CVE-2022-26354

EPSS 0.01%
Published 16.03.2022 15:15:16
Last modified 21.11.2024 06:53:48
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Qemu ≫ Qemu Version <= 6.2.0

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.01

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.2	1.5	1.4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html

Third Party Advisory

Mailing List

https://security.gentoo.org/glsa/202208-27

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20220425-0003/

Third Party Advisory

https://www.debian.org/security/2022/dsa-5133

Third Party Advisory

https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-26354

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-26354

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-26354

EUVD