Bugzilla – Bug 1198711
VUL-0: CVE-2022-26353: qemu,kvm: QEMU: virtio-net: map leaking on error during receive
Last modified: 2022-07-22 14:40:11 UTC
rh#2063197 Commit bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg") tries to fix the use after free of the sg by caching the virtqueue elements in an array and unmap them at once after receiving the packets, But it forgot to unmap the cached elements on error which will lead to leaking of mapping and other unexpected results. Upstream patch: https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html References: https://bugzilla.redhat.com/show_bug.cgi?id=2063197 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26353 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26353 https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html https://gitlab.com/qemu-project/qemu/-/commit/abe300d9d894f7138e1af7c8e9c88c04bfe98b37
SUSE-SU-2022:2260-1: An update that solves four vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 1197084,1198035,1198037,1198711,1198712,1199015,1199018,1199625,1199924 CVE References: CVE-2021-4206,CVE-2021-4207,CVE-2022-26353,CVE-2022-26354 JIRA References: Sources used: openSUSE Leap 15.4 (src): qemu-6.2.0-150400.37.5.3, qemu-linux-user-6.2.0-150400.37.5.1, qemu-testsuite-6.2.0-150400.37.5.5 SUSE Linux Enterprise Module for Server Applications 15-SP4 (src): qemu-6.2.0-150400.37.5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): qemu-6.2.0-150400.37.5.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
I think this is also done.
This is an autogenerated message for OBS integration: This bug (1198711) was mentioned in https://build.opensuse.org/request/show/990694 Factory / qemu