CVE-2022-26353
HIGHQEMU 6.2.0 - Memory Leak via Virtio-Net Device Error Handling
Title source: llmDescription
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
References (5)
Core 5
Core References
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html
Patch, Third Party Advisory x_refsource_misc
https://gitlab.com/qemu-project/qemu/-/commit/abe300d9d894f7138e1af7c8e9c88c04bfe98b37
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220425-0003/
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2022/dsa-5133
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202208-27
Scores
CVSS v3
7.5
EPSS
0.0270
EPSS Percentile
83.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-772
Status
published
Products (2)
debian/debian_linux
11.0
qemu/qemu
6.2.0
Published
Mar 16, 2022
Tracked Since
Feb 18, 2026