PT-2022-4821 · Qemu+9 · Qemu+9

Victor Tom

Published

2022-03-08

Updated

2024-06-15

CVE-2022-26353

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions QEMU version 6.2.0

Description A flaw in the virtio-net device of QEMU is related to an error in handling cached virtqueue elements, which can lead to memory leakage and other unexpected results. This issue allows a remote attacker to cause a denial of service.

Recommendations For QEMU version 6.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

ALSA-2022:5263

ALSA-2022:5821

ALT-PU-2022-2009

ALT-PU-2022-3081

ALT-PU-2022-3390

ALT-PU-2023-1830

ALT-PU-2023-1869

AZL-35157

AZL-9748

BDU:2022-05847

CESA-2022_5821

CVE-2022-26353

DSA-5133-1

OESA-2022-1662

OPENSUSE-SU-2022_2260-1

OPENSUSE-SU-2024:12209-1

RHSA-2022:5002

RHSA-2022:5263

RHSA-2022:5821

RHSA-2022_5263

RHSA-2022_5821

RLSA-2022:5821

SUSE-SU-2022:2260-1

USN-5489-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Qemu

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2022-4821 · Qemu+9 · Qemu+9

CVE-2022-26353

Weakness Enumeration

Related Identifiers

Affected Products

References · 87