SUSE CVE-2013-4535

The virtqueuemapsg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read...

SUSE CVE-2016-6490

The virtqueuemapdesc function in hw/virtio/virtio.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash via a zero length for the descriptor buffer...

SUSE CVE-2022-26354

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions = 6.2.0...

SUSE CVE-2022-26353

A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0...

PT-2022-33395 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.19 through v5.19.3 Description: The issue is related to the vdpa sim blk, which is used to set the number of address spaces and virtqueue groups. The actual impact and attack plausibility have not yet been proven...

QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results...

QEMU: virtio-net: map leaking on error during receive

A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage, use-after-free or other unexpected results. A malicious privileged guest could exploit...

Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...

qemu-kvm security and bug fix update

6.2.0-11.el90.3 - kvm-RHEL-disable-seqpacket-for-vhost-vsock-device-in-rhe.patch bz2071102 - kvm-virtio-net-fix-map-leaking-on-error-during-receive.patch bz2075635 - kvm-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch bz2075640 - Resolves: bz2071102 RHEL 9.0 guest with vsock device...

QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results...

QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results...

DEBIAN-CVE-2021-3748

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to numbuffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting i...

CVE-2021-3748

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to numbuffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting i...

AZL-9748 CVE-2022-26353 affecting package qemu for versions less than 6.2.0-3

A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0...

AZL-9095 CVE-2022-26354 affecting package qemu for versions less than 6.2.0-2

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions = 6.2.0...

DEBIAN-CVE-2022-26354

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions = 6.2.0...

AZL-35157 CVE-2022-26353 affecting package qemu for versions less than 6.2.0-18

A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0...

UBUNTU-CVE-2022-26354

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions = 6.2.0...

UBUNTU-CVE-2022-26353

A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0...

CVE-2022-26354

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions = 6.2.0...