First published: Fri Mar 11 2022(Updated: )
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
QEMU qemu | =6.2.0 | |
Debian Debian Linux | =11.0 | |
ubuntu/qemu | <1:2.11+dfsg-1ubuntu7.40 | 1:2.11+dfsg-1ubuntu7.40 |
ubuntu/qemu | <1:4.2-3ubuntu6.23 | 1:4.2-3ubuntu6.23 |
ubuntu/qemu | <1:6.2+dfsg-2ubuntu8 | 1:6.2+dfsg-2ubuntu8 |
ubuntu/qemu | <1:6.0+dfsg-2 | 1:6.0+dfsg-2 |
ubuntu/qemu | <1:6.2+dfsg-2ubuntu6.2 | 1:6.2+dfsg-2ubuntu6.2 |
ubuntu/qemu | <1:6.2+dfsg-2ubuntu8 | 1:6.2+dfsg-2ubuntu8 |
ubuntu/qemu | <1:6.2+dfsg-2ubuntu8 | 1:6.2+dfsg-2ubuntu8 |
debian/qemu | 1:3.1+dfsg-8+deb10u8 1:3.1+dfsg-8+deb10u11 1:5.2+dfsg-11+deb11u3 1:5.2+dfsg-11+deb11u2 1:7.2+dfsg-7+deb12u3 1:8.2.1+ds-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this flaw is CVE-2022-26353.
The severity of CVE-2022-26353 is high with a severity value of 7.5.
QEMU version 6.2.0 is affected by CVE-2022-26353.
CVE-2022-26353 was inadvertently introduced with the fix for CVE-2021-3748.
Yes, there are known fixes available. Please refer to the provided references for more information.