Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-FM9R-M74H-JFJJ

Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()

When dma_map_single() fails in tse_start_xmit(), the function returns NETDEV_TX_OK without freeing the skb. Since NETDEV_TX_OK tells the stack the packet was consumed, the skb is never freed, leaking memory on every DMA mapping failure.

Add dev_kfree_skb_any() before returning to properly free the skb.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31658"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-24T15:16:45Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()\n\nWhen dma_map_single() fails in tse_start_xmit(), the function returns\nNETDEV_TX_OK without freeing the skb. Since NETDEV_TX_OK tells the\nstack the packet was consumed, the skb is never freed, leaking memory\non every DMA mapping failure.\n\nAdd dev_kfree_skb_any() before returning to properly free the skb.",
  "id": "GHSA-fm9r-m74h-jfjj",
  "modified": "2026-07-14T15:31:54Z",
  "published": "2026-04-24T15:32:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31658"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2eb9d67704ca8f1101f7435b85f113ede471f9f2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3aca300e88afe56afb000cdc4c65383014fb17f9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/60f462cd2716d86bd2174f9d5e035c9278f30480"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6dede3967619b5944003227a5d09fdc21ed57d10"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9f3ec44aeb58501d11834048d5d0dbaeacb6d4e7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ae2cd46f57f422b51aedd406ff5d75cbff401d5d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cb1d318702fdf643061350d164250198df4116f2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d5ec406f0543bd6cdfd563b08015fdec8c4d5712"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FM9V-J96X-64JX

Vulnerability from github – Published: 2025-07-25 18:30 – Updated: 2025-12-23 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

raid10: cleanup memleak at raid10_make_request

If raid10_read_request or raid10_write_request registers a new request and the REQ_NOWAIT flag is set, the code does not free the malloc from the mempool.

unreferenced object 0xffff8884802c3200 (size 192): comm "fio", pid 9197, jiffies 4298078271 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 88 41 02 00 00 00 00 00 .........A...... 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc c1a049a2): __kmalloc+0x2bb/0x450 mempool_alloc+0x11b/0x320 raid10_make_request+0x19e/0x650 [raid10] md_handle_request+0x3b3/0x9e0 __submit_bio+0x394/0x560 __submit_bio_noacct+0x145/0x530 submit_bio_noacct_nocheck+0x682/0x830 __blkdev_direct_IO_async+0x4dc/0x6b0 blkdev_read_iter+0x1e5/0x3b0 __io_read+0x230/0x1110 io_read+0x13/0x30 io_issue_sqe+0x134/0x1180 io_submit_sqes+0x48c/0xe90 __do_sys_io_uring_enter+0x574/0x8b0 do_syscall_64+0x5c/0xe0 entry_SYSCALL_64_after_hwframe+0x76/0x7e

V4: changing backing tree to see if CKI tests will pass. The patch code has not changed between any versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38444"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-25T16:15:29Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nraid10: cleanup memleak at raid10_make_request\n\nIf raid10_read_request or raid10_write_request registers a new\nrequest and the REQ_NOWAIT flag is set, the code does not\nfree the malloc from the mempool.\n\nunreferenced object 0xffff8884802c3200 (size 192):\n   comm \"fio\", pid 9197, jiffies 4298078271\n   hex dump (first 32 bytes):\n     00 00 00 00 00 00 00 00 88 41 02 00 00 00 00 00  .........A......\n     08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n   backtrace (crc c1a049a2):\n     __kmalloc+0x2bb/0x450\n     mempool_alloc+0x11b/0x320\n     raid10_make_request+0x19e/0x650 [raid10]\n     md_handle_request+0x3b3/0x9e0\n     __submit_bio+0x394/0x560\n     __submit_bio_noacct+0x145/0x530\n     submit_bio_noacct_nocheck+0x682/0x830\n     __blkdev_direct_IO_async+0x4dc/0x6b0\n     blkdev_read_iter+0x1e5/0x3b0\n     __io_read+0x230/0x1110\n     io_read+0x13/0x30\n     io_issue_sqe+0x134/0x1180\n     io_submit_sqes+0x48c/0xe90\n     __do_sys_io_uring_enter+0x574/0x8b0\n     do_syscall_64+0x5c/0xe0\n     entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nV4: changing backing tree to see if CKI tests will pass.\nThe patch code has not changed between any versions.",
  "id": "GHSA-fm9v-j96x-64jx",
  "modified": "2025-12-23T00:30:30Z",
  "published": "2025-07-25T18:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38444"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/10c6021a609deb95f23f0cc2f89aa9d4bffb14c7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2941155d9a5ae098b480d551f3a5f8605d4f9af5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/43806c3d5b9bb7d74ba4e33a6a8a41ac988bde24"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8fc3d7b23d139e3cbc944c15d99b3cdbed797d2d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9af149ca9d0dab6e59e813519d309eff62499864"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ed7bcd9f617e4107ac0813c516e72e6b8f6029bd"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FMWV-86XP-6VWG

Vulnerability from github – Published: 2024-03-15 21:30 – Updated: 2025-01-07 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: caif: fix memory leak in cfusbl_device_notify

In case of caif_enroll_dev() fail, allocated link_support won't be assigned to the corresponding structure. So simply free allocated pointer in case of error.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47121"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-15T21:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: caif: fix memory leak in cfusbl_device_notify\n\nIn case of caif_enroll_dev() fail, allocated\nlink_support won\u0027t be assigned to the corresponding\nstructure. So simply free allocated pointer in case\nof error.",
  "id": "GHSA-fmwv-86xp-6vwg",
  "modified": "2025-01-07T18:30:38Z",
  "published": "2024-03-15T21:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47121"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/46403c1f80b0d3f937ff9c4f5edc63bb64bc5051"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4d94f530cd24c85aede6e72b8923f371b45d6886"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7f5d86669fa4d485523ddb1d212e0a2d90bd62bb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/81afc61cb6e2b553f2c5f992fa79e0ae73857141"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9ea0ab48e755d8f29fe89eb235fb86176fdb597f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cc302e30a504e6b60a9ac8df7988646f46cd0294"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dde8686985ec24d6b00487080a906609bd613ea1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e8b37f5009ea7095529790f022859711e6939c76"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FMXG-MJGM-8Q6C

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-12-17 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: fix memory leak in error handling path of idxd_alloc

Memory allocated for idxd is not freed if an error occurs during idxd_alloc(). To fix it, free the allocated memory in the reverse order of allocation before exiting the function in case of an error.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38015"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T10:15:33Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix memory leak in error handling path of idxd_alloc\n\nMemory allocated for idxd is not freed if an error occurs during\nidxd_alloc(). To fix it, free the allocated memory in the reverse order\nof allocation before exiting the function in case of an error.",
  "id": "GHSA-fmxg-mjgm-8q6c",
  "modified": "2025-12-17T21:30:30Z",
  "published": "2025-06-18T12:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38015"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/46a5cca76c76c86063000a12936f8e7875295838"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4f005eb68890698e5abc6a3af04dab76f175c50c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/64afd9a1f644b27661420257dcc007d5009c99dd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6e94a2c3e4c166cd2736ac225fba5889fb1e8ac0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/868dbce755ec92855362d213f47e045a8388361a"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FMXX-46X7-2PHX

Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-08-03 00:00
VLAI
Details

An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33452"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-26T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.",
  "id": "GHSA-fmxx-46x7-2phx",
  "modified": "2022-08-03T00:00:58Z",
  "published": "2022-07-27T00:00:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33452"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392757"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FP59-3QQX-4MP6

Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-11-07 03:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: usb: smsc95xx: Limit packet length to skb->len

Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53062"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-02T16:15:25Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: smsc95xx: Limit packet length to skb-\u003elen\n\nPacket length retrieved from descriptor may be larger than\nthe actual socket buffer length. In such case the cloned\nskb passed up the network stack will leak kernel memory contents.",
  "id": "GHSA-fp59-3qqx-4mp6",
  "modified": "2025-11-07T03:30:24Z",
  "published": "2025-05-02T18:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53062"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/33d1603a38e05886c538129ddfe00bd52d347e7b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/70eb25c6a6cde149affe8a587371a3a8ad295ba0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/733580e268a53db1cd01f2251419da91866378f6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ba6c40227108f8ee428e42eb0337b48ed3001e65"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d3c145a4d24b752c9a1314d5a595014d51471418"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e041bef1adee02999cf24f9a2e15ed452bc363fe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f2111c791d885211714db85f9a06188571c57dd0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ff821092cf02a70c2bccd2d19269f01e29aa52cf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FP6R-C5G5-WQVG

Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-01-23 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Fix potential memory leaks

When the driver hits -ENOMEM at allocating a URB or a buffer, it aborts and goes to the error path that releases the all previously allocated resources. However, when -ENOMEM hits at the middle of the sync EP URB allocation loop, the partially allocated URBs might be left without released, because ep->nurbs is still zero at that point.

Fix it by setting ep->nurbs at first, so that the error handler loops over the full URB list.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50484"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-04T16:15:45Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix potential memory leaks\n\nWhen the driver hits -ENOMEM at allocating a URB or a buffer, it\naborts and goes to the error path that releases the all previously\nallocated resources.  However, when -ENOMEM hits at the middle of the\nsync EP URB allocation loop, the partially allocated URBs might be\nleft without released, because ep-\u003enurbs is still zero at that point.\n\nFix it by setting ep-\u003enurbs at first, so that the error handler loops\nover the full URB list.",
  "id": "GHSA-fp6r-c5g5-wqvg",
  "modified": "2026-01-23T21:30:37Z",
  "published": "2025-10-04T18:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50484"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0604e5e5537af099ea2f6dfd892afe5c92db8a80"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0672215994e2347a9b4f145e2bc1709b1e01cee3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/28d8d267af5d73f91d7640cbdb4024703256e36c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/46f0aed47673e275d682af60ed26dcc28add8eae"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6382da0828995af87aa8b8bef28cc61aceb4aff3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/988ec0cd0a2643c25c1658f7c33de2e15a5a2e31"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bc1d16d282bca421c6fc31de4b8fd412010f01bd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e4442410f76d66b9f7e854010bce04853f665324"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/faa8c1ed77d0169955b9b3516b714cc5fb512f27"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FPJR-HM8V-68CJ

Vulnerability from github – Published: 2026-04-03 18:31 – Updated: 2026-05-26 15:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/xe: Fix memory leak in xe_vm_madvise_ioctl

When check_bo_args_are_sane() validation fails, jump to the new free_vmas cleanup label to properly free the allocated resources. This ensures proper cleanup in this error path.

(cherry picked from commit 29bd06faf727a4b76663e4be0f7d770e2d2a7965)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31390"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-03T16:16:36Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix memory leak in xe_vm_madvise_ioctl\n\nWhen check_bo_args_are_sane() validation fails, jump to the new\nfree_vmas cleanup label to properly free the allocated resources.\nThis ensures proper cleanup in this error path.\n\n(cherry picked from commit 29bd06faf727a4b76663e4be0f7d770e2d2a7965)",
  "id": "GHSA-fpjr-hm8v-68cj",
  "modified": "2026-05-26T15:32:07Z",
  "published": "2026-04-03T18:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31390"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0cfe9c4838f1147713f6b5c02094cd4dc0c598fa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1c87b48a0ff040723f84a67b32892af7e6a3634f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c3aa7b837920c844d5ae0dd3dbaeb465a461de40"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FPXG-3HXF-5MVR

Vulnerability from github – Published: 2024-10-11 18:32 – Updated: 2024-11-08 18:30
VLAI
Details

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the SRX5K, SRX4600 and MX Series platforms with Trio-based FPCs allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).

In case of channelized Modular Interface Cards (MICs), every physical interface flap operation will leak heap memory. Over a period of time, continuous physical interface flap operations causes local FPC to eventually run out of memory and crash.  

Below CLI command can be used to check the memory usage over a period of time:

user@host> show chassis fpc

Temp CPU Utilization (%)   CPU Utilization (%) Memory   Utilization (%)   Slot State     (C)  Total  Interrupt     1min   5min   15min DRAM (MB) Heap     Buffer

0 Online       43     41         2                           2048       49         14

1 Online       43     41         2                           2048       49         14

2 Online       43     41         2                           2048       49         14

This issue affects Junos OS on SRX5K, SRX4600 and MX Series: 

  • All versions before 21.2R3-S7, 
  • from 21.4 before 21.4R3-S6, 
  • from 22.1 before 22.1R3-S5, 
  • from 22.2 before 22.2R3-S3, 
  • from 22.3 before 22.3R3-S2, 
  • from 22.4 before 22.4R3, 
  • from 23.2 before 23.2R2, 
  • from 23.4 before 23.4R2.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47493"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-11T16:15:09Z",
    "severity": "HIGH"
  },
  "details": "A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the SRX5K, SRX4600 and MX Series platforms with Trio-based FPCs allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nIn case of channelized Modular Interface Cards (MICs), every physical interface flap operation will leak heap memory. Over a period of time, continuous physical interface flap operations causes\u00a0local FPC  to eventually run out of memory and crash.\u00a0\u00a0\n\nBelow CLI command can be used to check the memory usage over a period of time:\n\n\u2003\u2003user@host\u003e show chassis fpc\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Temp  CPU Utilization (%) \u00a0 CPU Utilization (%)  Memory \u00a0 \nUtilization (%)\n\u00a0 Slot State \u00a0 \u00a0  (C)\u00a0 Total\u00a0 Interrupt \u00a0 \u00a0  1min \u00a0 5min \u00a0\n15min DRAM (MB) Heap \u00a0 \u00a0 Buffer\n\n\u00a0 0 \nOnline\u00a0 \u00a0 \u00a0 \u00a043 \u00a0 \u00a0 41 \u00a0 \u00a0 \u00a0 \u00a0 \n2 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 2048 \u00a0 \u00a0 \u00a0 49 \u00a0 \u00a0 \u00a0 \u00a0 14\n\n\u00a0 1 \nOnline\u00a0 \u00a0 \u00a0 \u00a043 \u00a0 \u00a0 41 \u00a0 \u00a0 \u00a0 \u00a0 \n2 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\n2048 \u00a0 \u00a0 \u00a0 49 \u00a0 \u00a0 \u00a0 \u00a0 14\n\n\u00a0 2 \nOnline\u00a0 \u00a0 \u00a0 \u00a043 \u00a0 \u00a0 41 \u00a0 \u00a0 \u00a0 \u00a0 \n2 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\n2048 \u00a0 \u00a0 \u00a0 49 \u00a0 \u00a0 \u00a0 \u00a0 14\n\n\n\n\n\n\n\n\n\nThis issue affects Junos OS on SRX5K, SRX4600 and MX Series:\u00a0\n\n\n\n\n  *  All versions before 21.2R3-S7,\u00a0\n  *  from 21.4 before 21.4R3-S6,\u00a0\n  *  from 22.1 before 22.1R3-S5,\u00a0\n  *  from 22.2 before 22.2R3-S3,\u00a0\n  *  from 22.3 before 22.3R3-S2,\u00a0\n  *  from 22.4 before 22.4R3,\u00a0\n  *  from 23.2 before 23.2R2,\u00a0\n  *  from 23.4 before 23.4R2.",
  "id": "GHSA-fpxg-3hxf-5mvr",
  "modified": "2024-11-08T18:30:43Z",
  "published": "2024-10-11T18:32:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47493"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net"
    },
    {
      "type": "WEB",
      "url": "https://www.juniper.net/documentation/us/en/software/junos/interfaces-link-multilink/topics/topic-map/link-multilink-services-understanding.html#id-multilink-interfaces-on-channelized-mics-overview"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:X/U:Green",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FQ37-28CX-2P45

Vulnerability from github – Published: 2022-09-22 00:00 – Updated: 2022-09-23 00:00
VLAI
Details

SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-35085"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-21T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.",
  "id": "GHSA-fq37-28cx-2p45",
  "modified": "2022-09-23T00:00:44Z",
  "published": "2022-09-22T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35085"
    },
    {
      "type": "WEB",
      "url": "https://github.com/matthiaskramm/swftools/issues/181"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Cvjark/Poc/blob/main/swftools/gif2swf/CVE-2022-35085.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.