CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-GP2G-J8Q2-W9V8
Vulnerability from github – Published: 2025-09-16 18:31 – Updated: 2025-12-02 00:31In the Linux kernel, the following vulnerability has been resolved:
net: fix net_dev_start_xmit trace event vs skb_transport_offset()
After blamed commit, we must be more careful about using skb_transport_offset(), as reminded us by syzbot:
WARNING: CPU: 0 PID: 10 at include/linux/skbuff.h:2868 skb_transport_offset include/linux/skbuff.h:2977 [inline] WARNING: CPU: 0 PID: 10 at include/linux/skbuff.h:2868 perf_trace_net_dev_start_xmit+0x89a/0xce0 include/trace/events/net.h:14 Modules linked in: CPU: 0 PID: 10 Comm: kworker/u4:1 Not tainted 6.1.30-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:skb_transport_header include/linux/skbuff.h:2868 [inline] RIP: 0010:skb_transport_offset include/linux/skbuff.h:2977 [inline] RIP: 0010:perf_trace_net_dev_start_xmit+0x89a/0xce0 include/trace/events/net.h:14 Code: 8b 04 25 28 00 00 00 48 3b 84 24 c0 00 00 00 0f 85 4e 04 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc e8 56 22 01 fd <0f> 0b e9 f6 fc ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 86 f9 ff RSP: 0018:ffffc900002bf700 EFLAGS: 00010293 RAX: ffffffff8485d8ca RBX: 000000000000ffff RCX: ffff888100914280 RDX: 0000000000000000 RSI: 000000000000ffff RDI: 000000000000ffff RBP: ffffc900002bf818 R08: ffffffff8485d5b6 R09: fffffbfff0f8fb5e R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110217d8f67 R13: ffff88810bec7b3a R14: dffffc0000000000 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8881f6a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f96cf6d52f0 CR3: 000000012224c000 CR4: 0000000000350ef0 Call Trace: [] trace_net_dev_start_xmit include/trace/events/net.h:14 [inline] [] xmit_one net/core/dev.c:3643 [inline] [] dev_hard_start_xmit+0x705/0x980 net/core/dev.c:3660 [] __dev_queue_xmit+0x16b2/0x3370 net/core/dev.c:4324 [] dev_queue_xmit include/linux/netdevice.h:3030 [inline] [] batadv_send_skb_packet+0x3f3/0x680 net/batman-adv/send.c:108 [] batadv_send_broadcast_skb+0x24/0x30 net/batman-adv/send.c:127 [] batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:393 [inline] [] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:421 [inline] [] batadv_iv_send_outstanding_bat_ogm_packet+0x69a/0x840 net/batman-adv/bat_iv_ogm.c:1701 [] process_one_work+0x8ac/0x1170 kernel/workqueue.c:2289 [] worker_thread+0xaa8/0x12d0 kernel/workqueue.c:2436
{
"affected": [],
"aliases": [
"CVE-2023-53312"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-16T17:15:37Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix net_dev_start_xmit trace event vs skb_transport_offset()\n\nAfter blamed commit, we must be more careful about using\nskb_transport_offset(), as reminded us by syzbot:\n\nWARNING: CPU: 0 PID: 10 at include/linux/skbuff.h:2868 skb_transport_offset include/linux/skbuff.h:2977 [inline]\nWARNING: CPU: 0 PID: 10 at include/linux/skbuff.h:2868 perf_trace_net_dev_start_xmit+0x89a/0xce0 include/trace/events/net.h:14\nModules linked in:\nCPU: 0 PID: 10 Comm: kworker/u4:1 Not tainted 6.1.30-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nWorkqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet\nRIP: 0010:skb_transport_header include/linux/skbuff.h:2868 [inline]\nRIP: 0010:skb_transport_offset include/linux/skbuff.h:2977 [inline]\nRIP: 0010:perf_trace_net_dev_start_xmit+0x89a/0xce0 include/trace/events/net.h:14\nCode: 8b 04 25 28 00 00 00 48 3b 84 24 c0 00 00 00 0f 85 4e 04 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc e8 56 22 01 fd \u003c0f\u003e 0b e9 f6 fc ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 86 f9 ff\nRSP: 0018:ffffc900002bf700 EFLAGS: 00010293\nRAX: ffffffff8485d8ca RBX: 000000000000ffff RCX: ffff888100914280\nRDX: 0000000000000000 RSI: 000000000000ffff RDI: 000000000000ffff\nRBP: ffffc900002bf818 R08: ffffffff8485d5b6 R09: fffffbfff0f8fb5e\nR10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110217d8f67\nR13: ffff88810bec7b3a R14: dffffc0000000000 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ffff8881f6a00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f96cf6d52f0 CR3: 000000012224c000 CR4: 0000000000350ef0\nCall Trace:\n\u003cTASK\u003e\n[\u003cffffffff84715e35\u003e] trace_net_dev_start_xmit include/trace/events/net.h:14 [inline]\n[\u003cffffffff84715e35\u003e] xmit_one net/core/dev.c:3643 [inline]\n[\u003cffffffff84715e35\u003e] dev_hard_start_xmit+0x705/0x980 net/core/dev.c:3660\n[\u003cffffffff8471a232\u003e] __dev_queue_xmit+0x16b2/0x3370 net/core/dev.c:4324\n[\u003cffffffff85416493\u003e] dev_queue_xmit include/linux/netdevice.h:3030 [inline]\n[\u003cffffffff85416493\u003e] batadv_send_skb_packet+0x3f3/0x680 net/batman-adv/send.c:108\n[\u003cffffffff85416744\u003e] batadv_send_broadcast_skb+0x24/0x30 net/batman-adv/send.c:127\n[\u003cffffffff853bc52a\u003e] batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:393 [inline]\n[\u003cffffffff853bc52a\u003e] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:421 [inline]\n[\u003cffffffff853bc52a\u003e] batadv_iv_send_outstanding_bat_ogm_packet+0x69a/0x840 net/batman-adv/bat_iv_ogm.c:1701\n[\u003cffffffff8151023c\u003e] process_one_work+0x8ac/0x1170 kernel/workqueue.c:2289\n[\u003cffffffff81511938\u003e] worker_thread+0xaa8/0x12d0 kernel/workqueue.c:2436",
"id": "GHSA-gp2g-j8q2-w9v8",
"modified": "2025-12-02T00:31:12Z",
"published": "2025-09-16T18:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53312"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/58f9e88eb247263c74383b4ee8858abac15cdbe0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ced61418f46993d571385812bafed3a7d4ab6918"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f88fcb1d7d961b4b402d675109726f94db87571c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GP9F-XH95-X98X
Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2024-12-31 21:30In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix possible memory leak in ovs_meter_cmd_set()
old_meter needs to be free after it is detached regardless of whether the new meter is successfully attached.
{
"affected": [],
"aliases": [
"CVE-2023-52702"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T16:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix possible memory leak in ovs_meter_cmd_set()\n\nold_meter needs to be free after it is detached regardless of whether\nthe new meter is successfully attached.",
"id": "GHSA-gp9f-xh95-x98x",
"modified": "2024-12-31T21:30:44Z",
"published": "2024-05-21T18:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52702"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1563e998a938f095548054ef09e277b562b79536"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2fa28f5c6fcbfc794340684f36d2581b4f2d20b5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c0f65ee0a3329eb4b94beaef0268633696e2d0c6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e336a9e08618203a456fb5367f1387b14554f55e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GPFM-3CF9-QPHW
Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-16 21:30In the Linux kernel, the following vulnerability has been resolved:
drm/radeon: free iio for atombios when driver shutdown
Fix below kmemleak when unload radeon driver:
unreferenced object 0xffff9f8608ede200 (size 512): comm "systemd-udevd", pid 326, jiffies 4294682822 (age 716.338s) hex dump (first 32 bytes): 00 00 00 00 c4 aa ec aa 14 ab 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000062fadebe>] kmem_cache_alloc_trace+0x2f1/0x500 [<00000000b6883cea>] atom_parse+0x117/0x230 [radeon] [<00000000158c23fd>] radeon_atombios_init+0xab/0x170 [radeon] [<00000000683f672e>] si_init+0x57/0x750 [radeon] [<00000000566cc31f>] radeon_device_init+0x559/0x9c0 [radeon] [<0000000046efabb3>] radeon_driver_load_kms+0xc1/0x1a0 [radeon] [<00000000b5155064>] drm_dev_register+0xdd/0x1d0 [<0000000045fec835>] radeon_pci_probe+0xbd/0x100 [radeon] [<00000000e69ecca3>] pci_device_probe+0xe1/0x160 [<0000000019484b76>] really_probe.part.0+0xc1/0x2c0 [<000000003f2649da>] __driver_probe_device+0x96/0x130 [<00000000231c5bb1>] driver_probe_device+0x24/0xf0 [<0000000000a42377>] __driver_attach+0x77/0x190 [<00000000d7574da6>] bus_for_each_dev+0x7f/0xd0 [<00000000633166d2>] driver_attach+0x1e/0x30 [<00000000313b05b8>] bus_add_driver+0x12c/0x1e0
iio was allocated in atom_index_iio() called by atom_parse(), but it doesn't got released when the dirver is shutdown. Fix this kmemleak by free it in radeon_atombios_fini().
{
"affected": [],
"aliases": [
"CVE-2023-53453"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T12:15:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: free iio for atombios when driver shutdown\n\nFix below kmemleak when unload radeon driver:\n\nunreferenced object 0xffff9f8608ede200 (size 512):\n comm \"systemd-udevd\", pid 326, jiffies 4294682822 (age 716.338s)\n hex dump (first 32 bytes):\n 00 00 00 00 c4 aa ec aa 14 ab 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000062fadebe\u003e] kmem_cache_alloc_trace+0x2f1/0x500\n [\u003c00000000b6883cea\u003e] atom_parse+0x117/0x230 [radeon]\n [\u003c00000000158c23fd\u003e] radeon_atombios_init+0xab/0x170 [radeon]\n [\u003c00000000683f672e\u003e] si_init+0x57/0x750 [radeon]\n [\u003c00000000566cc31f\u003e] radeon_device_init+0x559/0x9c0 [radeon]\n [\u003c0000000046efabb3\u003e] radeon_driver_load_kms+0xc1/0x1a0 [radeon]\n [\u003c00000000b5155064\u003e] drm_dev_register+0xdd/0x1d0\n [\u003c0000000045fec835\u003e] radeon_pci_probe+0xbd/0x100 [radeon]\n [\u003c00000000e69ecca3\u003e] pci_device_probe+0xe1/0x160\n [\u003c0000000019484b76\u003e] really_probe.part.0+0xc1/0x2c0\n [\u003c000000003f2649da\u003e] __driver_probe_device+0x96/0x130\n [\u003c00000000231c5bb1\u003e] driver_probe_device+0x24/0xf0\n [\u003c0000000000a42377\u003e] __driver_attach+0x77/0x190\n [\u003c00000000d7574da6\u003e] bus_for_each_dev+0x7f/0xd0\n [\u003c00000000633166d2\u003e] driver_attach+0x1e/0x30\n [\u003c00000000313b05b8\u003e] bus_add_driver+0x12c/0x1e0\n\niio was allocated in atom_index_iio() called by atom_parse(),\nbut it doesn\u0027t got released when the dirver is shutdown.\nFix this kmemleak by free it in radeon_atombios_fini().",
"id": "GHSA-gpfm-3cf9-qphw",
"modified": "2026-01-16T21:30:29Z",
"published": "2025-10-01T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53453"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/107b8b542bb9dab4cbdc3276c85fbdd7f6782313"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4773fadedca918faec443daaca5e4ea1c0ced144"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9cdb96b55651c92fc949cfd54124406c3c912b6b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cb109cedbba11c33473e6780c256d8442a9e4460"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cda2f7efbc2d857220dad32e315a54565b285c1c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ce9e9d3dcbb0d1551ffd1a7f16e7c051f3ba4140"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e2791f2f4d1d804e45fa91b14295c326b64c65f1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f9f55fc64928b5e30d78f861c5fc76db9e769ebb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GPX7-7C62-M3G8
Vulnerability from github – Published: 2024-01-12 03:30 – Updated: 2024-01-12 03:30A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd.
Thread level memory utilization for the areas where the leak occurs can be checked using the below command:
user@host> show task memory detail | match so_in so_in6 28 32 344450 11022400 344760 11032320 so_in 8 16 1841629 29466064 1841734 29467744 This issue affects:
Junos OS
- 21.4 versions earlier than 21.4R3;
- 22.1 versions earlier than 22.1R3;
- 22.2 versions earlier than 22.2R3.
Junos OS Evolved
- 21.4-EVO versions earlier than 21.4R3-EVO;
- 22.1-EVO versions earlier than 22.1R3-EVO;
- 22.2-EVO versions earlier than 22.2R3-EVO.
This issue does not affect:
Juniper Networks Junos OS versions earlier than 21.4R1.
Juniper Networks Junos OS Evolved versions earlier than 21.4R1.
{
"affected": [],
"aliases": [
"CVE-2024-21611"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-12T01:15:49Z",
"severity": "HIGH"
},
"details": "\nA Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nIn a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd.\n\nThread level memory utilization for the areas where the leak occurs can be checked using the below command:\n\nuser@host\u003e show task memory detail | match so_in\nso_in6 28 32 344450 11022400 344760 11032320\nso_in 8 16 1841629 29466064 1841734 29467744\nThis issue affects:\n\nJunos OS\n\n\n\n * 21.4 versions earlier than 21.4R3;\n * 22.1 versions earlier than 22.1R3;\n * 22.2 versions earlier than 22.2R3.\n\n\n\n\nJunos OS Evolved\n\n\n\n * 21.4-EVO versions earlier than 21.4R3-EVO;\n * 22.1-EVO versions earlier than 22.1R3-EVO;\n * 22.2-EVO versions earlier than 22.2R3-EVO.\n\n\n\n\nThis issue does not affect:\n\nJuniper Networks Junos OS versions earlier than 21.4R1.\n\nJuniper Networks Junos OS Evolved versions earlier than 21.4R1.\n\n\n\n",
"id": "GHSA-gpx7-7c62-m3g8",
"modified": "2024-01-12T03:30:49Z",
"published": "2024-01-12T03:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21611"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA75752"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GQ4H-957W-5267
Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2025-04-20 03:34Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
{
"affected": [],
"aliases": [
"CVE-2016-10155"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-15T15:59:00Z",
"severity": "MODERATE"
},
"details": "Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.",
"id": "GHSA-gq4h-957w-5267",
"modified": "2025-04-20T03:34:09Z",
"published": "2022-05-13T01:13:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10155"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb7a20a3616085d46aa6b4b4224e15587ec67e6e"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/01/20/14"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/01/21/4"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95770"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GQG7-C937-VCQH
Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-12 18:30In the Linux kernel, the following vulnerability has been resolved:
tracing: Free error logs of tracing instances
When a tracing instance is removed, the error messages that hold errors that occurred in the instance needs to be freed. The following reports a memory leak:
# cd /sys/kernel/tracing # mkdir instances/foo # echo 'hist:keys=x' > instances/foo/events/sched/sched_switch/trigger # cat instances/foo/error_log [ 117.404795] hist:sched:sched_switch: error: Couldn't find field Command: hist:keys=x ^ # rmdir instances/foo
Then check for memory leaks:
# echo scan > /sys/kernel/debug/kmemleak
# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff88810d8ec700 (size 192):
comm "bash", pid 869, jiffies 4294950577 (age 215.752s)
hex dump (first 32 bytes):
60 dd 68 61 81 88 ff ff 60 dd 68 61 81 88 ff ff .ha.....ha....
a0 30 8c 83 ff ff ff ff 26 00 0a 00 00 00 00 00 .0......&.......
backtrace:
[<00000000dae26536>] kmalloc_trace+0x2a/0xa0
[<00000000b2938940>] tracing_log_err+0x277/0x2e0
[<000000004a0e1b07>] parse_atom+0x966/0xb40
[<0000000023b24337>] parse_expr+0x5f3/0xdb0
[<00000000594ad074>] event_hist_trigger_parse+0x27f8/0x3560
[<00000000293a9645>] trigger_process_regex+0x135/0x1a0
[<000000005c22b4f2>] event_trigger_write+0x87/0xf0
[<000000002cadc509>] vfs_write+0x162/0x670
[<0000000059c3b9be>] ksys_write+0xca/0x170
[<00000000f1cddc00>] do_syscall_64+0x3e/0xc0
[<00000000868ac68c>] entry_SYSCALL_64_after_hwframe+0x72/0xdc
unreferenced object 0xffff888170c35a00 (size 32):
comm "bash", pid 869, jiffies 4294950577 (age 215.752s)
hex dump (first 32 bytes):
0a 20 20 43 6f 6d 6d 61 6e 64 3a 20 68 69 73 74 . Command: hist
3a 6b 65 79 73 3d 78 0a 00 00 00 00 00 00 00 00 :keys=x.........
backtrace:
[<000000006a747de5>] __kmalloc+0x4d/0x160
[<000000000039df5f>] tracing_log_err+0x29b/0x2e0
[<000000004a0e1b07>] parse_atom+0x966/0xb40
[<0000000023b24337>] parse_expr+0x5f3/0xdb0
[<00000000594ad074>] event_hist_trigger_parse+0x27f8/0x3560
[<00000000293a9645>] trigger_process_regex+0x135/0x1a0
[<000000005c22b4f2>] event_trigger_write+0x87/0xf0
[<000000002cadc509>] vfs_write+0x162/0x670
[<0000000059c3b9be>] ksys_write+0xca/0x170
[<00000000f1cddc00>] do_syscall_64+0x3e/0xc0
[<00000000868ac68c>] entry_SYSCALL_64_after_hwframe+0x72/0xdc
The problem is that the error log needs to be freed when the instance is removed.
{
"affected": [],
"aliases": [
"CVE-2023-53375"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T14:15:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Free error logs of tracing instances\n\nWhen a tracing instance is removed, the error messages that hold errors\nthat occurred in the instance needs to be freed. The following reports a\nmemory leak:\n\n # cd /sys/kernel/tracing\n # mkdir instances/foo\n # echo \u0027hist:keys=x\u0027 \u003e instances/foo/events/sched/sched_switch/trigger\n # cat instances/foo/error_log\n [ 117.404795] hist:sched:sched_switch: error: Couldn\u0027t find field\n Command: hist:keys=x\n ^\n # rmdir instances/foo\n\nThen check for memory leaks:\n\n # echo scan \u003e /sys/kernel/debug/kmemleak\n # cat /sys/kernel/debug/kmemleak\nunreferenced object 0xffff88810d8ec700 (size 192):\n comm \"bash\", pid 869, jiffies 4294950577 (age 215.752s)\n hex dump (first 32 bytes):\n 60 dd 68 61 81 88 ff ff 60 dd 68 61 81 88 ff ff `.ha....`.ha....\n a0 30 8c 83 ff ff ff ff 26 00 0a 00 00 00 00 00 .0......\u0026.......\n backtrace:\n [\u003c00000000dae26536\u003e] kmalloc_trace+0x2a/0xa0\n [\u003c00000000b2938940\u003e] tracing_log_err+0x277/0x2e0\n [\u003c000000004a0e1b07\u003e] parse_atom+0x966/0xb40\n [\u003c0000000023b24337\u003e] parse_expr+0x5f3/0xdb0\n [\u003c00000000594ad074\u003e] event_hist_trigger_parse+0x27f8/0x3560\n [\u003c00000000293a9645\u003e] trigger_process_regex+0x135/0x1a0\n [\u003c000000005c22b4f2\u003e] event_trigger_write+0x87/0xf0\n [\u003c000000002cadc509\u003e] vfs_write+0x162/0x670\n [\u003c0000000059c3b9be\u003e] ksys_write+0xca/0x170\n [\u003c00000000f1cddc00\u003e] do_syscall_64+0x3e/0xc0\n [\u003c00000000868ac68c\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc\nunreferenced object 0xffff888170c35a00 (size 32):\n comm \"bash\", pid 869, jiffies 4294950577 (age 215.752s)\n hex dump (first 32 bytes):\n 0a 20 20 43 6f 6d 6d 61 6e 64 3a 20 68 69 73 74 . Command: hist\n 3a 6b 65 79 73 3d 78 0a 00 00 00 00 00 00 00 00 :keys=x.........\n backtrace:\n [\u003c000000006a747de5\u003e] __kmalloc+0x4d/0x160\n [\u003c000000000039df5f\u003e] tracing_log_err+0x29b/0x2e0\n [\u003c000000004a0e1b07\u003e] parse_atom+0x966/0xb40\n [\u003c0000000023b24337\u003e] parse_expr+0x5f3/0xdb0\n [\u003c00000000594ad074\u003e] event_hist_trigger_parse+0x27f8/0x3560\n [\u003c00000000293a9645\u003e] trigger_process_regex+0x135/0x1a0\n [\u003c000000005c22b4f2\u003e] event_trigger_write+0x87/0xf0\n [\u003c000000002cadc509\u003e] vfs_write+0x162/0x670\n [\u003c0000000059c3b9be\u003e] ksys_write+0xca/0x170\n [\u003c00000000f1cddc00\u003e] do_syscall_64+0x3e/0xc0\n [\u003c00000000868ac68c\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nThe problem is that the error log needs to be freed when the instance is\nremoved.",
"id": "GHSA-gqg7-c937-vcqh",
"modified": "2025-12-12T18:30:28Z",
"published": "2025-09-18T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53375"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3357c6e429643231e60447b52ffbb7ac895aca22"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/33d5d4e67a0e13c3ca6257fa67bf6503bc000878"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/46771c34d6721abfd9e7903eaed2201051eebec6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6e36373aa5ffa8e00fe7c71b3209f6f17081e552"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/987f599fc556a4e64c405d8dde32c70311e8c278"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c0cf0f55be043ef67c38f492aa37ed1986d2f6b6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GQG8-WW6W-XC5V
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-08 21:31In the Linux kernel, the following vulnerability has been resolved:
media: radio-keene: fix memory leak in error path
Fix a memory leak in usb_keene_probe(). The v4l2 control handler is initialized and controls are added, but if v4l2_device_register() or video_register_device() fails afterward, the handler was never freed, leaking memory.
Add v4l2_ctrl_handler_free() call in the err_v4l2 error path to ensure the control handler is properly freed for all error paths after it is initialized.
{
"affected": [],
"aliases": [
"CVE-2026-43231"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T12:16:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: radio-keene: fix memory leak in error path\n\nFix a memory leak in usb_keene_probe(). The v4l2 control handler is\ninitialized and controls are added, but if v4l2_device_register() or\nvideo_register_device() fails afterward, the handler was never freed,\nleaking memory.\n\nAdd v4l2_ctrl_handler_free() call in the err_v4l2 error path to ensure\nthe control handler is properly freed for all error paths after it is\ninitialized.",
"id": "GHSA-gqg8-ww6w-xc5v",
"modified": "2026-05-08T21:31:21Z",
"published": "2026-05-06T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43231"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1d8558a232ecb187e8e0328d6347a125f437a0fc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/242b0aabb1866024a7995a767ac330c158b39aa4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/27c508f61963013fdf29097578284099ee7a85a4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2fe28a63d598235595a9601e0d8fdc7c8f4fd575"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7fa9754f48cb8eefa566156be341e63d313247e5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ad85bb5623079a35bd400f51de2e2fbc2170bdb2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b8bf939d77c0cd01118e953bbf554e0fa15e9006"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/de204d87e7d61859937272fe30cbdd46a4cfb10a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GQJ6-FPPC-VR34
Vulnerability from github – Published: 2025-02-10 15:32 – Updated: 2025-04-05 00:30A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
{
"affected": [],
"aliases": [
"CVE-2025-1148"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-10T14:15:29Z",
"severity": "LOW"
},
"details": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I\u0027m not going to commit some of the leak fixes I\u0027ve been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"",
"id": "GHSA-gqj6-fppc-vr34",
"modified": "2025-04-05T00:30:27Z",
"published": "2025-02-10T15:32:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1148"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250404-0004"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=15887"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32576"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.295052"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.295052"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.485747"
},
{
"type": "WEB",
"url": "https://www.gnu.org"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GQRP-9MP9-2RF6
Vulnerability from github – Published: 2024-10-08 06:30 – Updated: 2024-10-08 06:30in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak.
{
"affected": [],
"aliases": [
"CVE-2024-43696"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-08T04:15:07Z",
"severity": "LOW"
},
"details": "in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak.",
"id": "GHSA-gqrp-9mp9-2rf6",
"modified": "2024-10-08T06:30:47Z",
"published": "2024-10-08T06:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43696"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-10.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-GQVJ-VMM6-RX6C
Vulnerability from github – Published: 2024-06-21 12:31 – Updated: 2025-04-01 18:30In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup
Use the control private_free callback to free the associated data block. This ensures that the memory won't leak, whatever way the control gets destroyed.
The original implementation didn't actually remove the ALSA controls in hda_cs_dsp_control_remove(). It only freed the internal tracking structure. This meant it was possible to remove/unload the amp driver while leaving its ALSA controls still present in the soundcard. Obviously attempting to access them could cause segfaults or at least dereferencing stale pointers.
{
"affected": [],
"aliases": [
"CVE-2024-38388"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-21T11:15:10Z",
"severity": "LOW"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda/cs_dsp_ctl: Use private_free for control cleanup\n\nUse the control private_free callback to free the associated data\nblock. This ensures that the memory won\u0027t leak, whatever way the\ncontrol gets destroyed.\n\nThe original implementation didn\u0027t actually remove the ALSA\ncontrols in hda_cs_dsp_control_remove(). It only freed the internal\ntracking structure. This meant it was possible to remove/unload the\namp driver while leaving its ALSA controls still present in the\nsoundcard. Obviously attempting to access them could cause segfaults\nor at least dereferencing stale pointers.",
"id": "GHSA-gqvj-vmm6-rx6c",
"modified": "2025-04-01T18:30:40Z",
"published": "2024-06-21T12:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38388"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/172811e3a557d8681a5e2d0f871dc04a2d17eb13"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/191dc1b2ff0fb35e7aff15a53224837637df8bff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3291486af5636540980ea55bae985f3eaa5b0740"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6e359be4975006ff72818e79dad8fe48293f2eb2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.