CVE-2022-3629: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability was identified in the Linux Kernel, specifically affecting the vsockconnect function in the net/vmwvsock/af_vsock.c file. The vulnerability (CVE-2022-3629) was discovered and disclosed in October 2022. This issue has been classified as a memory leak vulnerability with a relatively high attack complexity (CVE Details).

The vulnerability manifests as a memory leak in the vsockconnect() function. The issue occurs during ONONBLOCK vsockconnect() requests when attempting to reschedule @connectwork. The vulnerability has been assigned a CVSS v3.1 base score of 3.3, indicating a low severity level. The attack vector is local, with low attack complexity and requiring low privileges (Oracle VM Bulletin).

The vulnerability results in a memory leak condition where sockhold() is called twice, but sockput() is only called once in vsockconnecttimeout(). This leads to an unreferenced object situation, potentially causing system resource depletion over time (Kernel Commit).

The issue has been fixed through a patch that implements moddelayedwork() instead of the previous implementation. The fix ensures that if @connectwork is already scheduled, it gets rescheduled while maintaining proper reference counting through sockput(). It is recommended to apply the available patch to affected systems (Kernel Commit).