Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 835607 (CVE-2022-1050, CVE-2022-26353, CVE-2022-26354) - app-emulation/qemu: multiple vulnerabilities
Summary: app-emulation/qemu: multiple vulnerabilities
Status: CONFIRMED
Alias: CVE-2022-1050, CVE-2022-26353, CVE-2022-26354
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [upstream/ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-03-19 03:56 UTC by John Helmert III
Modified: 2022-04-21 23:44 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-19 03:56:16 UTC
CVE-2022-26353 (https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html):

A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.

CVE-2022-26354 (https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf):

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.

Fixed in 7.0.0-rc0.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-30 02:51:07 UTC
CVE-2022-1050 (https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg05197.html):

Guest driver might execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.

The referenced patch doesn't seem to be upstreamed.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-20 15:31:32 UTC
(In reply to John Helmert III from comment #0)
> CVE-2022-26353
> (https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html):
> 
> A flaw was found in the virtio-net device of QEMU. This flaw was
> inadvertently introduced with the fix for CVE-2021-3748, which forgot to
> unmap the cached virtqueue elements on error, leading to memory leakage and
> other unexpected results. Affected QEMU version: 6.2.0.

Also in 7.0.0.

> CVE-2022-26354
> (https://gitlab.com/qemu-project/qemu/-/commit/
> 8d1b247f3748ac4078524130c6d7ae42b6140aaf):
> 
> A flaw was found in the vhost-vsock device of QEMU. In case of error, an
> invalid element was not detached from the virtqueue before freeing its
> memory, leading to memory leakage and other unexpected results. Affected
> QEMU versions <= 6.2.0.
> 
> Fixed in 7.0.0-rc0.