|Description||A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)|
|References||DLA-2970-1, DLA-3099-1, DSA-4980-1|
Vulnerable and fixed packages
The table below lists information on source packages.
|bullseye (security), bullseye||1:5.2+dfsg-11+deb11u2||fixed|
The information below is based on the following data on fixed versions.
When fixing this issue make sure to not open CVE-2022-26353