CVE-2022-26353 (https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html): A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0. CVE-2022-26354 (https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf): A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. Fixed in 7.0.0-rc0.
CVE-2022-1050 (https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg05197.html): Guest driver might execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition. The referenced patch doesn't seem to be upstreamed.
(In reply to John Helmert III from comment #0) > CVE-2022-26353 > (https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html): > > A flaw was found in the virtio-net device of QEMU. This flaw was > inadvertently introduced with the fix for CVE-2021-3748, which forgot to > unmap the cached virtqueue elements on error, leading to memory leakage and > other unexpected results. Affected QEMU version: 6.2.0. Also in 7.0.0. > CVE-2022-26354 > (https://gitlab.com/qemu-project/qemu/-/commit/ > 8d1b247f3748ac4078524130c6d7ae42b6140aaf): > > A flaw was found in the vhost-vsock device of QEMU. In case of error, an > invalid element was not detached from the virtqueue before freeing its > memory, leading to memory leakage and other unexpected results. Affected > QEMU versions <= 6.2.0. > > Fixed in 7.0.0-rc0.
(In reply to John Helmert III from comment #1) > CVE-2022-1050 > (https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg05197.html): > > Guest driver might execute HW commands when shared buffers are not yet > allocated, potentially leading to a use-after-free condition. > > The referenced patch doesn't seem to be upstreamed. Popping this one out of this bug so we can proceed with the other issues here.
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=fd3b0a54cba850267bd5f7ed0ac9f66f91aa44ac commit fd3b0a54cba850267bd5f7ed0ac9f66f91aa44ac Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 16:09:07 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-14 16:09:43 +0000 [ GLSA 202208-27 ] QEMU: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/733448 Bug: https://bugs.gentoo.org/736605 Bug: https://bugs.gentoo.org/773220 Bug: https://bugs.gentoo.org/775713 Bug: https://bugs.gentoo.org/780816 Bug: https://bugs.gentoo.org/792624 Bug: https://bugs.gentoo.org/807055 Bug: https://bugs.gentoo.org/810544 Bug: https://bugs.gentoo.org/820743 Bug: https://bugs.gentoo.org/835607 Bug: https://bugs.gentoo.org/839762 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202208-27.xml | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+)
GLSA done, all done.
