CVE-2022-26354
LOWQEMU <= 6.2.0 - Memory Leak in vhost-vsock Error Handling
Title source: llmDescription
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
References (6)
Core 6
Core References
Patch, Third Party Advisory x_refsource_misc
https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220425-0003/
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2022/dsa-5133
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202208-27
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
Scores
CVSS v3
3.2
EPSS
0.0039
EPSS Percentile
30.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
Details
CWE
CWE-772
Status
published
Products (3)
debian/debian_linux
9.0
debian/debian_linux
10.0
qemu/qemu
< 6.2.0
Published
Mar 16, 2022
Tracked Since
Feb 18, 2026