2063257 – (CVE-2022-26354) CVE-2022-26354 QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak

Bug 2063257 (CVE-2022-26354) - CVE-2022-26354 QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak

Summary: CVE-2022-26354 QEMU: vhost-vsock: missing virtqueue detach on error can lead ...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2022-26354
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2063258 2063261 2063262 2063263 2063264 2075639 2075640
Blocks:	2063249
TreeView+	depends on / blocked

Reported:	2022-03-11 16:11 UTC by Mauro Matteo Cascella
Modified:	2022-10-31 22:34 UTC (History)
CC List:	26 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2022-08-31 03:55:56 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2022:5002	None	None	None	2022-06-13 11:51:41 UTC
Red Hat Product Errata	RHSA-2022:5263	None	None	None	2022-06-28 16:06:04 UTC
Red Hat Product Errata	RHSA-2022:5821	None	None	None	2022-08-02 10:01:19 UTC

Description Mauro Matteo Cascella 2022-03-11 16:11:40 UTC

A flaw was found in the vhost-vsock device of QEMU. In case of error, vhost_vsock_common_send_transport_reset() did not detach the invalid element from the virtqueue before freeing its memory, leading to memory leakage or other unexpected results.

Upstream commit:
https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf

Comment 1 Mauro Matteo Cascella 2022-03-11 16:14:09 UTC

Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 2063258]

Comment 4 errata-xmlrpc 2022-06-13 11:51:37 UTC

This issue has been addressed in the following products:

  Advanced Virtualization for RHEL 8.4.0.EUS

Via RHSA-2022:5002 https://access.redhat.com/errata/RHSA-2022:5002

Comment 5 errata-xmlrpc 2022-06-28 16:06:01 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:5263 https://access.redhat.com/errata/RHSA-2022:5263

Comment 6 errata-xmlrpc 2022-08-02 10:01:16 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5821 https://access.redhat.com/errata/RHSA-2022:5821

Comment 7 Product Security DevOps Team 2022-08-31 03:55:53 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-26354

Note You need to log in before you can comment on or make changes to this bug.

berrange
cfergeau
crobinso
dbecker
jen
jferlan
jjoyce
jmaloy
jschluet
knoel
lhh
lkundrak
lpeer
mburns
mkenneth
mrezanin
mst
ondrejj
pbonzini
philmd
ribarry
rjones
sclewis
slinaber
virt-maint
virt-maint