Your submission was sent successfully! Close

CVE-2022-26354

Published: 16 March 2022

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.

Priority

Low

CVSS 3 base score: 3.2

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
bionic
Released (1:2.11+dfsg-1ubuntu7.40)
focal
Released (1:4.2-3ubuntu6.23)
impish
Released (1:6.0+dfsg-2expubuntu1.3)
jammy
Released (1:6.2+dfsg-2ubuntu6.2)
trusty Needs triage

upstream Needs triage

xenial Needs triage

Patches:
upstream: https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf