Bug 2063257 (CVE-2022-26354) - CVE-2022-26354 QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak
Summary: CVE-2022-26354 QEMU: vhost-vsock: missing virtqueue detach on error can lead ...
Keywords:
Status: NEW
Alias: CVE-2022-26354
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2063258 2063262 2063264 2075639 2063261 2063263 2075640
Blocks: 2063249
TreeView+ depends on / blocked
 
Reported: 2022-03-11 16:11 UTC by Mauro Matteo Cascella
Modified: 2022-06-28 16:06 UTC (History)
26 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:5002 0 None None None 2022-06-13 11:51:41 UTC
Red Hat Product Errata RHSA-2022:5263 0 None None None 2022-06-28 16:06:04 UTC

Description Mauro Matteo Cascella 2022-03-11 16:11:40 UTC
A flaw was found in the vhost-vsock device of QEMU. In case of error, vhost_vsock_common_send_transport_reset() did not detach the invalid element from the virtqueue before freeing its memory, leading to memory leakage or other unexpected results.

Upstream commit:
https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf

Comment 1 Mauro Matteo Cascella 2022-03-11 16:14:09 UTC
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 2063258]

Comment 4 errata-xmlrpc 2022-06-13 11:51:37 UTC
This issue has been addressed in the following products:

  Advanced Virtualization for RHEL 8.4.0.EUS

Via RHSA-2022:5002 https://access.redhat.com/errata/RHSA-2022:5002

Comment 5 errata-xmlrpc 2022-06-28 16:06:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:5263 https://access.redhat.com/errata/RHSA-2022:5263


Note You need to log in before you can comment on or make changes to this bug.