AZL-35158

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-35158.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-35158

Upstream

CVE-2022-26354

Published

2022-03-16T15:15:16Z

Modified

2026-04-01T05:11:58.056654Z

Severity

3.2 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVSS Calculator

Summary

CVE-2022-26354 affecting package qemu for versions less than 6.2.0-18

Details

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-26354

Affected packages

Azure Linux:3 / qemu

Package

Name: qemu
Purl: pkg:rpm/azure-linux/qemu

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2.0-18

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-35158.json"