Bug 1198712 (CVE-2022-26354)

Summary: VUL-1: CVE-2022-26354: kvm,qemu: QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: abergmann, dfaggioli, smash_bz
Version: unspecifiedFlags: dfaggioli: needinfo? (abergmann)
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/326023/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2022-04-21 06:20:07 UTC
rh#2063257

A flaw was found in the vhost-vsock device of QEMU. In case of error, vhost_vsock_common_send_transport_reset() did not detach the invalid element from the virtqueue before freeing its memory, leading to memory leakage or other unexpected results.

Upstream commit:
https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2063257
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26354
https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf
https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html
Comment 1 Alexander Bergmann 2022-04-21 08:58:34 UTC
All qemu codestreams >= SLE-12-SP3 are affected.
Comment 5 Swamp Workflow Management 2022-07-04 13:19:52 UTC
SUSE-SU-2022:2254-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1197084,1198035,1198037,1198712,1199018,1199924
CVE References: CVE-2021-4206,CVE-2021-4207,CVE-2022-26354
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    qemu-5.2.0-150300.115.2, qemu-linux-user-5.2.0-150300.115.2, qemu-testsuite-5.2.0-150300.115.4
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    qemu-5.2.0-150300.115.2
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    qemu-5.2.0-150300.115.2
SUSE Linux Enterprise Micro 5.2 (src):    qemu-5.2.0-150300.115.2
SUSE Linux Enterprise Micro 5.1 (src):    qemu-5.2.0-150300.115.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2022-07-04 19:17:18 UTC
SUSE-SU-2022:2260-1: An update that solves four vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1197084,1198035,1198037,1198711,1198712,1199015,1199018,1199625,1199924
CVE References: CVE-2021-4206,CVE-2021-4207,CVE-2022-26353,CVE-2022-26354
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    qemu-6.2.0-150400.37.5.3, qemu-linux-user-6.2.0-150400.37.5.1, qemu-testsuite-6.2.0-150400.37.5.5
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    qemu-6.2.0-150400.37.5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    qemu-6.2.0-150400.37.5.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Dario Faggioli 2022-07-15 15:05:54 UTC
I think this is done, isn't it?
Comment 8 OBSbugzilla Bot 2022-07-22 14:40:12 UTC
This is an autogenerated message for OBS integration:
This bug (1198712) was mentioned in
https://build.opensuse.org/request/show/990694 Factory / qemu