Skip to main content

Missing Release of Resource after Effective Lifetime

CVE-2022-26354

Severity Low
Score 3.2/10

Summary

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions v2.8.0-rc0 prior to v7.0.0-rc0.

  • LOW
  • LOCAL
  • NONE
  • CHANGED
  • NONE
  • HIGH
  • NONE
  • LOW

CWE-772 - Missing Release Of Resource After Effective Lifetime

'Missing release of resource after effective lifetime' is a weakness that occurs when software doesn't sufficiently release a resource (e.g. memory, CPU, disk space, etc.) after it is used. If not addressed, attackers can launch a denial of service attack (by allocating a resource and not releasing it).

Advisory Timeline

  • Published