Headline
CVE-2022-26354: vhost-vsock: detach the virqueue element in case of error (8d1b247f) · Commits · QEMU / QEMU · GitLab
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
Commit 8d1b247f authored Feb 28, 2022 by Committed by MST Mar 06, 2022
Browse files
- Changes 1
…
…
@@ -153,19 +153,23 @@ static void vhost_vsock_common_send_transport_reset(VHostVSockCommon *vvc)
if (elem->out_num) {
error_report("invalid vhost-vsock event virtqueue element with "
“out buffers”);
goto out;
goto err;
}
if (iov_from_buf(elem->in_sg, elem->in_num, 0,
&event, sizeof(event)) != sizeof(event)) {
error_report(“vhost-vsock event virtqueue element is too short”);
goto out;
goto err;
}
virtqueue_push(vq, elem, sizeof(event));
virtio_notify(VIRTIO_DEVICE(vvc), vq);
out:
g_free(elem);
return;
err:
virtqueue_detach_element(vq, elem, 0);
g_free(elem);
}
…
…
Related news
Gentoo Linux Security Advisory 202208-27 - Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape). Versions less than 7.0.0 are affected.
Red Hat Security Advisory 2022-5821-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, integer overflow, and memory leak vulnerabilities.
An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4206: QEMU: QXL: integer overflow in cursor_alloc() can lead to heap buffer overflow * CVE-2021-4207: QEMU: QXL: double fetch in qxl_cursor() can lead to heap buffer overflow * CVE-2022-26353: QEMU: virtio-net: map leaking on error during receive * CVE-2022-26354: QEMU: vhost-vsock: missing virtqueue detach on error can...
Red Hat Security Advisory 2022-5263-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a memory leak vulnerability.
An update for qemu-kvm is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26353: QEMU: virtio-net: map leaking on error during receive * CVE-2022-26354: QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak
Ubuntu Security Notice 5489-1 - Alexander Bulekov discovered that QEMU incorrectly handled floppy disk emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak sensitive information. It was discovered that QEMU incorrectly handled NVME controller emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.
Red Hat Security Advisory 2022-5002-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include buffer overflow, integer overflow, and memory leak vulnerabilities.
An update for the virt:av and virt-devel:av modules is now available for Red Hat Enterprise Linux Advanced Virtualization 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4206: QEMU: QXL: integer overflow in cursor_alloc() can lead to heap buffer overflow * CVE-2021-4207: QEMU: QXL: double fetch in qxl_cursor() can lead to heap buffer overflow * CVE-2022-26353: QEMU: virtio-net: map leaking on error during receive * CVE-2022-26354: QEMU: vhos...