Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-26354
HistoryMar 16, 2022 - 12:00 a.m.

CVE-2022-26354

2022-03-1600:00:00
ubuntu.com
ubuntu.com
28
qemu
vhost-vsock
memory leakage

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

3.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

EPSS

0.001

Percentile

16.3%

A flaw was found in the vhost-vsock device of QEMU. In case of error, an
invalid element was not detached from the virtqueue before freeing its
memory, leading to memory leakage and other unexpected results. Affected
QEMU versions <= 6.2.0.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchqemu< 1:2.11+dfsg-1ubuntu7.40UNKNOWN
ubuntu20.04noarchqemu< 1:4.2-3ubuntu6.23UNKNOWN
ubuntu21.10noarchqemu< 1:6.0+dfsg-2expubuntu1.3UNKNOWN
ubuntu22.04noarchqemu< 1:6.2+dfsg-2ubuntu6.2UNKNOWN
ubuntu22.10noarchqemu< 1:6.2+dfsg-2ubuntu8UNKNOWN
ubuntu23.04noarchqemu< 1:6.2+dfsg-2ubuntu8UNKNOWN
ubuntu23.10noarchqemu< 1:6.2+dfsg-2ubuntu8UNKNOWN
ubuntu24.04noarchqemu< 1:6.2+dfsg-2ubuntu8UNKNOWN
ubuntu14.04noarchqemu< anyUNKNOWN
ubuntu16.04noarchqemu< anyUNKNOWN

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

3.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

EPSS

0.001

Percentile

16.3%