CVE-2022-26353 (https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html): A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0. CVE-2022-26354 (https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf): A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. Fixed in 7.0.0-rc0.
CVE-2022-1050 (https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg05197.html): Guest driver might execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition. The referenced patch doesn't seem to be upstreamed.
(In reply to John Helmert III from comment #0) > CVE-2022-26353 > (https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html): > > A flaw was found in the virtio-net device of QEMU. This flaw was > inadvertently introduced with the fix for CVE-2021-3748, which forgot to > unmap the cached virtqueue elements on error, leading to memory leakage and > other unexpected results. Affected QEMU version: 6.2.0. Also in 7.0.0. > CVE-2022-26354 > (https://gitlab.com/qemu-project/qemu/-/commit/ > 8d1b247f3748ac4078524130c6d7ae42b6140aaf): > > A flaw was found in the vhost-vsock device of QEMU. In case of error, an > invalid element was not detached from the virtqueue before freeing its > memory, leading to memory leakage and other unexpected results. Affected > QEMU versions <= 6.2.0. > > Fixed in 7.0.0-rc0.
