CVE-2022-26354
Published: 16 March 2022
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
Priority
Status
Package | Release | Status |
---|---|---|
qemu Launchpad, Ubuntu, Debian |
bionic |
Released
(1:2.11+dfsg-1ubuntu7.40)
|
focal |
Released
(1:4.2-3ubuntu6.23)
|
|
impish |
Released
(1:6.0+dfsg-2expubuntu1.3)
|
|
jammy |
Released
(1:6.2+dfsg-2ubuntu6.2)
|
|
kinetic |
Released
(1:6.2+dfsg-2ubuntu8)
|
|
lunar |
Released
(1:6.2+dfsg-2ubuntu8)
|
|
mantic |
Released
(1:6.2+dfsg-2ubuntu8)
|
|
trusty |
Needed
|
|
upstream |
Needs triage
|
|
xenial |
Needed
|
|
Patches: upstream: https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 3.2 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | High |
User interaction | None |
Scope | Changed |
Confidentiality | None |
Integrity impact | None |
Availability impact | Low |
Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L |