A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
References
Link | Resource |
---|---|
https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202208-27 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220425-0003/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5133 | Third Party Advisory |
Configurations
History
12 Feb 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. | |
References |
|
02 Feb 2023, 21:22
Type | Values Removed | Values Added |
---|---|---|
Summary | A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. | |
References |
|
26 Oct 2022, 17:53
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202208-27 - Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
05 Sep 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Aug 2022, 11:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 May 2022, 20:47
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
First Time |
Debian debian Linux
Debian |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5133 - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220425-0003/ - Third Party Advisory |
10 May 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Apr 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Apr 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Mar 2022, 18:22
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 3.2 |
First Time |
Qemu qemu
Qemu |
|
References | (MISC) https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf - Patch, Third Party Advisory | |
CWE | CWE-772 |
16 Mar 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-16 15:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-26354
Mitre link : CVE-2022-26354
CVE.ORG link : CVE-2022-26354
JSON object : View
Products Affected
debian
- debian_linux
qemu
- qemu
CWE
CWE-772
Missing Release of Resource after Effective Lifetime