Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-H255-J2Q2-5HRG

Vulnerability from github – Published: 2026-04-03 18:31 – Updated: 2026-04-27 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode

Page recycling was removed from the XDP_DROP path in emac_run_xdp() to avoid conflicts with AF_XDP zero-copy mode, which uses xsk_buff_free() instead.

However, this causes a memory leak when running XDP programs that drop packets in non-zero-copy mode (standard page pool mode). The pages are never returned to the page pool, leading to OOM conditions.

Fix this by handling cleanup in the caller, emac_rx_packet(). When emac_run_xdp() returns ICSSG_XDP_CONSUMED for XDP_DROP, the caller now recycles the page back to the page pool. The zero-copy path, emac_rx_packet_zc() already handles cleanup correctly with xsk_buff_free().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23453"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-03T16:16:31Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode\n\nPage recycling was removed from the XDP_DROP path in emac_run_xdp() to\navoid conflicts with AF_XDP zero-copy mode, which uses xsk_buff_free()\ninstead.\n\nHowever, this causes a memory leak when running XDP programs that drop\npackets in non-zero-copy mode (standard page pool mode). The pages are\nnever returned to the page pool, leading to OOM conditions.\n\nFix this by handling cleanup in the caller, emac_rx_packet().\nWhen emac_run_xdp() returns ICSSG_XDP_CONSUMED for XDP_DROP, the\ncaller now recycles the page back to the page pool. The zero-copy\npath, emac_rx_packet_zc() already handles cleanup correctly with\nxsk_buff_free().",
  "id": "GHSA-h255-j2q2-5hrg",
  "modified": "2026-04-27T15:30:31Z",
  "published": "2026-04-03T18:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23453"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/719d3e71691db7c4f1658ba5a6d1472928121594"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d16d57dedcb69c1a1257e0638f8698ce1f0ccbe5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H26C-RRRX-F2Q4

Vulnerability from github – Published: 2024-08-17 09:30 – Updated: 2024-08-19 21:35
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/v3d: Fix potential memory leak in the performance extension

If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drm_syncobj_put.

Fix it by exporting and using a common cleanup helper.

(cherry picked from commit 484de39fa5f5b7bd0c5f2e2c5265167250ef7501)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42262"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-17T09:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the performance extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 484de39fa5f5b7bd0c5f2e2c5265167250ef7501)",
  "id": "GHSA-h26c-rrrx-f2q4",
  "modified": "2024-08-19T21:35:08Z",
  "published": "2024-08-17T09:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42262"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/32df4abc44f24dbec239d43e2b26d5768c5d1a78"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ad5fdc48f7a63b8a98493c667505fe4d3864ae21"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H2J4-QP68-F436

Vulnerability from github – Published: 2022-10-21 19:01 – Updated: 2022-10-25 19:00
VLAI
Details

A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3646"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401",
      "CWE-404"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-21T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.",
  "id": "GHSA-h2j4-qp68-f436",
  "modified": "2022-10-25T19:00:34Z",
  "published": "2022-10-21T19:01:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3646"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d0d51a97063db4704a5ef6bc978dddab1636a306"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.211961"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H2MH-M9GX-72X5

Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-08 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

gfs2: fiemap page fault fix

In gfs2_fiemap(), we are calling iomap_fiemap() while holding the inode glock. This can lead to recursive glock taking if the fiemap buffer is memory mapped to the same inode and accessing it triggers a page fault.

Fix by disabling page faults for iomap_fiemap() and faulting in the buffer by hand if necessary.

Fixes xfstest generic/742.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43262"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-06T12:16:47Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: fiemap page fault fix\n\nIn gfs2_fiemap(), we are calling iomap_fiemap() while holding the inode\nglock.  This can lead to recursive glock taking if the fiemap buffer is\nmemory mapped to the same inode and accessing it triggers a page fault.\n\nFix by disabling page faults for iomap_fiemap() and faulting in the\nbuffer by hand if necessary.\n\nFixes xfstest generic/742.",
  "id": "GHSA-h2mh-m9gx-72x5",
  "modified": "2026-05-08T21:31:21Z",
  "published": "2026-05-06T12:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43262"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2e121c53b581e40397ae08090a7af4ed10781fbc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5d2c4f182ea8516de8682e2b60411c03df00e3ea"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5d5d9ec957bfa1eb2b05861c19f5d701dd006db7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9d15fee888f0e8938c9aeed71ec9c2cbba0c88ab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cead3bebf3e318578b8a86a5472015d713d2a8a8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e411d74cc5ba290f85d0dd5e4d1df8f1d6d975d2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e428670cfb2993d8c224effd076242ca6b0950de"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H2QV-FJ59-J46J

Vulnerability from github – Published: 2026-06-11 20:19 – Updated: 2026-07-10 12:31
VLAI
Summary
Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion
Details

Impact

The HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nested PP2_TYPE_SSL TLVs (type-length-value records) at depth two or greater. The leak occurs on the successful parse path — no exception is thrown, the message fires downstream, the decoder removes itself, and the application releases the HAProxyMessage normally. Yet the underlying cumulation buffer (a pooled, potentially direct ByteBuf allocated by the channel) remains permanently pinned.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.2.14.Final"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty-codec-haproxy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.2.0.Final"
            },
            {
              "fixed": "4.2.15.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.1.134.Final"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty-codec-haproxy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.135.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-48059"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1286",
      "CWE-401"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-11T20:19:27Z",
    "nvd_published_at": "2026-06-12T16:16:30Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThe HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nested `PP2_TYPE_SSL` TLVs (type-length-value records) at depth two or greater. The leak occurs on the successful parse path \u2014 no exception is thrown, the message fires downstream, the decoder removes itself, and the application releases the `HAProxyMessage` normally. Yet the underlying cumulation buffer (a pooled, potentially direct `ByteBuf` allocated by the channel) remains permanently pinned.",
  "id": "GHSA-h2qv-fj59-j46j",
  "modified": "2026-07-10T12:31:39Z",
  "published": "2026-06-11T20:19:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/security/advisories/GHSA-h2qv-fj59-j46j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48059"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26017"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26018"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26586"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:34608"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36820"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37390"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-48059"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488437"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/netty/netty"
    },
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
    },
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48059.json"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion"
}

GHSA-H2X2-6JVR-WRRH

Vulnerability from github – Published: 2024-05-19 12:30 – Updated: 2025-09-23 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: iaa - Fix async_disable descriptor leak

The disable_async paths of iaa_compress/decompress() don't free idxd descriptors in the async_disable case. Currently this only happens in the testcases where req->dst is set to null. Add a test to free them in those paths.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35926"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-19T11:15:48Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix async_disable descriptor leak\n\nThe disable_async paths of iaa_compress/decompress() don\u0027t free idxd\ndescriptors in the async_disable case. Currently this only happens in\nthe testcases where req-\u003edst is set to null. Add a test to free them\nin those paths.",
  "id": "GHSA-h2x2-6jvr-wrrh",
  "modified": "2025-09-23T18:30:19Z",
  "published": "2024-05-19T12:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35926"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/262534ddc88dfea7474ed18adfecf856e4fbe054"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d994f7d77aaded05dc05af58a2720fd4f4b72a83"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H2X3-J3HP-2CWR

Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-11-08 12:00
VLAI
Details

A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19061"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-18T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.",
  "id": "GHSA-h2x3-j3hp-2cwr",
  "modified": "2022-11-08T12:00:23Z",
  "published": "2022-05-24T17:01:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19061"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20191205-0001"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4208-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4526-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H37W-2WJF-QW6J

Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2024-10-24 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: wwan: iosm: fix memory leak in ipc_mux_init()

When failed to alloc ipc_mux->ul_adb.pp_qlt in ipc_mux_init(), ipc_mux is not released.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48963"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T20:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: iosm: fix memory leak in ipc_mux_init()\n\nWhen failed to alloc ipc_mux-\u003eul_adb.pp_qlt in ipc_mux_init(), ipc_mux\nis not released.",
  "id": "GHSA-h37w-2wjf-qw6j",
  "modified": "2024-10-24T21:31:02Z",
  "published": "2024-10-21T21:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48963"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/23353efc26e98b61b925274ecbb8f0610f69a8aa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e21478d0054f63eec7ce833296cf9788764a0ec7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H39H-J46R-8Q5H

Vulnerability from github – Published: 2023-02-24 18:30 – Updated: 2023-03-07 03:30
VLAI
Details

An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multi_client_server/multi_client_server.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23205"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-24T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multi_client_server/multi_client_server.c.",
  "id": "GHSA-h39h-j46r-8q5h",
  "modified": "2023-03-07T03:30:15Z",
  "published": "2023-02-24T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23205"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mz-automation/lib60870/issues/132"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H3FW-PC42-9F62

Vulnerability from github – Published: 2026-02-14 18:30 – Updated: 2026-03-17 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: zlib: fix the folio leak on S390 hardware acceleration

[BUG] After commit aa60fe12b4f4 ("btrfs: zlib: refactor S390x HW acceleration buffer preparation"), we no longer release the folio of the page cache of folio returned by btrfs_compress_filemap_get_folio() for S390 hardware acceleration path.

[CAUSE] Before that commit, we call kumap_local() and folio_put() after handling each folio.

Although the timing is not ideal (it release previous folio at the beginning of the loop, and rely on some extra cleanup out of the loop), it at least handles the folio release correctly.

Meanwhile the refactored code is easier to read, it lacks the call to release the filemap folio.

[FIX] Add the missing folio_put() for copy_data_into_buffer().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23147"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-14T16:15:54Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zlib: fix the folio leak on S390 hardware acceleration\n\n[BUG]\nAfter commit aa60fe12b4f4 (\"btrfs: zlib: refactor S390x HW acceleration\nbuffer preparation\"), we no longer release the folio of the page cache\nof folio returned by btrfs_compress_filemap_get_folio() for S390\nhardware acceleration path.\n\n[CAUSE]\nBefore that commit, we call kumap_local() and folio_put() after handling\neach folio.\n\nAlthough the timing is not ideal (it release previous folio at the\nbeginning of the loop, and rely on some extra cleanup out of the loop),\nit at least handles the folio release correctly.\n\nMeanwhile the refactored code is easier to read, it lacks the call to\nrelease the filemap folio.\n\n[FIX]\nAdd the missing folio_put() for copy_data_into_buffer().",
  "id": "GHSA-h3fw-pc42-9f62",
  "modified": "2026-03-17T21:31:41Z",
  "published": "2026-02-14T18:30:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23147"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d0f1314e8f86f5205f71f9e31e272a1d008e40b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e80617a5e1c246da2f112a1a072cdd535046adfe"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.