Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-FV7C-CVJ6-WRFG

Vulnerability from github – Published: 2025-09-16 18:31 – Updated: 2025-12-01 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath11k: Fix SKB corruption in REO destination ring

While running traffics for a long time, randomly an RX descriptor filled with value "0" from REO destination ring is received. This descriptor which is invalid causes the wrong SKB (SKB stored in the IDR lookup with buffer id "0") to be fetched which in turn causes SKB memory corruption issue and the same leads to crash after some time.

Changed the start id for idr allocation to "1" and the buffer id "0" is reserved for error validation. Introduced Sanity check to validate the descriptor, before processing the SKB.

Crash Signature :

Unable to handle kernel paging request at virtual address 3f004900 PC points to "b15_dma_inv_range+0x30/0x50" LR points to "dma_cache_maint_page+0x8c/0x128". The Backtrace obtained is as follows: [<8031716c>] (b15_dma_inv_range) from [<80313a4c>] (dma_cache_maint_page+0x8c/0x128) [<80313a4c>] (dma_cache_maint_page) from [<80313b90>] (__dma_page_dev_to_cpu+0x28/0xcc) [<80313b90>] (__dma_page_dev_to_cpu) from [<7fb5dd68>] (ath11k_dp_process_rx+0x1e8/0x4a4 [ath11k]) [<7fb5dd68>] (ath11k_dp_process_rx [ath11k]) from [<7fb53c20>] (ath11k_dp_service_srng+0xb0/0x2ac [ath11k]) [<7fb53c20>] (ath11k_dp_service_srng [ath11k]) from [<7f67bba4>] (ath11k_pci_ext_grp_napi_poll+0x1c/0x78 [ath11k_pci]) [<7f67bba4>] (ath11k_pci_ext_grp_napi_poll [ath11k_pci]) from [<807d5cf4>] (__napi_poll+0x28/0xb8) [<807d5cf4>] (__napi_poll) from [<807d5f28>] (net_rx_action+0xf0/0x280) [<807d5f28>] (net_rx_action) from [<80302148>] (__do_softirq+0xd0/0x280) [<80302148>] (__do_softirq) from [<80320408>] (irq_exit+0x74/0xd4) [<80320408>] (irq_exit) from [<803638a4>] (__handle_domain_irq+0x90/0xb4) [<803638a4>] (__handle_domain_irq) from [<805bedec>] (gic_handle_irq+0x58/0x90) [<805bedec>] (gic_handle_irq) from [<80301a78>] (__irq_svc+0x58/0x8c)

Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53315"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T17:15:37Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: Fix SKB corruption in REO destination ring\n\nWhile running traffics for a long time, randomly an RX descriptor\nfilled with value \"0\" from REO destination ring is received.\nThis descriptor which is invalid causes the wrong SKB (SKB stored in\nthe IDR lookup with buffer id \"0\") to be fetched which in turn\ncauses SKB memory corruption issue and the same leads to crash\nafter some time.\n\nChanged the start id for idr allocation to \"1\" and the buffer id \"0\"\nis reserved for error validation. Introduced Sanity check to validate\nthe descriptor, before processing the SKB.\n\nCrash Signature :\n\nUnable to handle kernel paging request at virtual address 3f004900\nPC points to \"b15_dma_inv_range+0x30/0x50\"\nLR points to \"dma_cache_maint_page+0x8c/0x128\".\nThe Backtrace obtained is as follows:\n[\u003c8031716c\u003e] (b15_dma_inv_range) from [\u003c80313a4c\u003e] (dma_cache_maint_page+0x8c/0x128)\n[\u003c80313a4c\u003e] (dma_cache_maint_page) from [\u003c80313b90\u003e] (__dma_page_dev_to_cpu+0x28/0xcc)\n[\u003c80313b90\u003e] (__dma_page_dev_to_cpu) from [\u003c7fb5dd68\u003e] (ath11k_dp_process_rx+0x1e8/0x4a4 [ath11k])\n[\u003c7fb5dd68\u003e] (ath11k_dp_process_rx [ath11k]) from [\u003c7fb53c20\u003e] (ath11k_dp_service_srng+0xb0/0x2ac [ath11k])\n[\u003c7fb53c20\u003e] (ath11k_dp_service_srng [ath11k]) from [\u003c7f67bba4\u003e] (ath11k_pci_ext_grp_napi_poll+0x1c/0x78 [ath11k_pci])\n[\u003c7f67bba4\u003e] (ath11k_pci_ext_grp_napi_poll [ath11k_pci]) from [\u003c807d5cf4\u003e] (__napi_poll+0x28/0xb8)\n[\u003c807d5cf4\u003e] (__napi_poll) from [\u003c807d5f28\u003e] (net_rx_action+0xf0/0x280)\n[\u003c807d5f28\u003e] (net_rx_action) from [\u003c80302148\u003e] (__do_softirq+0xd0/0x280)\n[\u003c80302148\u003e] (__do_softirq) from [\u003c80320408\u003e] (irq_exit+0x74/0xd4)\n[\u003c80320408\u003e] (irq_exit) from [\u003c803638a4\u003e] (__handle_domain_irq+0x90/0xb4)\n[\u003c803638a4\u003e] (__handle_domain_irq) from [\u003c805bedec\u003e] (gic_handle_irq+0x58/0x90)\n[\u003c805bedec\u003e] (gic_handle_irq) from [\u003c80301a78\u003e] (__irq_svc+0x58/0x8c)\n\nTested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
  "id": "GHSA-fv7c-cvj6-wrfg",
  "modified": "2025-12-01T21:30:22Z",
  "published": "2025-09-16T18:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53315"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/068fd06148fbf0af95bb08dc77cff34ee679fdbc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3d3f8fe01a01d94a17fe1ae0d2e894049a972717"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/67459491f78146bcf7d93596e5b709d063dff5d8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/866921dc06b94df91acfcf9359b57da943ed99b3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f9fff67d2d7ca6fa8066132003a3deef654c55b1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FV85-JGQF-P95R

Vulnerability from github – Published: 2026-05-01 15:30 – Updated: 2026-07-04 12:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

gpio: Fix resource leaks on errors in gpiochip_add_data_with_key()

Since commit aab5c6f20023 ("gpio: set device type for GPIO chips"), gdev->dev.release is unset. As a result, the reference count to gdev->dev isn't dropped on the error handling paths.

Drop the reference on errors.

Also reorder the instructions to make the error handling simpler. Now gpiochip_add_data_with_key() roughly looks like:

Some memory allocation. Go to ERR ZONE 1 on errors. device_initialize().

gpiodev_release() takes over the responsibility for freeing the resources of gdev->dev. The subsequent error handling paths shouldn't go through ERR ZONE 1 again which leads to double free.

Some initialization mainly on gdev. The rest of initialization. Go to ERR ZONE 2 on errors. Chip registration success and exit.

ERR ZONE 2. gpio_device_put() and exit. ERR ZONE 1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31732"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-01T15:16:35Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: Fix resource leaks on errors in gpiochip_add_data_with_key()\n\nSince commit aab5c6f20023 (\"gpio: set device type for GPIO chips\"),\n`gdev-\u003edev.release` is unset.  As a result, the reference count to\n`gdev-\u003edev` isn\u0027t dropped on the error handling paths.\n\nDrop the reference on errors.\n\nAlso reorder the instructions to make the error handling simpler.\nNow gpiochip_add_data_with_key() roughly looks like:\n\n   \u003e\u003e\u003e Some memory allocation.  Go to ERR ZONE 1 on errors.\n   \u003e\u003e\u003e device_initialize().\n\n   gpiodev_release() takes over the responsibility for freeing the\n   resources of `gdev-\u003edev`.  The subsequent error handling paths\n   shouldn\u0027t go through ERR ZONE 1 again which leads to double free.\n\n   \u003e\u003e\u003e Some initialization mainly on `gdev`.\n   \u003e\u003e\u003e The rest of initialization.  Go to ERR ZONE 2 on errors.\n   \u003e\u003e\u003e Chip registration success and exit.\n\n   \u003e\u003e\u003e ERR ZONE 2.  gpio_device_put() and exit.\n   \u003e\u003e\u003e ERR ZONE 1.",
  "id": "GHSA-fv85-jgqf-p95r",
  "modified": "2026-07-04T12:30:27Z",
  "published": "2026-05-01T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31732"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/16fdabe143fce2cbf89139677728e17e21b46c28"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a500e1837c4266ddb05b39b3e1cc71f49a43ffa5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f0cf9c7b7c281956cc0dec163132cd96f76e1d60"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fb4584d2b324c522404c733c65840a1a6519ada8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FW2P-R2V5-6JJQ

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-05-07 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: cfg80211: fix memory leak in query_regdb_file()

In the function query_regdb_file() the alpha2 parameter is duplicated using kmemdup() and subsequently freed in regdb_fw_cb(). However, request_firmware_nowait() can fail without calling regdb_fw_cb() and thus leak memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49881"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T15:16:13Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: fix memory leak in query_regdb_file()\n\nIn the function query_regdb_file() the alpha2 parameter is duplicated\nusing kmemdup() and subsequently freed in regdb_fw_cb(). However,\nrequest_firmware_nowait() can fail without calling regdb_fw_cb() and\nthus leak memory.",
  "id": "GHSA-fw2p-r2v5-6jjq",
  "modified": "2025-05-07T15:31:25Z",
  "published": "2025-05-01T15:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49881"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0ede1a988299e95d54bd89551fd635980572e920"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/219446396786330937bcd382a7bc4ccd767383bc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/38c9fa2cc6bf4b6e1a74057aef8b5cffd23d3264"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/57b962e627ec0ae53d4d16d7bd1033e27e67677a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e1e12180321f416d83444f2cdc9259e0f5093d35"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e9b5a4566d5bc71cc901be50d1fa24da00613120"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FW87-5P3G-2R3P

Vulnerability from github – Published: 2025-10-23 18:31 – Updated: 2025-10-23 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

can: gs_usb: gs_usb_open/close(): fix memory leak

The gs_usb driver appears to suffer from a malady common to many USB CAN adapter drivers in that it performs usb_alloc_coherent() to allocate a number of USB request blocks (URBs) for RX, and then later relies on usb_kill_anchored_urbs() to free them, but this doesn't actually free them. As a result, this may be leaking DMA memory that's been used by the driver.

This commit is an adaptation of the techniques found in the esd_usb2 driver where a similar design pattern led to a memory leak. It explicitly frees the RX URBs and their DMA memory via a call to usb_free_coherent(). Since the RX URBs were allocated in the gs_can_open(), we remove them in gs_can_close() rather than in the disconnect function as was done in esd_usb2.

For more information, see the 928150fad41b ("can: esd_usb2: fix memory leak").

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49661"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:41Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_open/close(): fix memory leak\n\nThe gs_usb driver appears to suffer from a malady common to many USB\nCAN adapter drivers in that it performs usb_alloc_coherent() to\nallocate a number of USB request blocks (URBs) for RX, and then later\nrelies on usb_kill_anchored_urbs() to free them, but this doesn\u0027t\nactually free them. As a result, this may be leaking DMA memory that\u0027s\nbeen used by the driver.\n\nThis commit is an adaptation of the techniques found in the esd_usb2\ndriver where a similar design pattern led to a memory leak. It\nexplicitly frees the RX URBs and their DMA memory via a call to\nusb_free_coherent(). Since the RX URBs were allocated in the\ngs_can_open(), we remove them in gs_can_close() rather than in the\ndisconnect function as was done in esd_usb2.\n\nFor more information, see the 928150fad41b (\"can: esd_usb2: fix memory\nleak\").",
  "id": "GHSA-fw87-5p3g-2r3p",
  "modified": "2025-10-23T18:31:05Z",
  "published": "2025-10-23T18:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49661"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0e60230bc64355c80abe993d1719fdb318094e20"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2bda24ef95c0311ab93bda00db40486acf30bd0a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/339fa9f80d3b94177a7a459c6d115d3b56007d5a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6f655b5e13fa4b27e915b6c209ac0da74fd75963"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c1d806bc29ff7ffe0e2a023583c8720ed96cb0b0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d0b8e223998866b3e7b2895927d4e9689b0a80d8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d91492638b054f4a359621ef216242be5973ed6b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ffb6cc6601ec7c8fa963dcf76025df4a02f2cf5c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FW94-HM7W-5PFG

Vulnerability from github – Published: 2024-02-09 15:31 – Updated: 2024-02-15 06:31
VLAI
Details

imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-25450"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-09T15:15:09Z",
    "severity": "HIGH"
  },
  "details": "imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().",
  "id": "GHSA-fw94-hm7w-5pfg",
  "modified": "2024-02-15T06:31:35Z",
  "published": "2024-02-09T15:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25450"
    },
    {
      "type": "WEB",
      "url": "https://github.com/derf/feh/issues/712"
    },
    {
      "type": "WEB",
      "url": "https://git.enlightenment.org/old/legacy-imlib2/issues/20"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FW97-88CP-67M9

Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-02 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

gpio: rockchip: fix generic IRQ chip leak on remove

The driver allocates domain generic chips using irq_alloc_domain_generic_chips() during probe. However, on driver remove/teardown, the generic chips are not automatically freed when the IRQ domain is removed because the domain flags do not include IRQ_DOMAIN_FLAG_DESTROY_GC.

This causes both the domain generic chips structure and the associated generic chips to be leaked. Additionally, the generic chips remain on the global gc_list and may later be visited by generic IRQ chip suspend, resume, or shutdown callbacks after the GPIO bank has been removed, potentially resulting in a use-after-free and kernel crash.

Fix the resource leak by explicitly calling irq_domain_remove_generic_chips() before removing the IRQ domain in rockchip_gpio_remove().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53226"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T09:16:40Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: rockchip: fix generic IRQ chip leak on remove\n\nThe driver allocates domain generic chips using\nirq_alloc_domain_generic_chips() during probe. However, on driver\nremove/teardown, the generic chips are not automatically freed when the\nIRQ domain is removed because the domain flags do not include\nIRQ_DOMAIN_FLAG_DESTROY_GC.\n\nThis causes both the domain generic chips structure and the associated\ngeneric chips to be leaked. Additionally, the generic chips remain on\nthe global gc_list and may later be visited by generic IRQ chip suspend,\nresume, or shutdown callbacks after the GPIO bank has been removed,\npotentially resulting in a use-after-free and kernel crash.\n\nFix the resource leak by explicitly calling\nirq_domain_remove_generic_chips() before removing the IRQ domain in\nrockchip_gpio_remove().",
  "id": "GHSA-fw97-88cp-67m9",
  "modified": "2026-07-02T21:32:05Z",
  "published": "2026-06-25T09:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53226"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1c1e0fc88d6ef65bf15d517853251f75ab9d18c3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1f34ea5f6114011092d9a5c8b901ad6741144a1d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bace7b99bfa555fe833aee8827b8004c43666d02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FWGH-55J5-GC7G

Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2024-04-04 07:05
VLAI
Details

A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-19724"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-22T19:16:03Z",
    "severity": "MODERATE"
  },
  "details": "A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.",
  "id": "GHSA-fwgh-55j5-gc7g",
  "modified": "2024-04-04T07:05:41Z",
  "published": "2023-08-22T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-19724"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25362"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=805f38bc551de820bcd7b31d3c5731ae27cf853a"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=805f38bc551de820bcd7b31d3c5731ae27cf853a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FWPR-F242-C84Q

Vulnerability from github – Published: 2025-03-14 00:30 – Updated: 2025-03-14 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: use memset avoid memory leaks

Use memset to initialize structs to prevent memory leaks in l2cap_ecred_connect

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49116"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:48Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: use memset avoid memory leaks\n\nUse memset to initialize structs to prevent memory leaks\nin l2cap_ecred_connect",
  "id": "GHSA-fwpr-f242-c84q",
  "modified": "2025-03-14T00:30:49Z",
  "published": "2025-03-14T00:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49116"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/42b6a39f439b6f37cc2024d91ce547d83290ff78"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9567d54e70ff58c2695c2cc2e53c86c67551d3e6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d3715b2333e9a21692ba16ef8645eda584a9515d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d588c183a971b85c775ad66da563ee6e8bc8158f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e9e55acee9b7a737ec7f5161b94a78932a5514c8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FX5R-48PF-8F7W

Vulnerability from github – Published: 2026-04-03 18:31 – Updated: 2026-04-23 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

spi: amlogic-spisg: Fix memory leak in aml_spisg_probe()

In aml_spisg_probe(), ctlr is allocated by spi_alloc_target()/spi_alloc_host(), but fails to call spi_controller_put() in several error paths. This leads to a memory leak whenever the driver fails to probe after the initial allocation.

Convert to use devm_spi_alloc_host()/devm_spi_alloc_target() to fix the memory leak.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23431"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-03T16:16:24Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: amlogic-spisg: Fix memory leak in aml_spisg_probe()\n\nIn aml_spisg_probe(), ctlr is allocated by\nspi_alloc_target()/spi_alloc_host(), but fails to call\nspi_controller_put() in several error paths. This leads\nto a memory leak whenever the driver fails to probe after\nthe initial allocation.\n\nConvert to use devm_spi_alloc_host()/devm_spi_alloc_target()\nto fix the memory leak.",
  "id": "GHSA-fx5r-48pf-8f7w",
  "modified": "2026-04-23T21:31:18Z",
  "published": "2026-04-03T18:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23431"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e28a01b69f7ea8df7ceb15470cfe643b2828f4f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b8db9552997924b750e727a625a30eaa4603bbb9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bec21d97c968a4806939eb2946df49ea6c341bde"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FX78-MQ9W-6RPW

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-04 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix warning in cifs_smb3_do_mount()

This fixes the following warning reported by kernel test robot

fs/smb/client/cifsfs.c:982 cifs_smb3_do_mount() warn: possible memory leak of 'cifs_sb'

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53230"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:49Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix warning in cifs_smb3_do_mount()\n\nThis fixes the following warning reported by kernel test robot\n\n  fs/smb/client/cifsfs.c:982 cifs_smb3_do_mount() warn: possible\n  memory leak of \u0027cifs_sb\u0027",
  "id": "GHSA-fx78-mq9w-6rpw",
  "modified": "2025-12-04T15:30:32Z",
  "published": "2025-09-15T15:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53230"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/12c30f33cc6769bf411088a2872843c4f9ea32f9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/945f4a7aff84fde1f825d17a5050880345da3228"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9850867042674361f455ea8901375cff5b800be5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb79f8dfba343667f9a82a252743f4e8f67ce420"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.