CVE Vulnerability

CVE-2022-26354

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.

2.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

3.2 /10

CVSS v3.0 : LOW

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20220425-0003/ Third Party Advisory
https://www.debian.org/security/2022/dsa-5133 Third Party Advisory
https://security.gentoo.org/glsa/202208-27 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html Mailing List Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Information

Published : 2022-03-16 03:15

Updated : 2023-02-12 10:15

NVD link : CVE-2022-26354

Mitre link : CVE-2022-26354

Products Affected
No products.
CWE
CWE-772