Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime. For more information, please refer to the upstream patchset below. Patch series: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html Memory leak in vg_resource_create_2d() in vhost-user-gpu.c : https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01151.html Memory leak in vg_resource_attach_backing() in vhost-user-gpu.c: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01157.html Memory leak in vg_resource_destroy() in vhost-user-gpu.c: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01152.html Memory leak in virgl_cmd_resource_unref() in virgl.c: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01156.html Memory leak in virgl_resource_attach_backing() in virgl.c: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01158.html CREATE(Triage):(User=admin) CVE-2021-3544 (https://nvd.nist.gov/vuln/detail/CVE-2021-3544)
