PT-2022-4825 · Qemu+9 · Qemu+9

Victorv

Published

2022-02-28

Updated

2024-06-15

CVE-2022-26354

CVSS v3.1

3.2

Low

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions QEMU versions <= 6.2.0

Description A flaw was found in the vhost-vsock device of QEMU, where an invalid element was not detached from the virtqueue before freeing its memory in case of error, leading to memory leakage and other unexpected results. This issue can be exploited by an attacker to cause a denial of service.

Recommendations For QEMU versions <= 6.2.0, update to a version greater than 6.2.0 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

Exploit

Fix

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

ALSA-2022:5263

ALSA-2022:5821

ALT-PU-2022-2009

ALT-PU-2022-3081

ALT-PU-2022-3390

ALT-PU-2023-1830

ALT-PU-2023-1869

AZL-35158

AZL-9095

BDU:2022-05851

CESA-2022_5821

CVE-2022-26354

DLA-2970-1

DLA-3099-1

DSA-5133-1

OESA-2022-1662

OPENSUSE-SU-2022_2254-1

OPENSUSE-SU-2022_2260-1

OPENSUSE-SU-2023_3721-1

OPENSUSE-SU-2024:12209-1

RHSA-2022:5002

RHSA-2022:5263

RHSA-2022:5821

RHSA-2022_5263

RHSA-2022_5821

RLSA-2022:5821

SUSE-SU-2022:2254-1

SUSE-SU-2022:2260-1

SUSE-SU-2023:0761-1

SUSE-SU-2023:3721-1

SUSE-SU-2023:3800-1

USN-5489-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Qemu

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2022-4825 · Qemu+9 · Qemu+9

CVE-2022-26354

Weakness Enumeration

Related Identifiers

Affected Products

References · 127