Bug 2063257 (CVE-2022-26354) - CVE-2022-26354 QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak
Summary: CVE-2022-26354 QEMU: vhost-vsock: missing virtqueue detach on error can lead ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-26354
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2063258 2063261 2063262 2063263 2063264 2075639 2075640
Blocks: 2063249
TreeView+ depends on / blocked
 
Reported: 2022-03-11 16:11 UTC by Mauro Matteo Cascella
Modified: 2022-10-31 22:34 UTC (History)
26 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results.
Clone Of:
Environment:
Last Closed: 2022-08-31 03:55:56 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:5002 0 None None None 2022-06-13 11:51:41 UTC
Red Hat Product Errata RHSA-2022:5263 0 None None None 2022-06-28 16:06:04 UTC
Red Hat Product Errata RHSA-2022:5821 0 None None None 2022-08-02 10:01:19 UTC

Description Mauro Matteo Cascella 2022-03-11 16:11:40 UTC 
A flaw was found in the vhost-vsock device of QEMU. In case of error, vhost_vsock_common_send_transport_reset() did not detach the invalid element from the virtqueue before freeing its memory, leading to memory leakage or other unexpected results.

Upstream commit:
https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf
Comment 1 Mauro Matteo Cascella 2022-03-11 16:14:09 UTC 
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 2063258]
Comment 4 errata-xmlrpc 2022-06-13 11:51:37 UTC 
This issue has been addressed in the following products:

  Advanced Virtualization for RHEL 8.4.0.EUS

Via RHSA-2022:5002 https://access.redhat.com/errata/RHSA-2022:5002
Comment 5 errata-xmlrpc 2022-06-28 16:06:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:5263 https://access.redhat.com/errata/RHSA-2022:5263
Comment 6 errata-xmlrpc 2022-08-02 10:01:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5821 https://access.redhat.com/errata/RHSA-2022:5821
Comment 7 Product Security DevOps Team 2022-08-31 03:55:53 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-26354
Note You need to log in before you can comment on or make changes to this bug.