Bug 1198711 - (CVE-2022-26353) VUL-0: CVE-2022-26353: qemu,kvm: QEMU: virtio-net: map leaking on error during receive
VUL-0: CVE-2022-26353: qemu,kvm: QEMU: virtio-net: map leaking on error durin...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2022-04-21 06:20 UTC by Alexander Bergmann
Modified: 2022-07-22 14:40 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
dfaggioli: needinfo? (abergmann)


Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2022-04-21 06:20:04 UTC

Commit bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg")
tries to fix the use after free of the sg by caching the virtqueue
elements in an array and unmap them at once after receiving the
packets, But it forgot to unmap the cached elements on error which
will lead to leaking of mapping and other unexpected results.

Upstream patch:

Comment 6 Swamp Workflow Management 2022-07-04 19:17:13 UTC
SUSE-SU-2022:2260-1: An update that solves four vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1197084,1198035,1198037,1198711,1198712,1199015,1199018,1199625,1199924
CVE References: CVE-2021-4206,CVE-2021-4207,CVE-2022-26353,CVE-2022-26354
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    qemu-6.2.0-150400.37.5.3, qemu-linux-user-6.2.0-150400.37.5.1, qemu-testsuite-6.2.0-150400.37.5.5
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    qemu-6.2.0-150400.37.5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    qemu-6.2.0-150400.37.5.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Dario Faggioli 2022-07-15 15:42:27 UTC
I think this is also done.
Comment 8 OBSbugzilla Bot 2022-07-22 14:40:11 UTC
This is an autogenerated message for OBS integration:
This bug (1198711) was mentioned in
https://build.opensuse.org/request/show/990694 Factory / qemu