Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-F6C4-25W9-79F8

Vulnerability from github – Published: 2025-08-16 12:30 – Updated: 2026-01-07 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

atm: clip: Fix memory leak of struct clip_vcc.

ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to vcc->user_back.

The code assumes that vcc_destroy_socket() passes NULL skb to vcc->push() when the socket is close()d, and then clip_push() frees clip_vcc.

However, ioctl(ATMARPD_CTRL) sets NULL to vcc->push() in atm_init_atmarp(), resulting in memory leak.

Let's serialise two ioctl() by lock_sock() and check vcc->push() in atm_init_atmarp() to prevent memleak.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38546"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-16T12:15:30Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix memory leak of struct clip_vcc.\n\nioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to\nvcc-\u003euser_back.\n\nThe code assumes that vcc_destroy_socket() passes NULL skb\nto vcc-\u003epush() when the socket is close()d, and then clip_push()\nfrees clip_vcc.\n\nHowever, ioctl(ATMARPD_CTRL) sets NULL to vcc-\u003epush() in\natm_init_atmarp(), resulting in memory leak.\n\nLet\u0027s serialise two ioctl() by lock_sock() and check vcc-\u003epush()\nin atm_init_atmarp() to prevent memleak.",
  "id": "GHSA-f6c4-25w9-79f8",
  "modified": "2026-01-07T21:31:39Z",
  "published": "2025-08-16T12:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38546"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0c17ff462d98c997d707ee5cf4e4a9b1b52b9d90"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1c075e88d5859a2c6b43b27e0e46fb281cef8039"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1fb9fb5a4b5cec2d56e26525ef8c519de858fa60"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2fb37ab3226606cbfc9b2b6f9e301b0b735734c5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/62dba28275a9a3104d4e33595c7b3328d4032d8d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9e4dbeee56f614e3f1e166e5d0655a999ea185ef"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9f771816f14da6d6157a8c30069091abf6b566fb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cb2e4a2f8f268d8fba6662f663a2e57846f14a8d"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F6CH-PGG4-HHV4

Vulnerability from github – Published: 2022-11-01 19:00 – Updated: 2022-11-02 19:00
VLAI
Details

open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-43223"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-01T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment.",
  "id": "GHSA-f6ch-pgg4-hhv4",
  "modified": "2022-11-02T19:00:31Z",
  "published": "2022-11-01T19:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43223"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ToughRunner/Open5gs_bugreport2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F6PW-44QX-H3W9

Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2024-10-24 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: thunderbolt: fix memory leak in tbnet_open()

When tb_ring_alloc_rx() failed in tbnet_open(), ida that allocated in tb_xdomain_alloc_out_hopid() is not released. Add tb_xdomain_release_out_hopid() to the error path to release ida.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48955"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T20:15:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: thunderbolt: fix memory leak in tbnet_open()\n\nWhen tb_ring_alloc_rx() failed in tbnet_open(), ida that allocated in\ntb_xdomain_alloc_out_hopid() is not released. Add\ntb_xdomain_release_out_hopid() to the error path to release ida.",
  "id": "GHSA-f6pw-44qx-h3w9",
  "modified": "2024-10-24T21:31:02Z",
  "published": "2024-10-21T21:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48955"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b9274dbe399952a8175db2e1ee148b7c9ba2b538"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ed14e5903638f6eb868e3e2b4e610985e6a6c876"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ed6e955f3b7e0e622c080f4bcb5427a5e1af4c2a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F6QM-C27V-QR5C

Vulnerability from github – Published: 2023-06-01 03:30 – Updated: 2024-04-04 04:27
VLAI
Details

mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::Read() at atom_sdp.cpp

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33719"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-01T03:15:20Z",
    "severity": "MODERATE"
  },
  "details": "mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::Read() at atom_sdp.cpp",
  "id": "GHSA-f6qm-c27v-qr5c",
  "modified": "2024-04-04T04:27:37Z",
  "published": "2023-06-01T03:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33719"
    },
    {
      "type": "WEB",
      "url": "https://github.com/enzo1982/mp4v2/issues/37"
    },
    {
      "type": "WEB",
      "url": "https://github.com/enzo1982/mp4v2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F6RF-QWCR-G39Q

Vulnerability from github – Published: 2026-07-15 12:32 – Updated: 2026-07-15 12:32
VLAI
Details

ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51 contains a memory leak in the YUV decoder that occurs when opening of the blob fails. Repeated triggering can lead to resource exhaustion (denial of service).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-61868"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-15T12:18:21Z",
    "severity": "MODERATE"
  },
  "details": "ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51 contains a memory leak in the YUV decoder that occurs when opening of the blob fails. Repeated triggering can lead to resource exhaustion (denial of service).",
  "id": "GHSA-f6rf-qwcr-g39q",
  "modified": "2026-07-15T12:32:05Z",
  "published": "2026-07-15T12:32:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h7f2-f9cc-h2gv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-61868"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-yuv-decoder"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-F76M-Q4G4-C63M

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-12 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix ulist leaks in error paths of qgroup self tests

In the test_no_shared_qgroup() and test_multiple_refs() qgroup self tests, if we fail to add the tree ref, remove the extent item or remove the extent ref, we are returning from the test function without freeing the "old_roots" ulist that was allocated by the previous calls to btrfs_find_all_roots(). Fix that by calling ulist_free() before returning.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49912"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T15:16:16Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix ulist leaks in error paths of qgroup self tests\n\nIn the test_no_shared_qgroup() and test_multiple_refs() qgroup self tests,\nif we fail to add the tree ref, remove the extent item or remove the\nextent ref, we are returning from the test function without freeing the\n\"old_roots\" ulist that was allocated by the previous calls to\nbtrfs_find_all_roots(). Fix that by calling ulist_free() before returning.",
  "id": "GHSA-f76m-q4g4-c63m",
  "modified": "2025-11-12T18:31:03Z",
  "published": "2025-05-01T15:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49912"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0a0dead4ad1a2e2a9bdf133ef45111d7c8daef84"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/203204798831c35d855ecc6417d98267d2d2184b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3f58283d83a588ff5da62fc150de19e798ed2ec2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5d1a47ebf84540e40b5b43fc21aef0d6c0f627d9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d37de92b38932d40e4a251e876cc388f9aee5f42"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d81370396025cf63a7a1b5f8bb25a3479203b2ca"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/da7003434bcab0ae9aba3f2c003e734cae093326"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f46ea5fa3320dca4fe0c0926b49a5f14cb85de62"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F7PW-25Q4-98V7

Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-11-03 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal()

The buffer in the loop should be released under the exception path, otherwise there may be a memory leak here.

To mitigate this, free the buffer when allegro_alloc_buffer fails.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56572"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-27T15:15:16Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal()\n\nThe buffer in the loop should be released under the exception path,\notherwise there may be a memory leak here.\n\nTo mitigate this, free the buffer when allegro_alloc_buffer fails.",
  "id": "GHSA-f7pw-25q4-98v7",
  "modified": "2025-11-03T21:31:51Z",
  "published": "2024-12-27T15:31:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56572"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f514068fbc5d4d189c817adc7c4e32cffdc2e47"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/17e5613666209be4e5be1f1894f1a6014a8a0658"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/64f72a738864b506ab50b4a6cb3ce3c3e04b71af"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6712a28a4f923ffdf51cff267ad05a634ee1babc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/74a65313578b35e1239966adfa7ac2bdd60caf00"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/891b5790bee8fc6ddba17874dd87a646128d0b99"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cf642904be39ae0d441dbdfa8f485e0a46260be4"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F7RM-GV39-R2J5

Vulnerability from github – Published: 2025-04-09 21:31 – Updated: 2025-04-09 21:31
VLAI
Details

A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).

In a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a crash.                 user@host> show chassis fpc                                        Temp    CPU Utilization (%)   CPU Utilization (%)   Memory     Utilization (%)                       Slot State       (C)     Total   Interrupt     1min   5min  15min    DRAM (MB)  Heap   Buffer

2 Online         36       10         0          9     8     9        32768      26         0                                                                                                      

This issue affects Junos OS on MX Series: * All versions before 21.2R3-S9 * from 21.4 before 21.4R3-S10 * from 22.2 before 22.2R3-S6 * from 22.4 before 22.4R3-S5 * from 23.2 before 23.2R2-S3 * from 23.4 before 23.4R2-S3 * from 24.2 before 24.2R2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-30647"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-09T20:15:28Z",
    "severity": "HIGH"
  },
  "details": "A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).\n\nIn a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a\u00a0crash.\u00a0\n\u00a0 \u00a0\n\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003user@host\u003e show chassis fpc\n\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003Temp \u2003\u2003 CPU Utilization (%) \u2003\u2003CPU Utilization (%) \u2003 Memory  \u00a0 \u2003\u2003Utilization (%)\n\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003Slot State\u00a0 \u00a0 \u00a0 \u00a0(C) \u2003\u2003\u00a0 Total\u00a0 \u00a0Interrupt  \u00a0 \u00a0 1min\u00a0 \u00a05min\u00a0 15min \u2003 \u2003DRAM (MB) \u2003Heap  \u00a0  Buffer\n\n\u00a0 \u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u20032  Online\u00a0 \u00a0 \u00a0 \u00a0 \u00a036  \u00a0 \u2003\u2003\u2003 10  \u00a0 \u00a0 \u00a0 \u00a0 0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 9  \u00a0 \u00a0 8  \u00a0 \u00a0 9  \u00a0 \u2003\u2003\u2003\u2003\u200332768  \u00a0 \u00a0 \u200326  \u00a0 \u00a0 \u00a0 \u00a0 0\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\n\nThis issue affects Junos OS on MX Series: \n  *  All versions before 21.2R3-S9\n  *  from 21.4 before 21.4R3-S10\n  *  from 22.2 before 22.2R3-S6\n  *  from 22.4 before 22.4R3-S5\n  *  from 23.2 before 23.2R2-S3\n  *  from 23.4 before 23.4R2-S3\n  *  from 24.2 before 24.2R2.",
  "id": "GHSA-f7rm-gv39-r2j5",
  "modified": "2025-04-09T21:31:43Z",
  "published": "2025-04-09T21:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30647"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA96457"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-F7XM-7MW8-VGHC

Vulnerability from github – Published: 2025-03-17 18:31 – Updated: 2025-03-17 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

amt: fix memory leak for advertisement message

When a gateway receives an advertisement message, it extracts relay information and then it should be freed. But the advertisement handler doesn't free it. So, memory leak would occur.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49461"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:22Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\namt: fix memory leak for advertisement message\n\nWhen a gateway receives an advertisement message, it extracts relay\ninformation and then it should be freed.\nBut the advertisement handler doesn\u0027t free it.\nSo, memory leak would occur.",
  "id": "GHSA-f7xm-7mw8-vghc",
  "modified": "2025-03-17T18:31:50Z",
  "published": "2025-03-17T18:31:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49461"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/19bb2d57eac86a368839a92117d8a10ab7183623"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e7322da399fb86a2072f008b56f7160afa1b2051"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fe29794c3585d039fefebaa2b5a4932a627ad4fd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F888-6PH8-HVGC

Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2024-03-21 03:33
VLAI
Details

A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19070"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-18T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d.",
  "id": "GHSA-f888-6ph8-hvgc",
  "modified": "2024-03-21T03:33:47Z",
  "published": "2022-05-24T17:01:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19070"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/d3b0ffa1d75d5305ebe34735598993afbb8a869d"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157294"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.