Unrated severityNVD Advisory· Published Mar 16, 2022· Updated Aug 3, 2024

CVE-2022-26353

Description

A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.

Affected products

149

osv-coords149 versions
pkg:rpm/almalinux/hivex pkg:rpm/almalinux/hivex-devel pkg:rpm/almalinux/libguestfs pkg:rpm/almalinux/libguestfs-appliance pkg:rpm/almalinux/libguestfs-bash-completion pkg:rpm/almalinux/libguestfs-devel pkg:rpm/almalinux/libguestfs-gfs2 pkg:rpm/almalinux/libguestfs-gobject pkg:rpm/almalinux/libguestfs-gobject-devel pkg:rpm/almalinux/libguestfs-inspect-icons pkg:rpm/almalinux/libguestfs-java pkg:rpm/almalinux/libguestfs-java-devel pkg:rpm/almalinux/libguestfs-javadoc pkg:rpm/almalinux/libguestfs-man-pages-ja pkg:rpm/almalinux/libguestfs-man-pages-uk pkg:rpm/almalinux/libguestfs-rescue pkg:rpm/almalinux/libguestfs-rsync pkg:rpm/almalinux/libguestfs-tools pkg:rpm/almalinux/libguestfs-tools-c pkg:rpm/almalinux/libguestfs-winsupport pkg:rpm/almalinux/libguestfs-xfs pkg:rpm/almalinux/libiscsi pkg:rpm/almalinux/libiscsi-devel pkg:rpm/almalinux/libiscsi-utils pkg:rpm/almalinux/libnbd pkg:rpm/almalinux/libnbd-bash-completion pkg:rpm/almalinux/libnbd-devel pkg:rpm/almalinux/libtpms pkg:rpm/almalinux/libtpms-devel pkg:rpm/almalinux/libvirt pkg:rpm/almalinux/libvirt-client pkg:rpm/almalinux/libvirt-daemon pkg:rpm/almalinux/libvirt-daemon-config-network pkg:rpm/almalinux/libvirt-daemon-config-nwfilter pkg:rpm/almalinux/libvirt-daemon-driver-interface pkg:rpm/almalinux/libvirt-daemon-driver-network pkg:rpm/almalinux/libvirt-daemon-driver-nodedev pkg:rpm/almalinux/libvirt-daemon-driver-nwfilter pkg:rpm/almalinux/libvirt-daemon-driver-qemu pkg:rpm/almalinux/libvirt-daemon-driver-secret pkg:rpm/almalinux/libvirt-daemon-driver-storage pkg:rpm/almalinux/libvirt-daemon-driver-storage-core pkg:rpm/almalinux/libvirt-daemon-driver-storage-disk pkg:rpm/almalinux/libvirt-daemon-driver-storage-gluster pkg:rpm/almalinux/libvirt-daemon-driver-storage-iscsi pkg:rpm/almalinux/libvirt-daemon-driver-storage-iscsi-direct pkg:rpm/almalinux/libvirt-daemon-driver-storage-logical pkg:rpm/almalinux/libvirt-daemon-driver-storage-mpath pkg:rpm/almalinux/libvirt-daemon-driver-storage-rbd pkg:rpm/almalinux/libvirt-daemon-driver-storage-scsi pkg:rpm/almalinux/libvirt-daemon-kvm pkg:rpm/almalinux/libvirt-dbus pkg:rpm/almalinux/libvirt-devel pkg:rpm/almalinux/libvirt-docs pkg:rpm/almalinux/libvirt-libs pkg:rpm/almalinux/libvirt-lock-sanlock pkg:rpm/almalinux/libvirt-nss pkg:rpm/almalinux/libvirt-wireshark pkg:rpm/almalinux/lua-guestfs pkg:rpm/almalinux/nbdfuse pkg:rpm/almalinux/nbdkit pkg:rpm/almalinux/nbdkit-bash-completion pkg:rpm/almalinux/nbdkit-basic-filters pkg:rpm/almalinux/nbdkit-basic-plugins pkg:rpm/almalinux/nbdkit-curl-plugin pkg:rpm/almalinux/nbdkit-devel pkg:rpm/almalinux/nbdkit-example-plugins pkg:rpm/almalinux/nbdkit-gzip-filter pkg:rpm/almalinux/nbdkit-gzip-plugin pkg:rpm/almalinux/nbdkit-linuxdisk-plugin pkg:rpm/almalinux/nbdkit-nbd-plugin pkg:rpm/almalinux/nbdkit-python-plugin pkg:rpm/almalinux/nbdkit-server pkg:rpm/almalinux/nbdkit-ssh-plugin pkg:rpm/almalinux/nbdkit-tar-filter pkg:rpm/almalinux/nbdkit-tar-plugin pkg:rpm/almalinux/nbdkit-tmpdisk-plugin pkg:rpm/almalinux/nbdkit-vddk-plugin pkg:rpm/almalinux/nbdkit-xz-filter pkg:rpm/almalinux/netcf pkg:rpm/almalinux/netcf-devel pkg:rpm/almalinux/netcf-libs pkg:rpm/almalinux/ocaml-hivex pkg:rpm/almalinux/ocaml-hivex-devel pkg:rpm/almalinux/ocaml-libguestfs pkg:rpm/almalinux/ocaml-libguestfs-devel pkg:rpm/almalinux/ocaml-libnbd pkg:rpm/almalinux/ocaml-libnbd-devel pkg:rpm/almalinux/perl-hivex pkg:rpm/almalinux/perl-Sys-Guestfs pkg:rpm/almalinux/perl-Sys-Virt pkg:rpm/almalinux/python3-hivex pkg:rpm/almalinux/python3-libguestfs pkg:rpm/almalinux/python3-libnbd pkg:rpm/almalinux/python3-libvirt pkg:rpm/almalinux/qemu-guest-agent pkg:rpm/almalinux/qemu-img pkg:rpm/almalinux/qemu-kvm pkg:rpm/almalinux/qemu-kvm-audio-pa pkg:rpm/almalinux/qemu-kvm-block-curl pkg:rpm/almalinux/qemu-kvm-block-gluster pkg:rpm/almalinux/qemu-kvm-block-iscsi pkg:rpm/almalinux/qemu-kvm-block-rbd pkg:rpm/almalinux/qemu-kvm-block-ssh pkg:rpm/almalinux/qemu-kvm-common pkg:rpm/almalinux/qemu-kvm-core pkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpu pkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpu-ccw pkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpu-gl pkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpu-pci pkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpu-pci-gl pkg:rpm/almalinux/qemu-kvm-device-display-virtio-vga pkg:rpm/almalinux/qemu-kvm-device-display-virtio-vga-gl pkg:rpm/almalinux/qemu-kvm-device-usb-host pkg:rpm/almalinux/qemu-kvm-device-usb-redirect pkg:rpm/almalinux/qemu-kvm-docs pkg:rpm/almalinux/qemu-kvm-hw-usbredir pkg:rpm/almalinux/qemu-kvm-tests pkg:rpm/almalinux/qemu-kvm-tools pkg:rpm/almalinux/qemu-kvm-ui-egl-headless pkg:rpm/almalinux/qemu-kvm-ui-opengl pkg:rpm/almalinux/qemu-kvm-ui-spice pkg:rpm/almalinux/qemu-pr-helper pkg:rpm/almalinux/ruby-hivex pkg:rpm/almalinux/ruby-libguestfs pkg:rpm/almalinux/seabios pkg:rpm/almalinux/seabios-bin pkg:rpm/almalinux/seavgabios-bin pkg:rpm/almalinux/sgabios pkg:rpm/almalinux/sgabios-bin pkg:rpm/almalinux/SLOF pkg:rpm/almalinux/supermin pkg:rpm/almalinux/supermin-devel pkg:rpm/almalinux/swtpm pkg:rpm/almalinux/swtpm-devel pkg:rpm/almalinux/swtpm-libs pkg:rpm/almalinux/swtpm-tools pkg:rpm/almalinux/swtpm-tools-pkcs11 pkg:rpm/almalinux/virt-dib pkg:rpm/almalinux/virt-v2v pkg:rpm/almalinux/virt-v2v-bash-completion pkg:rpm/almalinux/virt-v2v-man-pages-ja pkg:rpm/almalinux/virt-v2v-man-pages-uk pkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/qemu-linux-user&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/qemu-testsuite&distro=openSUSE%20Leap%2015.4 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4
< 1.3.18-23.module_el8.6.0+2880+7d9e3703+ 148 more
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 8.6-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.9.1-0.20211126git1ff6fe1f43.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.9.1-0.20211126git1ff6fe1f43.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 1.3.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 8.0.0-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2
- (no CPE)range: < 17:6.2.0-11.el9_0.3
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1.15.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.15.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.15.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:0.20170427git-3.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:0.20170427git-3.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 20210217-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 5.2.1-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 5.2.1-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.42.0-19.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 1:1.42.0-19.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 1:1.42.0-19.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 1:1.42.0-19.module_el8.6.0+3071+a07c0ea5
- (no CPE)range: < 6.2.0-150400.37.5.3
- (no CPE)range: < 7.0.0-53.1
- (no CPE)range: < 6.2.0-150400.37.5.1
- (no CPE)range: < 6.2.0-150400.37.5.5
- (no CPE)range: < 6.2.0-150400.37.5.3
- (no CPE)range: < 6.2.0-150400.37.5.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202208-27mitrevendor-advisoryx_refsource_GENTOO
www.debian.org/security/2022/dsa-5133mitrevendor-advisoryx_refsource_DEBIAN
gitlab.com/qemu-project/qemu/-/commit/abe300d9d894f7138e1af7c8e9c88c04bfe98b37mitrex_refsource_MISC
lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.htmlmitrex_refsource_MISC
security.netapp.com/advisory/ntap-20220425-0003/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000