A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf
https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html
https://security.netapp.com/advisory/ntap-20220425-0003/
https://www.debian.org/security/2022/dsa-5133
https://security.gentoo.org/glsa/202208-27
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
Source: MITRE
Published: 2022-03-16
Updated: 2023-02-12
Type: CWE-772
Base Score: 2.1
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 3.9
Severity: LOW
Base Score: 3.2
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
Impact Score: 1.4
Exploitability Score: 1.5
Severity: LOW