Wind River Support Network


LIN1021-23 : Security Advisory - qemu - CVE-2021-3544

Created: May 17, 2021    Updated: Sep 25, 2021
Resolved Date: Sep 2, 2021
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace


Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime. For more information, please refer to the upstream patchset below.

Patch series:

Memory leak in vg_resource_create_2d() in vhost-user-gpu.c :

Memory leak in vg_resource_attach_backing() in vhost-user-gpu.c:

Memory leak in vg_resource_destroy() in vhost-user-gpu.c:

Memory leak in virgl_cmd_resource_unref() in virgl.c:

Memory leak in virgl_resource_attach_backing() in virgl.c:

CREATE(Triage):(User=admin) [CVE-2021-3544|]


Live chat