CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-FF73-MWMP-6JW5
Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2025-12-16 21:30In the Linux kernel, the following vulnerability has been resolved:
net: phy: leds: fix memory leak
A network restart test on a router led to an out-of-memory condition, which was traced to a memory leak in the PHY LED trigger code.
The root cause is misuse of the devm API. The registration function (phy_led_triggers_register) is called from phy_attach_direct, not phy_probe, and the unregister function (phy_led_triggers_unregister) is called from phy_detach, not phy_remove. This means the register and unregister functions can be called multiple times for the same PHY device, but devm-allocated memory is not freed until the driver is unbound.
This also prevents kmemleak from detecting the leak, as the devm API internally stores the allocated pointer.
Fix this by replacing devm_kzalloc/devm_kcalloc with standard kzalloc/kcalloc, and add the corresponding kfree calls in the unregister path.
{
"affected": [],
"aliases": [
"CVE-2025-37989"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-20T18:15:45Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: leds: fix memory leak\n\nA network restart test on a router led to an out-of-memory condition,\nwhich was traced to a memory leak in the PHY LED trigger code.\n\nThe root cause is misuse of the devm API. The registration function\n(phy_led_triggers_register) is called from phy_attach_direct, not\nphy_probe, and the unregister function (phy_led_triggers_unregister)\nis called from phy_detach, not phy_remove. This means the register and\nunregister functions can be called multiple times for the same PHY\ndevice, but devm-allocated memory is not freed until the driver is\nunbound.\n\nThis also prevents kmemleak from detecting the leak, as the devm API\ninternally stores the allocated pointer.\n\nFix this by replacing devm_kzalloc/devm_kcalloc with standard\nkzalloc/kcalloc, and add the corresponding kfree calls in the unregister\npath.",
"id": "GHSA-ff73-mwmp-6jw5",
"modified": "2025-12-16T21:30:49Z",
"published": "2025-05-20T18:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37989"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/41143e71052a00d654c15dc924fda50c1e7357d0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/618541a6cc1511064dfa58c89b3445e21844092f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/663c3da86e807c6c07ed48f911c7526fad6fe1ff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7f3d5880800f962c347777c4f8358f29f5fc403c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/95bed65cc0eb2a610550abf849a8b94374da80a7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/966d6494e2ed9be9052fcd9815afba830896aaf8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b7f0ee992adf601aa00c252418266177eb7ac2bc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f41f097f68a33d392579885426d0734a81219501"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FF85-HQ6W-7G2W
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-16 15:33In the Linux kernel, the following vulnerability has been resolved:
crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup
atmel_aes_buff_init() allocates 4 pages using __get_free_pages() with ATMEL_AES_BUFFER_ORDER, but atmel_aes_buff_cleanup() frees only the first page using free_page(), leaking the remaining 3 pages. Use free_pages() with ATMEL_AES_BUFFER_ORDER to fix the memory leak.
{
"affected": [],
"aliases": [
"CVE-2026-46019"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:20Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup\n\natmel_aes_buff_init() allocates 4 pages using __get_free_pages() with\nATMEL_AES_BUFFER_ORDER, but atmel_aes_buff_cleanup() frees only the\nfirst page using free_page(), leaking the remaining 3 pages. Use\nfree_pages() with ATMEL_AES_BUFFER_ORDER to fix the memory leak.",
"id": "GHSA-ff85-hq6w-7g2w",
"modified": "2026-06-16T15:33:41Z",
"published": "2026-05-27T15:33:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46019"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/03e00aafa5f747d07811589e8d5fee638245431b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/230ad8a78fe67266b1ba4685da1abdd61471c5b8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3fcfff4ed35f963380a68741bcd52742baff7f76"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5ad40cde96d603a88d68f8ed59f6d36407ab1f3c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/61516b4a5b2647dc3f8f67b5dffaf038be997511"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/65b3589d39d05699c3850202f8333e5361033ea3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b63f1e2f0e319ad3fe4a58eb3db4fd50cc98baca"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/de6952e0af2acbada900d742437e848285c01d11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FFCR-3GVQ-XQ62
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-07 00:30In the Linux kernel, the following vulnerability has been resolved:
drm/imagination: fix firmware memory leaks
Free the memory used to hold the results of firmware image processing when the module is unloaded.
Fix the related issue of the same memory being leaked if processing of the firmware image fails during module load.
Ensure all firmware GEM objects are destroyed if firmware image processing fails.
Fixes memory leaks on powervr module unload detected by Kmemleak:
unreferenced object 0xffff000042e20000 (size 94208): comm "modprobe", pid 470, jiffies 4295277154 hex dump (first 32 bytes): 02 ae 7f ed bf 45 84 00 3c 5b 1f ed 9f 45 45 05 .....E..<[...EE. d5 4f 5d 14 6c 00 3d 23 30 d0 3a 4a 66 0e 48 c8 .O].l.=#0.:Jf.H. backtrace (crc dd329dec): kmemleak_alloc+0x30/0x40 kmalloclarge_node+0x140/0x188 kmalloc_large_node_noprof+0x2c/0x13c __kmalloc_noprof+0x48/0x4c0 pvr_fw_init+0xaa4/0x1f50 [powervr]
unreferenced object 0xffff000042d20000 (size 20480): comm "modprobe", pid 470, jiffies 4295277154 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 09 00 00 00 0b 00 00 00 ................ 00 00 00 00 00 00 00 00 07 00 00 00 08 00 00 00 ................ backtrace (crc 395b02e3): kmemleak_alloc+0x30/0x40 kmalloclarge_node+0x140/0x188 kmalloc_large_node_noprof+0x2c/0x13c __kmalloc_noprof+0x48/0x4c0 pvr_fw_init+0xb0c/0x1f50 [powervr]
{
"affected": [],
"aliases": [
"CVE-2025-37764"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T14:15:39Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: fix firmware memory leaks\n\nFree the memory used to hold the results of firmware image processing\nwhen the module is unloaded.\n\nFix the related issue of the same memory being leaked if processing\nof the firmware image fails during module load.\n\nEnsure all firmware GEM objects are destroyed if firmware image\nprocessing fails.\n\nFixes memory leaks on powervr module unload detected by Kmemleak:\n\nunreferenced object 0xffff000042e20000 (size 94208):\n comm \"modprobe\", pid 470, jiffies 4295277154\n hex dump (first 32 bytes):\n 02 ae 7f ed bf 45 84 00 3c 5b 1f ed 9f 45 45 05 .....E..\u003c[...EE.\n d5 4f 5d 14 6c 00 3d 23 30 d0 3a 4a 66 0e 48 c8 .O].l.=#0.:Jf.H.\n backtrace (crc dd329dec):\n kmemleak_alloc+0x30/0x40\n ___kmalloc_large_node+0x140/0x188\n __kmalloc_large_node_noprof+0x2c/0x13c\n __kmalloc_noprof+0x48/0x4c0\n pvr_fw_init+0xaa4/0x1f50 [powervr]\n\nunreferenced object 0xffff000042d20000 (size 20480):\n comm \"modprobe\", pid 470, jiffies 4295277154\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 09 00 00 00 0b 00 00 00 ................\n 00 00 00 00 00 00 00 00 07 00 00 00 08 00 00 00 ................\n backtrace (crc 395b02e3):\n kmemleak_alloc+0x30/0x40\n ___kmalloc_large_node+0x140/0x188\n __kmalloc_large_node_noprof+0x2c/0x13c\n __kmalloc_noprof+0x48/0x4c0\n pvr_fw_init+0xb0c/0x1f50 [powervr]",
"id": "GHSA-ffcr-3gvq-xq62",
"modified": "2025-11-07T00:30:26Z",
"published": "2025-05-01T15:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37764"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/490c30fd554597e78f66650044877e7defb5f83c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/891c12ba855ccb34c06a2e5da75c644683087036"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a5b230e7f3a55bd8bd8d012eec75a4b7baa671d5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FFMJ-8PHG-M99P
Vulnerability from github – Published: 2022-10-17 12:00 – Updated: 2022-10-19 12:00A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function macvlan_handle_frame of the file drivers/net/macvlan.c of the component skb. The manipulation leads to memory leak. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211024.
{
"affected": [],
"aliases": [
"CVE-2022-3526"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-404"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-16T19:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function macvlan_handle_frame of the file drivers/net/macvlan.c of the component skb. The manipulation leads to memory leak. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211024.",
"id": "GHSA-ffmj-8phg-m99p",
"modified": "2022-10-19T12:00:20Z",
"published": "2022-10-17T12:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3526"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/pabeni/net-next.git/commit/?id=e16b859872b87650bb55b12cca5a5fcdc49c1442"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.211024"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FG3V-8P2H-99JG
Vulnerability from github – Published: 2026-02-04 18:30 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
gue: Fix skb memleak with inner IP protocol 0.
syzbot reported skb memleak below. [0]
The repro generated a GUE packet with its inner protocol 0.
gue_udp_recv() returns -guehdr->proto_ctype for "resubmit" in ip_protocol_deliver_rcu(), but this only works with non-zero protocol number.
Let's drop such packets.
Note that 0 is a valid number (IPv6 Hop-by-Hop Option).
I think it is not practical to encap HOPOPT in GUE, so once someone starts to complain, we could pass down a resubmit flag pointer to distinguish two zeros from the upper layer:
- no error
- resubmit HOPOPT
[0] BUG: memory leak unreferenced object 0xffff888109695a00 (size 240): comm "syz.0.17", pid 6088, jiffies 4294943096 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 40 c2 10 81 88 ff ff 00 00 00 00 00 00 00 00 .@.............. backtrace (crc a84b336f): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 __build_skb+0x23/0x60 net/core/skbuff.c:474 build_skb+0x20/0x190 net/core/skbuff.c:490 __tun_build_skb drivers/net/tun.c:1541 [inline] tun_build_skb+0x4a1/0xa40 drivers/net/tun.c:1636 tun_get_user+0xc12/0x2030 drivers/net/tun.c:1770 tun_chr_write_iter+0x71/0x120 drivers/net/tun.c:1999 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x45d/0x710 fs/read_write.c:686 ksys_write+0xa7/0x170 fs/read_write.c:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f
{
"affected": [],
"aliases": [
"CVE-2026-23095"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-04T17:16:20Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngue: Fix skb memleak with inner IP protocol 0.\n\nsyzbot reported skb memleak below. [0]\n\nThe repro generated a GUE packet with its inner protocol 0.\n\ngue_udp_recv() returns -guehdr-\u003eproto_ctype for \"resubmit\"\nin ip_protocol_deliver_rcu(), but this only works with\nnon-zero protocol number.\n\nLet\u0027s drop such packets.\n\nNote that 0 is a valid number (IPv6 Hop-by-Hop Option).\n\nI think it is not practical to encap HOPOPT in GUE, so once\nsomeone starts to complain, we could pass down a resubmit\nflag pointer to distinguish two zeros from the upper layer:\n\n * no error\n * resubmit HOPOPT\n\n[0]\nBUG: memory leak\nunreferenced object 0xffff888109695a00 (size 240):\n comm \"syz.0.17\", pid 6088, jiffies 4294943096\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 40 c2 10 81 88 ff ff 00 00 00 00 00 00 00 00 .@..............\n backtrace (crc a84b336f):\n kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]\n slab_post_alloc_hook mm/slub.c:4958 [inline]\n slab_alloc_node mm/slub.c:5263 [inline]\n kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270\n __build_skb+0x23/0x60 net/core/skbuff.c:474\n build_skb+0x20/0x190 net/core/skbuff.c:490\n __tun_build_skb drivers/net/tun.c:1541 [inline]\n tun_build_skb+0x4a1/0xa40 drivers/net/tun.c:1636\n tun_get_user+0xc12/0x2030 drivers/net/tun.c:1770\n tun_chr_write_iter+0x71/0x120 drivers/net/tun.c:1999\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x45d/0x710 fs/read_write.c:686\n ksys_write+0xa7/0x170 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"id": "GHSA-fg3v-8p2h-99jg",
"modified": "2026-07-14T15:31:39Z",
"published": "2026-02-04T18:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23095"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/380a82d36e37db49fd41ecc378c22fd29392e96a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/536f5bbc322eb1e175bdd1ced22b236a951c4d8f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5437a279804ced8088cabb945dba88a26d828f8c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/886f186328b718400dbf79e1bc8cbcbd710ab766"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9a56796ad258786d3624eef5aefba394fc9bdded"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ce569b389a5c78d64788a5ea94560e17fa574b35"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f87b9b7a618c82e7465e872eb10e14c803871892"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FG4C-9XCM-VP9Q
Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-21 18:33In the Linux kernel, the following vulnerability has been resolved:
e1000/e1000e: Fix leak in DMA error cleanup
If an error is encountered while mapping TX buffers, the driver should unmap any buffers already mapped for that skb.
Because count is incremented after a successful mapping, it will always match the correct number of unmappings needed when dma_error is reached. Decrementing count before the while loop in dma_error causes an off-by-one error. If any mapping was successful before an unsuccessful mapping, exactly one DMA mapping would leak.
In these commits, a faulty while condition caused an infinite loop in dma_error: Commit 03b1320dfcee ("e1000e: remove use of skb_dma_map from e1000e driver") Commit 602c0554d7b0 ("e1000: remove use of skb_dma_map from e1000 driver")
Commit c1fa347f20f1 ("e1000/e1000e/igb/igbvf/ixgb/ixgbe: Fix tests of unsigned in *_tx_map()") fixed the infinite loop, but introduced the off-by-one error.
This issue may still exist in the igbvf driver, but I did not address it in this patch.
{
"affected": [],
"aliases": [
"CVE-2026-43445"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T15:16:56Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ne1000/e1000e: Fix leak in DMA error cleanup\n\nIf an error is encountered while mapping TX buffers, the driver should\nunmap any buffers already mapped for that skb.\n\nBecause count is incremented after a successful mapping, it will always\nmatch the correct number of unmappings needed when dma_error is reached.\nDecrementing count before the while loop in dma_error causes an\noff-by-one error. If any mapping was successful before an unsuccessful\nmapping, exactly one DMA mapping would leak.\n\nIn these commits, a faulty while condition caused an infinite loop in\ndma_error:\nCommit 03b1320dfcee (\"e1000e: remove use of skb_dma_map from e1000e\ndriver\")\nCommit 602c0554d7b0 (\"e1000: remove use of skb_dma_map from e1000 driver\")\n\nCommit c1fa347f20f1 (\"e1000/e1000e/igb/igbvf/ixgb/ixgbe: Fix tests of\nunsigned in *_tx_map()\") fixed the infinite loop, but introduced the\noff-by-one error.\n\nThis issue may still exist in the igbvf driver, but I did not address it\nin this patch.",
"id": "GHSA-fg4c-9xcm-vp9q",
"modified": "2026-05-21T18:33:06Z",
"published": "2026-05-08T15:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43445"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0606c24a745bafd1be5d66c48361638cd9cad74b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0a1fc25deabab4efce64610e3c449485c4fa8f5f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/10b5e65959e955a1c8894e0a5413944b5a70204a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/30e87ade8d678c25a8546cf38c0b498fa5cb27d3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/519051c711dfd239ef6e4b28878efee400a035f9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7eaeb778bfaa3b2a804f89321c234d59c74569db"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e94eaef11142b01f77bf8ba4d0b59720b7858109"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fa5ba9867a55e640df0dc79bf0199770fb043f03"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FG9P-Q72C-PR97
Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-07-04 12:30In the Linux kernel, the following vulnerability has been resolved:
iio: light: bh1780: fix PM runtime leak on error path
Move pm_runtime_put_autosuspend() before the error check to ensure the PM runtime reference count is always decremented after pm_runtime_get_sync(), regardless of whether the read operation succeeds or fails.
{
"affected": [],
"aliases": [
"CVE-2026-43355"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T15:16:46Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: bh1780: fix PM runtime leak on error path\n\nMove pm_runtime_put_autosuspend() before the error check to ensure\nthe PM runtime reference count is always decremented after\npm_runtime_get_sync(), regardless of whether the read operation\nsucceeds or fails.",
"id": "GHSA-fg9p-q72c-pr97",
"modified": "2026-07-04T12:30:27Z",
"published": "2026-05-08T15:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43355"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1eb3af4f59e09323788860a9155e9766b12891e5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/33661bfc85c14836bfef4425a74b0ca2df4bb5ad"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4228f7f053b452be625919ccbb605912bae0dc98"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/424bf90e87134effe4bd932608a15286493b11ab"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aae572ddc28578af476cce7da3faec0395ef0bf0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ad58fa1cb11e4ceb702786a494352c7ff2eca1ed"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dd72e6c3cdea05cad24e99710939086f7a113fb5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fc77e0a5600e620a2ae51ec78933162fb217b20b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FGR8-GCXJ-6PQ5
Vulnerability from github – Published: 2025-04-17 18:31 – Updated: 2025-04-17 21:31In the Linux kernel, the following vulnerability has been resolved:
can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path
In es58x_rx_err_msg(), if can->do_set_mode() fails, the function directly returns without calling netif_rx(skb). This means that the skb previously allocated by alloc_can_err_skb() is not freed. In other terms, this is a memory leak.
This patch simply removes the return statement in the error branch and let the function continue.
Issue was found with GCC -fanalyzer, please follow the link below for details.
{
"affected": [],
"aliases": [
"CVE-2021-47671"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-17T18:15:43Z",
"severity": "LOW"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path\n\nIn es58x_rx_err_msg(), if can-\u003edo_set_mode() fails, the function\ndirectly returns without calling netif_rx(skb). This means that the\nskb previously allocated by alloc_can_err_skb() is not freed. In other\nterms, this is a memory leak.\n\nThis patch simply removes the return statement in the error branch and\nlet the function continue.\n\nIssue was found with GCC -fanalyzer, please follow the link below for\ndetails.",
"id": "GHSA-fgr8-gcxj-6pq5",
"modified": "2025-04-17T21:31:04Z",
"published": "2025-04-17T18:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47671"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4f389e1276a5389c92cef860c9fde8e1c802a871"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7eb0881aec26099089f12ae850aebd93190b1dfe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d9447f768bc8c60623e4bb3ce65b8f4654d33a50"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-FGXF-M96P-5M7Q
Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2021-33363"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-13T20:15:00Z",
"severity": "MODERATE"
},
"details": "Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.",
"id": "GHSA-fgxf-m96p-5m7q",
"modified": "2022-05-24T19:14:15Z",
"published": "2022-05-24T19:14:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33363"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1786"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/ec64c7b8966d7e4642d12debb888be5acf18efb9"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5411"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FH33-V9VQ-826F
Vulnerability from github – Published: 2024-05-22 09:31 – Updated: 2025-01-07 21:30In the Linux kernel, the following vulnerability has been resolved:
NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
'skb' is allocated in digital_in_send_sdd_req(), but not free when digital_in_send_cmd() failed, which will cause memory leak. Fix it by freeing 'skb' if digital_in_send_cmd() return failed.
{
"affected": [],
"aliases": [
"CVE-2021-47442"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-22T07:15:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: digital: fix possible memory leak in digital_in_send_sdd_req()\n\n\u0027skb\u0027 is allocated in digital_in_send_sdd_req(), but not free when\ndigital_in_send_cmd() failed, which will cause memory leak. Fix it\nby freeing \u0027skb\u0027 if digital_in_send_cmd() return failed.",
"id": "GHSA-fh33-v9vq-826f",
"modified": "2025-01-07T21:30:54Z",
"published": "2024-05-22T09:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47442"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/071bdef36391958c89af5fa2172f691b31baa212"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/291c932fc3692e4d211a445ba8aa35663831bac7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2bde4aca56db9fe25405d39ddb062531493a65db"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/50cb95487c265187289810addec5093d4fed8329"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6432d7f1d1c3aa74cfe8f5e3afdf81b786c32e86"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/74569c78aa84f8c958f1334b465bc530906ec99a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/88c890b0b9a1fb9fcd01c61ada515e8b636c34f9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fcce6e5255474ca33c27dda0cdf9bf5087278873"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.