CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-GJPW-73P9-V6CG
Vulnerability from github – Published: 2025-09-23 18:30 – Updated: 2025-09-23 18:30In the Linux kernel, the following vulnerability has been resolved:
drm/imx: Fix memory leak in imx_pd_connector_get_modes
Avoid leaking the display mode variable if of_get_drm_display_mode fails.
Addresses-Coverity-ID: 1443943 ("Resource leak")
{
"affected": [],
"aliases": [
"CVE-2022-49091"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:46Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imx: Fix memory leak in imx_pd_connector_get_modes\n\nAvoid leaking the display mode variable if of_get_drm_display_mode\nfails.\n\nAddresses-Coverity-ID: 1443943 (\"Resource leak\")",
"id": "GHSA-gjpw-73p9-v6cg",
"modified": "2025-09-23T18:30:20Z",
"published": "2025-09-23T18:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49091"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/31e449302ed00c38d4068443cf0243279701ab28"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/38bf605bd8c83d942c8dcffaef3633b7d8b37549"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/41624d7c0c3df71dee170c610744aaa5909327b8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7526102d908ec5ae777aa77723d52fce12916093"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bc23c327e1a23cc3555fa1e86288e13288515442"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bce81feb03a20fca7bbdd1c4af16b4e9d5c0e1d3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c539a6a5896ed92bfb91494e46996d013f3d5967"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d2c2758cfb0262637fd93350bdc8ad485fb1dd61"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f8b0ef0a5889890b50482b6593bd8de544736351"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GJPW-FMCG-X3XF
Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-12 21:31In the Linux kernel, the following vulnerability has been resolved:
USB: gadget: gr_udc: fix memory leak with using debugfs_lookup()
When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.
{
"affected": [],
"aliases": [
"CVE-2023-53405"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T14:15:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: gr_udc: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time. To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once.",
"id": "GHSA-gjpw-fmcg-x3xf",
"modified": "2025-12-12T21:31:31Z",
"published": "2025-09-18T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53405"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0933eca15f5223b5c2412080c8c3de8758465c78"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/30f9ba2396a1130eef7f2d3ee7ee8037b7c25be9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/73f4451368663ad28daa67980c6dd11d83b303eb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/be21a66e17ee0ab5f3513b6c86659e60cec5e981"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GJXW-MRG7-952F
Vulnerability from github – Published: 2026-01-27 18:32 – Updated: 2026-01-28 18:30Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.
{
"affected": [],
"aliases": [
"CVE-2025-28164"
],
"database_specific": {
"cwe_ids": [
"CWE-120",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-27T16:16:14Z",
"severity": "MODERATE"
},
"details": "Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.",
"id": "GHSA-gjxw-mrg7-952f",
"modified": "2026-01-28T18:30:47Z",
"published": "2026-01-27T18:32:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28164"
},
{
"type": "WEB",
"url": "https://github.com/pnggroup/libpng/issues/655"
},
{
"type": "WEB",
"url": "https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GM37-QX7W-P258
Vulnerability from github – Published: 2026-02-24 15:30 – Updated: 2026-02-24 15:30A memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed.
==880062== Memcheck, a memory error detector
==880062== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==880062== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==880062==
==880062==
==880062== HEAP SUMMARY:
==880062== in use at exit: 386,826 bytes in 696 blocks
==880062== total heap usage: 30,523 allocs, 29,827 frees, 21,803,756 bytes allocated
==880062==
==880062== LEAK SUMMARY:
==880062== definitely lost: 3,408 bytes in 3 blocks
==880062== indirectly lost: 88,885 bytes in 30 blocks
==880062== possibly lost: 140,944 bytes in 383 blocks
==880062== still reachable: 151,573 bytes in 259 blocks
==880062== suppressed: 0 bytes in 0 blocks
==880062== Reachable blocks (those to which a pointer was found) are not shown.
==880062== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==880062==
==880062== For lists of detected and suppressed errors, rerun with: -s
==880062== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25637"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-24T15:30:16Z",
"nvd_published_at": "2026-02-24T01:16:13Z",
"severity": "MODERATE"
},
"details": "A memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed.\n\n```\n==880062== Memcheck, a memory error detector\n==880062== Copyright (C) 2002-2017, and GNU GPL\u0027d, by Julian Seward et al.\n==880062== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info\n==880062== \n==880062== \n==880062== HEAP SUMMARY:\n==880062== in use at exit: 386,826 bytes in 696 blocks\n==880062== total heap usage: 30,523 allocs, 29,827 frees, 21,803,756 bytes allocated\n==880062== \n==880062== LEAK SUMMARY:\n==880062== definitely lost: 3,408 bytes in 3 blocks\n==880062== indirectly lost: 88,885 bytes in 30 blocks\n==880062== possibly lost: 140,944 bytes in 383 blocks\n==880062== still reachable: 151,573 bytes in 259 blocks\n==880062== suppressed: 0 bytes in 0 blocks\n==880062== Reachable blocks (those to which a pointer was found) are not shown.\n==880062== To see them, rerun with: --leak-check=full --show-leak-kinds=all\n==880062== \n==880062== For lists of detected and suppressed errors, rerun with: -s\n==880062== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)\n```",
"id": "GHSA-gm37-qx7w-p258",
"modified": "2026-02-24T15:30:16Z",
"published": "2026-02-24T15:30:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm37-qx7w-p258"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25637"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/30ce0e8efbd72fd6b50ed3a10ae22f57c8901137"
},
{
"type": "PACKAGE",
"url": "https://github.com/ImageMagick/ImageMagick"
},
{
"type": "WEB",
"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "ImageMagick: Possible memory leak in ASHLAR encoder"
}
GHSA-GM54-Q3XR-2X4R
Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-05-20 15:35In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix leak of kobject name for sub-group space_info
When create_space_info_sub_group() allocates elements of space_info->sub_group[], kobject_init_and_add() is called for each element via btrfs_sysfs_add_space_info_type(). However, when check_removing_space_info() frees these elements, it does not call btrfs_sysfs_remove_space_info() on them. As a result, kobject_put() is not called and the associated kobj->name objects are leaked.
This memory leak is reproduced by running the blktests test case zbd/009 on kernels built with CONFIG_DEBUG_KMEMLEAK. The kmemleak feature reports the following error:
unreferenced object 0xffff888112877d40 (size 16): comm "mount", pid 1244, jiffies 4294996972 hex dump (first 16 bytes): 64 61 74 61 2d 72 65 6c 6f 63 00 c4 c6 a7 cb 7f data-reloc...... backtrace (crc 53ffde4d): __kmalloc_node_track_caller_noprof+0x619/0x870 kstrdup+0x42/0xc0 kobject_set_name_vargs+0x44/0x110 kobject_init_and_add+0xcf/0x150 btrfs_sysfs_add_space_info_type+0xfc/0x210 [btrfs] create_space_info_sub_group.constprop.0+0xfb/0x1b0 [btrfs] create_space_info+0x211/0x320 [btrfs] btrfs_init_space_info+0x15a/0x1b0 [btrfs] open_ctree+0x33c7/0x4a50 [btrfs] btrfs_get_tree.cold+0x9f/0x1ee [btrfs] vfs_get_tree+0x87/0x2f0 vfs_cmd_create+0xbd/0x280 __do_sys_fsconfig+0x3df/0x990 do_syscall_64+0x136/0x1540 entry_SYSCALL_64_after_hwframe+0x76/0x7e
To avoid the leak, call btrfs_sysfs_remove_space_info() instead of kfree() for the elements.
{
"affected": [],
"aliases": [
"CVE-2026-31434"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T14:16:36Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix leak of kobject name for sub-group space_info\n\nWhen create_space_info_sub_group() allocates elements of\nspace_info-\u003esub_group[], kobject_init_and_add() is called for each\nelement via btrfs_sysfs_add_space_info_type(). However, when\ncheck_removing_space_info() frees these elements, it does not call\nbtrfs_sysfs_remove_space_info() on them. As a result, kobject_put() is\nnot called and the associated kobj-\u003ename objects are leaked.\n\nThis memory leak is reproduced by running the blktests test case\nzbd/009 on kernels built with CONFIG_DEBUG_KMEMLEAK. The kmemleak\nfeature reports the following error:\n\nunreferenced object 0xffff888112877d40 (size 16):\n comm \"mount\", pid 1244, jiffies 4294996972\n hex dump (first 16 bytes):\n 64 61 74 61 2d 72 65 6c 6f 63 00 c4 c6 a7 cb 7f data-reloc......\n backtrace (crc 53ffde4d):\n __kmalloc_node_track_caller_noprof+0x619/0x870\n kstrdup+0x42/0xc0\n kobject_set_name_vargs+0x44/0x110\n kobject_init_and_add+0xcf/0x150\n btrfs_sysfs_add_space_info_type+0xfc/0x210 [btrfs]\n create_space_info_sub_group.constprop.0+0xfb/0x1b0 [btrfs]\n create_space_info+0x211/0x320 [btrfs]\n btrfs_init_space_info+0x15a/0x1b0 [btrfs]\n open_ctree+0x33c7/0x4a50 [btrfs]\n btrfs_get_tree.cold+0x9f/0x1ee [btrfs]\n vfs_get_tree+0x87/0x2f0\n vfs_cmd_create+0xbd/0x280\n __do_sys_fsconfig+0x3df/0x990\n do_syscall_64+0x136/0x1540\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nTo avoid the leak, call btrfs_sysfs_remove_space_info() instead of\nkfree() for the elements.",
"id": "GHSA-gm54-q3xr-2x4r",
"modified": "2026-05-20T15:35:22Z",
"published": "2026-04-22T15:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31434"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1737ddeafbb1304f41ec2eede4f7366082e7c96a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3c645c6f7e5470debbb81666b230056de48f36dc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3c844d01f9874a43004c82970d8da94f9aba8949"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/416484f21a9d1280cf6daa7ebc10c79b59c46e48"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/94054ffd311a1f76b7093ba8ebf50bdb0d28337c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a4376d9a5d4c9610e69def3fc0b32c86a7ab7a41"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GM9H-7H2X-8V7P
Vulnerability from github – Published: 2022-05-24 22:00 – Updated: 2022-05-24 22:00ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
{
"affected": [],
"aliases": [
"CVE-2019-16708"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-23T12:15:00Z",
"severity": "MODERATE"
},
"details": "ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.",
"id": "GHSA-gm9h-7h2x-8v7p",
"modified": "2022-05-24T22:00:41Z",
"published": "2022-05-24T22:00:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16708"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/1531"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4192-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4712"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GMPX-HJJV-XJ6F
Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-11 21:31In the Linux kernel, the following vulnerability has been resolved:
tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
In crb_acpi_add(), we get the TPM2 table to retrieve information like start method, and then assign them to the priv data, so the TPM2 table is not used after the init, should be freed, call acpi_put_table() to fix the memory leak.
{
"affected": [],
"aliases": [
"CVE-2022-50389"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T14:15:37Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak\n\nIn crb_acpi_add(), we get the TPM2 table to retrieve information\nlike start method, and then assign them to the priv data, so the\nTPM2 table is not used after the init, should be freed, call\nacpi_put_table() to fix the memory leak.",
"id": "GHSA-gmpx-hjjv-xj6f",
"modified": "2025-12-11T21:31:26Z",
"published": "2025-09-18T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50389"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/08fd965521d0e172d540cf945517810895fcb199"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0bd9b4be721c776f77adcaf34105dfca3007ddb9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1af2232b13837ce0f3a082b9f43735b09aafc367"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2fcd3dc8b97a14f1672729c86b7041a1a89b052a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/37e90c374dd11cf4919c51e847c6d6ced0abc555"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/927860dfa161ae8392a264197257dbdc52b26b0f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/986cd9a9b95423e35a2cbb8e9105aec0e0d7f337"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b0785edaf649e5f04dc7f75533e810f4c00e4106"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GMRR-4GFX-7VM5
Vulnerability from github – Published: 2026-05-05 18:33 – Updated: 2026-05-29 18:31In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_ll: Fix firmware leak on error path
Smatch reports:
drivers/bluetooth/hci_ll.c:587 download_firmware() warn: 'fw' from request_firmware() not released on lines: 544.
In download_firmware(), if request_firmware() succeeds but the returned firmware content is invalid (no data or zero size), the function returns without releasing the firmware, resulting in a resource leak.
Fix this by calling release_firmware() before returning when request_firmware() succeeded but the firmware content is invalid.
{
"affected": [],
"aliases": [
"CVE-2026-43069"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-05T16:16:16Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_ll: Fix firmware leak on error path\n\nSmatch reports:\n\ndrivers/bluetooth/hci_ll.c:587 download_firmware() warn:\n\u0027fw\u0027 from request_firmware() not released on lines: 544.\n\nIn download_firmware(), if request_firmware() succeeds but the returned\nfirmware content is invalid (no data or zero size), the function returns\nwithout releasing the firmware, resulting in a resource leak.\n\nFix this by calling release_firmware() before returning when\nrequest_firmware() succeeded but the firmware content is invalid.",
"id": "GHSA-gmrr-4gfx-7vm5",
"modified": "2026-05-29T18:31:14Z",
"published": "2026-05-05T18:33:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43069"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/28904375d54b436a757641fb0331537778c0de5a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/31148a7be723aa9f2e8fbd62424825ab8d577973"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5213ef54528dd1ac79b846e30d8f72ce092794aa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/95e8601af227b2b4390eecf8db6abdb9f6a91f17"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9ecbfd93cd6de6c78cb7fd51fe079e36c7ff074b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7803df606a7d22e896b030f619e1d9d20ae0c6b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b2dfbf1b5ff192cefd49574b951a4af9ddd32213"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e6d95488c8c964d1df0d3e1db44c958706311e86"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GMWX-QV5P-38RC
Vulnerability from github – Published: 2022-07-21 00:00 – Updated: 2022-07-28 00:00An Improper Release of Memory Before Removing Last Reference vulnerability in the Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Juniper Networks Junos OS allows unauthenticated network-based attacker to cause a partial Denial of Service (DoS). On all MX and SRX platforms, if the SIP ALG is enabled, receipt of a specific SIP packet will create a stale SIP entry. Sustained receipt of such packets will cause the SIP call table to eventually fill up and cause a DoS for all SIP traffic. The SIP call usage can be monitored by "show security alg sip calls". To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify on SRX with: user@host> show security alg status | match sip SIP : Enabled Please verify on MX whether the following is configured: [ services ... rule (term ) from/match application/application-set ] where either a. name = junos-sip or an application or application-set refers to SIP: b. [ applications application application-protocol sip ] or c. [ applications application-set application junos-sip ] This issue affects Juniper Networks Junos OS on SRX Series and MX Series: 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R2-S2; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1. Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-22204"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-20T15:15:00Z",
"severity": "MODERATE"
},
"details": "An Improper Release of Memory Before Removing Last Reference vulnerability in the Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Juniper Networks Junos OS allows unauthenticated network-based attacker to cause a partial Denial of Service (DoS). On all MX and SRX platforms, if the SIP ALG is enabled, receipt of a specific SIP packet will create a stale SIP entry. Sustained receipt of such packets will cause the SIP call table to eventually fill up and cause a DoS for all SIP traffic. The SIP call usage can be monitored by \"show security alg sip calls\". To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify on SRX with: user@host\u003e show security alg status | match sip SIP : Enabled Please verify on MX whether the following is configured: [ services ... rule \u003crule-name\u003e (term \u003cterm-name\u003e) from/match application/application-set \u003cname\u003e ] where either a. name = junos-sip or an application or application-set refers to SIP: b. [ applications application \u003cname\u003e application-protocol sip ] or c. [ applications application-set \u003cname\u003e application junos-sip ] This issue affects Juniper Networks Junos OS on SRX Series and MX Series: 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R2-S2; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1. Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",
"id": "GHSA-gmwx-qv5p-38rc",
"modified": "2022-07-28T00:00:41Z",
"published": "2022-07-21T00:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22204"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA69708"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-GP22-5FGH-Q68V
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-05-07 15:31In the Linux kernel, the following vulnerability has been resolved:
nfc: fdp: Fix potential memory leak in fdp_nci_send()
fdp_nci_send() will call fdp_nci_i2c_write that will not free skb in the function. As a result, when fdp_nci_i2c_write() finished, the skb will memleak. fdp_nci_send() should free skb after fdp_nci_i2c_write() finished.
{
"affected": [],
"aliases": [
"CVE-2022-49924"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T15:16:18Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: fdp: Fix potential memory leak in fdp_nci_send()\n\nfdp_nci_send() will call fdp_nci_i2c_write that will not free skb in\nthe function. As a result, when fdp_nci_i2c_write() finished, the skb\nwill memleak. fdp_nci_send() should free skb after fdp_nci_i2c_write()\nfinished.",
"id": "GHSA-gp22-5fgh-q68v",
"modified": "2025-05-07T15:31:27Z",
"published": "2025-05-01T15:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49924"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1a7a898f8f7b56c0eaa2baf67a0c96235a30bc29"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/44bc1868a4f542502ea2221fe5ad88ca66d1c6b6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8e4aae6b8ca76afb1fb64dcb24be44ba814e7f8a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e8c11ee2d07f7c4dfa2ac0ea8efc4f627e58ea57"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.