In the Linux kernel, the following vulnerability has been resolved:
scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM
storvscqueuecommand() maps the scatter/gather list using scsidmamap(), which in a confidential VM allocates swiotlb bounce buffers. If the I/O submission fails in storvscdo_io(), the I/O is typically retried by higher level code, but the bounce buffer memory is never freed. The mostly like cause of I/O submission failure is a full VMBus channel ring buffer, which is not uncommon under high I/O loads. Eventually enough bounce buffer memory leaks that the confidential VM can't do any I/O. The same problem can arise in a non-confidential VM with kernel boot parameter swiotlb=force.
Fix this by doing scsidmaunmap() in the case of an I/O submission error, which frees the bounce buffer memory.