Memory Leakage and Invalid Element Detachment Vulnerability in QEMU's vhost-vsock Device

Memory Leakage and Invalid Element Detachment Vulnerability in QEMU's vhost-vsock Device

CVE-2022-26354 · LOW Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.

Learn more about our Web Application Penetration Testing UK.