← back
CVE-2022-26354

CVE-2022-26354

EPSS 0.4%CWE-772
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.4%KEV nãoPoC Patch referenciado
Lifecycle
16 Mar 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
Affected products
n/a · qemu-kvm

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aafhttps://lists.debian.org/debian-lts-announce/2022/04/msg00002.htmlhttps://lists.debian.org/debian-lts-announce/2022/09/msg00008.htmlhttps://security.gentoo.org/glsa/202208-27https://security.netapp.com/advisory/ntap-20220425-0003/https://www.debian.org/security/2022/dsa-5133