First published: Fri Mar 11 2022(Updated: )
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
QEMU qemu | <=6.2.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
debian/qemu | 1:5.2+dfsg-11+deb11u3 1:5.2+dfsg-11+deb11u2 1:7.2+dfsg-7+deb12u7 1:9.2.0+ds-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this flaw is CVE-2022-26354.
The affected software includes QEMU versions <= 6.2.0, Debian Linux 9.0, Debian Linux 10.0, and certain versions of the QEMU package on Ubuntu and Debian.
The severity of CVE-2022-26354 is low, with a severity value of 3.2.
The potential consequences of this vulnerability include memory leakage and other unexpected results.
To fix CVE-2022-26354, you should update to a version of QEMU that is greater than 6.2.0, or apply the appropriate security patches for your operating system.