Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-H4QW-X67F-352P

Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-20 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Fix memory leak in xhci_disable_slot()

xhci_alloc_command() allocates a command structure and, when the second argument is true, also allocates a completion structure. Currently, the error handling path in xhci_disable_slot() only frees the command structure using kfree(), causing the completion structure to leak.

Use xhci_free_command() instead of kfree(). xhci_free_command() correctly frees both the command structure and the associated completion structure. Since the command structure is allocated with zero-initialization, command->in_ctx is NULL and will not be erroneously freed by xhci_free_command().

This bug was found using an experimental static analysis tool we are developing. The tool is based on the LLVM framework and is specifically designed to detect memory management issues. It is currently under active development and not yet publicly available, but we plan to open-source it after our research is published.

The bug was originally detected on v6.13-rc1 using our static analysis tool, and we have verified that the issue persists in the latest mainline kernel.

We performed build testing on x86_64 with allyesconfig using GCC=11.4.0. Since triggering these error paths in xhci_disable_slot() requires specific hardware conditions or abnormal state, we were unable to construct a test case to reliably trigger these specific error paths at runtime.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43432"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-08T15:16:55Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix memory leak in xhci_disable_slot()\n\nxhci_alloc_command() allocates a command structure and, when the\nsecond argument is true, also allocates a completion structure.\nCurrently, the error handling path in xhci_disable_slot() only frees\nthe command structure using kfree(), causing the completion structure\nto leak.\n\nUse xhci_free_command() instead of kfree(). xhci_free_command() correctly\nfrees both the command structure and the associated completion structure.\nSince the command structure is allocated with zero-initialization,\ncommand-\u003ein_ctx is NULL and will not be erroneously freed by\nxhci_free_command().\n\nThis bug was found using an experimental static analysis tool we are\ndeveloping. The tool is based on the LLVM framework and is specifically\ndesigned to detect memory management issues. It is currently under\nactive development and not yet publicly available, but we plan to\nopen-source it after our research is published.\n\nThe bug was originally detected on v6.13-rc1 using our static analysis\ntool, and we have verified that the issue persists in the latest mainline\nkernel.\n\nWe performed build testing on x86_64 with allyesconfig using GCC=11.4.0.\nSince triggering these error paths in xhci_disable_slot() requires specific\nhardware conditions or abnormal state, we were unable to construct a test\ncase to reliably trigger these specific error paths at runtime.",
  "id": "GHSA-h4qw-x67f-352p",
  "modified": "2026-05-20T18:31:30Z",
  "published": "2026-05-08T15:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43432"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/078b446efc0f5e496c31bccb72b98af979963a83"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1e800e26d54ccf2ddf2ea6d6cbe021c804d8aa62"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2e2baa8fb5aa4d080cbfeb84c51eff797529f413"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/46aea90763832cd6e9b0c2e1c00e6a9512156d4b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6288baf0c8c4dcfbf206773aede9c1f2269cec28"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/807e4fb5140c73eb5dba1e399a990db5c1f3cdf8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c1c8550e70401159184130a1afc6261db01fc0ce"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c65f1b840ab8ce72ba68f1b63bab7960f8fdfa89"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H567-4RHR-RCQV

Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2022-03-17 00:05
VLAI
Details

An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-24959"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-11T06:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.",
  "id": "GHSA-h567-4rhr-rcqv",
  "modified": "2022-03-17T00:05:44Z",
  "published": "2022-02-12T00:00:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24959"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/29eb31542787e1019208a2e1047bb7c76c069536"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5092"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5096"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H586-H5C7-XHHH

Vulnerability from github – Published: 2026-06-09 15:32 – Updated: 2026-07-09 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/nouveau: fix nvkm_device leak on aperture removal failure

When aperture_remove_conflicting_pci_devices() fails during probe, the error path returns directly without unwinding the nvkm_device that was just allocated by nvkm_device_pci_new(). This leaks both the device wrapper and the pci_enable_device() reference taken inside it.

Jump to the existing fail_nvkm label so nvkm_device_del() runs and balances both. The leak was introduced when the intermediate nvkm_device_del() between detection and aperture removal was dropped in favor of creating the pci device once.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-52904"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T14:16:44Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix nvkm_device leak on aperture removal failure\n\nWhen aperture_remove_conflicting_pci_devices() fails during probe, the\nerror path returns directly without unwinding the nvkm_device that was\njust allocated by nvkm_device_pci_new(). This leaks both the device\nwrapper and the pci_enable_device() reference taken inside it.\n\nJump to the existing fail_nvkm label so nvkm_device_del() runs and\nbalances both. The leak was introduced when the intermediate\nnvkm_device_del() between detection and aperture removal was dropped\nin favor of creating the pci device once.",
  "id": "GHSA-h586-h5c7-xhhh",
  "modified": "2026-07-09T00:31:06Z",
  "published": "2026-06-09T15:32:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52904"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4404d7d2dda4f3cc84a8fb6ac5417a2afc3b22d6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5edd564ccb002ffc830e7818c1c4a992db774678"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6597ff1d8de3f583be169587efeafd8af134e138"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/843c0247cf21364e33bb5a8ffc9af57107d04d05"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H5F4-6RM7-58WM

Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-26 15:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit().

nfsd_nl_listener_set_doit() uses get_current_cred() without put_cred().

As we can see from other callers, svc_xprt_create_from_sa() does not require the extra refcount.

nfsd_nl_listener_set_doit() is always in the process context, sendmsg(), and current->cred does not go away.

Let's use current_cred() in nfsd_nl_listener_set_doit().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43394"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-08T15:16:50Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Fix cred ref leak in nfsd_nl_listener_set_doit().\n\nnfsd_nl_listener_set_doit() uses get_current_cred() without\nput_cred().\n\nAs we can see from other callers, svc_xprt_create_from_sa()\ndoes not require the extra refcount.\n\nnfsd_nl_listener_set_doit() is always in the process context,\nsendmsg(), and current-\u003ecred does not go away.\n\nLet\u0027s use current_cred() in nfsd_nl_listener_set_doit().",
  "id": "GHSA-h5f4-6rm7-58wm",
  "modified": "2026-05-26T15:32:08Z",
  "published": "2026-05-08T15:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43394"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/019debe5851d7355bea9ff0248cc317878924d8f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/02e87ec0bc706cb93fa47b43d18c4d10102c7d54"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/92978c83bb4eef55d02a6c990c01c423131eefa7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cba413765376bb466035c9160fa3130402971e2c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H5G4-RRCC-VQF7

Vulnerability from github – Published: 2025-03-18 21:31 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

kernel/resource: fix kfree() of bootmem memory again

Since commit ebff7d8f270d ("mem hotunplug: fix kfree() of bootmem memory"), we could get a resource allocated during boot via alloc_resource(). And it's required to release the resource using free_resource(). Howerver, many people use kfree directly which will result in kernel BUG. In order to fix this without fixing every call site, just leak a couple of bytes in such corner case.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49190"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:56Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernel/resource: fix kfree() of bootmem memory again\n\nSince commit ebff7d8f270d (\"mem hotunplug: fix kfree() of bootmem\nmemory\"), we could get a resource allocated during boot via\nalloc_resource().  And it\u0027s required to release the resource using\nfree_resource().  Howerver, many people use kfree directly which will\nresult in kernel BUG.  In order to fix this without fixing every call\nsite, just leak a couple of bytes in such corner case.",
  "id": "GHSA-h5g4-rrcc-vqf7",
  "modified": "2025-11-03T21:32:52Z",
  "published": "2025-03-18T21:31:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49190"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0cbcc92917c5de80f15c24d033566539ad696892"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3379a60f6bb4afcd9c456e340ac525ae649d3ce7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a9e88c2618d228d7a4e7e515cf30dc0d0d813f27"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ab86020070999e758ce2e60c4348f20bf7ddba56"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d7faa04a44a0c37ac3d222fa8e0bdcbfcee9c0c8"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H5PV-V4MG-79M7

Vulnerability from github – Published: 2022-12-02 18:30 – Updated: 2025-11-03 21:30
VLAI
Details

DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-43272"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-02T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.",
  "id": "GHSA-h5pv-v4mg-79m7",
  "modified": "2025-11-03T21:30:45Z",
  "published": "2022-12-02T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43272"
    },
    {
      "type": "WEB",
      "url": "https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP"
    },
    {
      "type": "WEB",
      "url": "https://www.wolai.com/vaVuMxU4gGqFakbzvc9NYw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H5PX-P7WM-GQPV

Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2025-01-07 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

dm-integrity: fix a memory leak when rechecking the data

Memory for the "checksums" pointer will leak if the data is rechecked after checksum failure (because the associated kfree won't happen due to 'goto skip_io').

Fix this by freeing the checksums memory before recheck, and just use the "checksum_onstack" memory for storing checksum during recheck.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26860"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-17T11:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-integrity: fix a memory leak when rechecking the data\n\nMemory for the \"checksums\" pointer will leak if the data is rechecked\nafter checksum failure (because the associated kfree won\u0027t happen due\nto \u0027goto skip_io\u0027).\n\nFix this by freeing the checksums memory before recheck, and just use\nthe \"checksum_onstack\" memory for storing checksum during recheck.",
  "id": "GHSA-h5px-p7wm-gqpv",
  "modified": "2025-01-07T18:30:42Z",
  "published": "2024-04-17T12:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26860"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/20e21c3c0195d915f33bc7321ee6b362177bf5bf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/338580a7fb9b0930bb38098007e89cc0fc496bf7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/55e565c42dce81a4e49c13262d5bc4eb4c2e588a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6d35654f03c35c273240d85ec67e3f2c3596c4e0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/74abc2fe09691f3d836d8a54d599ca71f1e4287b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H5WQ-3GV4-FHV7

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-03 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

driver core: location: Free struct acpi_pld_info *pld before return false

struct acpi_pld_info *pld should be freed before the return of allocation failure, to prevent memory leak, add the ACPI_FREE() to fix it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53211"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:47Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: location: Free struct acpi_pld_info *pld before return false\n\nstruct acpi_pld_info *pld should be freed before the return of allocation\nfailure, to prevent memory leak, add the ACPI_FREE() to fix it.",
  "id": "GHSA-h5wq-3gv4-fhv7",
  "modified": "2025-12-03T21:30:59Z",
  "published": "2025-09-15T15:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53211"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d150f967e8410e1e6712484543eec709356a65d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a9de90951bbeaed775e4b8d1b16b4d359e82bf5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8fe72b8f59f63ca776bb8a4fcd2f406057a9fc90"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H659-9C3J-JCVG

Vulnerability from github – Published: 2023-02-27 06:30 – Updated: 2024-06-27 18:31
VLAI
Details

An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-26257"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-27T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.",
  "id": "GHSA-h659-9c3j-jcvg",
  "modified": "2024-06-27T18:31:29Z",
  "published": "2023-02-27T06:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26257"
    },
    {
      "type": "WEB",
      "url": "https://github.com/COVESA/dlt-daemon/issues/440"
    },
    {
      "type": "WEB",
      "url": "https://github.com/COVESA/dlt-daemon/pull/441/commits/b6149e203f919c899fefc702a17fbb78bdec3700"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H675-FR46-XMW3

Vulnerability from github – Published: 2025-07-09 12:31 – Updated: 2025-11-19 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write

memcg_path_store() assigns a newly allocated memory buffer to filter->memcg_path, without deallocating the previously allocated and assigned memory buffer. As a result, users can leak kernel memory by continuously writing a data to memcg_path DAMOS sysfs file. Fix the leak by deallocating the previously set memory buffer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38258"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-09T11:15:28Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter-\u003ememcg_path on write\n\nmemcg_path_store() assigns a newly allocated memory buffer to\nfilter-\u003ememcg_path, without deallocating the previously allocated and\nassigned memory buffer.  As a result, users can leak kernel memory by\ncontinuously writing a data to memcg_path DAMOS sysfs file.  Fix the leak\nby deallocating the previously set memory buffer.",
  "id": "GHSA-h675-fr46-xmw3",
  "modified": "2025-11-19T21:31:15Z",
  "published": "2025-07-09T12:31:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38258"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/490a43d07f1663d827e802720d30cbc0494e4f81"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4a158ac0538dd5695eeaa00aa0720d711f3e4ef1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4f489fe6afb395dbc79840efa3c05440b760d883"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c5d5b0047b0c0f304608f3824139f7bd34c48413"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.