA-5133-1 qemu |
DEBIAN |
www.debian.org |
|
| QEMU: Multiple Vulnerabilities (GLSA 202208-27) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| [SECURITY] [DLA 2970-1] qemu security update |
MLIST |
lists.debian.org |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159862 Oracle Enterprise Linux Security Update for qemu (ELSA-2022-9432)
- 159880 Oracle Enterprise Linux Security Update for kvm_utils (ELSA-2022-9460)
- 159965 Oracle Enterprise Linux Security Update for qemu-kvm (ELSA-2022-5263)
- 160024 Oracle Enterprise Linux Security Update for virt:ol and virt-devel:ol (ELSA-2022-5821)
- 179172 Debian Security Update for qemu (DLA 2970-1)
- 179273 Debian Security Update for qemu (DSA 5133-1)
- 180995 Debian Security Update for qemu (DLA 3099-1)
- 198837 Ubuntu Security Notification for QEMU Vulnerabilities (USN-5489-1)
- 240530 Red Hat Update for qemu-kvm (RHSA-2022:5263)
- 240585 Red Hat Update for virt:rhel and virt-devel:rhel security (RHSA-2022:5821)
- 377638 Alibaba Cloud Linux Security Update for virt:rhel and virt-devel:rhel (ALINUX3-SA-2022:0168)
- 710604 Gentoo Linux QEMU Multiple Vulnerabilities (GLSA 202208-27)
- 752284 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2022:2254-1)
- 752288 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2022:2260-1)
- 753802 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2023:0761-1)
- 754898 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2023:3721-1)
- 754937 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2023:3800-1)
- 900769 Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (9090)
- 901981 Common Base Linux Mariner (CBL-Mariner) Security Update for qemu (9095)
- 902109 Common Base Linux Mariner (CBL-Mariner) Security Update for qemu (9095-1)
- 905206 Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (9090-1)
- 905868 Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (9090-2)
- 940607 AlmaLinux Security Update for virt:rhel and virt-devel:rhel (ALSA-2022:5821)
- 940626 AlmaLinux Security Update for qemu-kvm (ALSA-2022:5263)
- 960299 Rocky Linux Security Update for virt:rhel and virt-devel:rhel (RLSA-2022:5821)
