What the vulnerability does

01Description

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.

Key dates

02Disclosure timeline

March 16, 2022 CVE published
August 3, 2024 Record updated