Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 618
Alerts This Week
Warning Icon 1 618

Red Hat 9 RHSA-2022:5263 Moderate: QEMU-KVM Memory Leak Issues

red hat
Calendar Grey July 1, 2022
Dist Redhat Esm H88
New update released for qemu-kvm in Red Hat Enterprise Linux 9, targeting moderate security vulnerabilities and correcting various bugs.
An update for qemu-kvm is now available for Red Hat Enterprise Linux 9

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Summary

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.
Security Fix(es):
* QEMU: virtio-net: map leaking on error during receive (CVE-2022-26353)
* QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak (CVE-2022-26354)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* RHEL 9.0 guest with vsock device migration failed from RHEL 9.0 > RHEL 8.6 (BZ#2071102)

References

https://access.redhat.com/security/cve/CVE-2022-26353 https://access.redhat.com/security/cve/CVE-2022-26354 https://access.redhat.com/security/updates/classification#moderate

Package List

Red Hat Enterprise Linux AppStream (v. 9):
Source: qemu-kvm-6.2.0-11.el9_0.3.src.rpm
aarch64: qemu-guest-agent-6.2.0-11.el9_0.3.aarch64.rpm qemu-guest-agent-debuginfo-6.2.0-11.el9_0.3.aarch64.rpm qemu-img-6.2.0-11.el9_0.3.aarch64.rpm qemu-img-debuginfo-6.2.0-11.el9_0.3.aarch64.rpm qemu-kvm-6.2.0-11.el9_0.3.aarch64.rpm qemu-kvm-audio-pa-6.2.0-11.el9_0.3.aarch64.rpm qemu-kvm-audio-pa-debuginfo-6.2.0-11.el9_0.3.aarch64.rpm qemu-kvm-block-curl-6.2.0-11.el9_0.3.aarch64.rpm qemu-kvm-block-curl-debuginfo-6.2.0-11.el9_0.3.aarch64.rpm qemu-kvm-block-rbd-6.2.0-11.el9_0.3.aarch64.rpm qemu-kvm-block-rbd-debuginfo-6.2.0-11.el9_0.3.aarch64.rpm qemu-kvm-block-ssh-debuginfo-6.2.0-11.el9_0.3.aarch64.rpm qemu-kvm-common-6.2.0-11.el9_0.3.aarch64.rpm qemu-kvm-common-debuginfo-6.2.0-11.el9_0.3.aarch64.rpm qemu-kvm-core-6.2.0-11.el9_0.3.aarch64.rpm qemu-kvm-core-debuginfo-6.2.0-11.el9_0.3.aarch64.rpm qemu-kvm-debuginfo-6.2.0-11.el9_0.3.aarch64.rpm qemu-kvm-debugsource-6.2.0-11.el9_0.3.aarch64.rpm qemu-kvm-device-display-virtio-gpu-6.2.0-11.el9_0.3.aarch64.rpm qemu-kvm-device-display-virtio-gpu-debuginfo-6.2.0-11.el9_0.3.aarch64.rpm qemu-kvm-device-display-virtio-gpu-gl-6.2.0-11.el9_0.3.aarch64.rpm qemu-kvm-device-display-virtio-gpu-gl-debuginfo-6.2.0-11.el9_0.3.aarch64.rpm

Read the Full Advisory


Advisory ID: RHSA-2022:5263-01
Product: Red Hat Enterprise Linux
Issue date: 2022-06-28

Topic

An update for qemu-kvm is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

2063197 - CVE-2022-26353 QEMU: virtio-net: map leaking on error during receive

2063257 - CVE-2022-26354 QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.