Bug 1198711 - (CVE-2022-26353) VUL-0: CVE-2022-26353: qemu,kvm: QEMU: virtio-net: map leaking on error during receive
(CVE-2022-26353)
VUL-0: CVE-2022-26353: qemu,kvm: QEMU: virtio-net: map leaking on error durin...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/325999/
CVSSv3.1:SUSE:CVE-2022-26353:7.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-04-21 06:20 UTC by Alexander Bergmann
Modified: 2022-07-22 14:40 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
dfaggioli: needinfo? (abergmann)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2022-04-21 06:20:04 UTC
rh#2063197

Commit bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg")
tries to fix the use after free of the sg by caching the virtqueue
elements in an array and unmap them at once after receiving the
packets, But it forgot to unmap the cached elements on error which
will lead to leaking of mapping and other unexpected results.

Upstream patch:
https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2063197
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26353
https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html
https://gitlab.com/qemu-project/qemu/-/commit/abe300d9d894f7138e1af7c8e9c88c04bfe98b37
Comment 6 Swamp Workflow Management 2022-07-04 19:17:13 UTC
SUSE-SU-2022:2260-1: An update that solves four vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1197084,1198035,1198037,1198711,1198712,1199015,1199018,1199625,1199924
CVE References: CVE-2021-4206,CVE-2021-4207,CVE-2022-26353,CVE-2022-26354
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    qemu-6.2.0-150400.37.5.3, qemu-linux-user-6.2.0-150400.37.5.1, qemu-testsuite-6.2.0-150400.37.5.5
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    qemu-6.2.0-150400.37.5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    qemu-6.2.0-150400.37.5.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Dario Faggioli 2022-07-15 15:42:27 UTC
I think this is also done.
Comment 8 OBSbugzilla Bot 2022-07-22 14:40:11 UTC
This is an autogenerated message for OBS integration:
This bug (1198711) was mentioned in
https://build.opensuse.org/request/show/990694 Factory / qemu