CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-H4QW-X67F-352P
Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-20 18:31In the Linux kernel, the following vulnerability has been resolved:
usb: xhci: Fix memory leak in xhci_disable_slot()
xhci_alloc_command() allocates a command structure and, when the second argument is true, also allocates a completion structure. Currently, the error handling path in xhci_disable_slot() only frees the command structure using kfree(), causing the completion structure to leak.
Use xhci_free_command() instead of kfree(). xhci_free_command() correctly frees both the command structure and the associated completion structure. Since the command structure is allocated with zero-initialization, command->in_ctx is NULL and will not be erroneously freed by xhci_free_command().
This bug was found using an experimental static analysis tool we are developing. The tool is based on the LLVM framework and is specifically designed to detect memory management issues. It is currently under active development and not yet publicly available, but we plan to open-source it after our research is published.
The bug was originally detected on v6.13-rc1 using our static analysis tool, and we have verified that the issue persists in the latest mainline kernel.
We performed build testing on x86_64 with allyesconfig using GCC=11.4.0. Since triggering these error paths in xhci_disable_slot() requires specific hardware conditions or abnormal state, we were unable to construct a test case to reliably trigger these specific error paths at runtime.
{
"affected": [],
"aliases": [
"CVE-2026-43432"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T15:16:55Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix memory leak in xhci_disable_slot()\n\nxhci_alloc_command() allocates a command structure and, when the\nsecond argument is true, also allocates a completion structure.\nCurrently, the error handling path in xhci_disable_slot() only frees\nthe command structure using kfree(), causing the completion structure\nto leak.\n\nUse xhci_free_command() instead of kfree(). xhci_free_command() correctly\nfrees both the command structure and the associated completion structure.\nSince the command structure is allocated with zero-initialization,\ncommand-\u003ein_ctx is NULL and will not be erroneously freed by\nxhci_free_command().\n\nThis bug was found using an experimental static analysis tool we are\ndeveloping. The tool is based on the LLVM framework and is specifically\ndesigned to detect memory management issues. It is currently under\nactive development and not yet publicly available, but we plan to\nopen-source it after our research is published.\n\nThe bug was originally detected on v6.13-rc1 using our static analysis\ntool, and we have verified that the issue persists in the latest mainline\nkernel.\n\nWe performed build testing on x86_64 with allyesconfig using GCC=11.4.0.\nSince triggering these error paths in xhci_disable_slot() requires specific\nhardware conditions or abnormal state, we were unable to construct a test\ncase to reliably trigger these specific error paths at runtime.",
"id": "GHSA-h4qw-x67f-352p",
"modified": "2026-05-20T18:31:30Z",
"published": "2026-05-08T15:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43432"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/078b446efc0f5e496c31bccb72b98af979963a83"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1e800e26d54ccf2ddf2ea6d6cbe021c804d8aa62"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e2baa8fb5aa4d080cbfeb84c51eff797529f413"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/46aea90763832cd6e9b0c2e1c00e6a9512156d4b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6288baf0c8c4dcfbf206773aede9c1f2269cec28"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/807e4fb5140c73eb5dba1e399a990db5c1f3cdf8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c1c8550e70401159184130a1afc6261db01fc0ce"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c65f1b840ab8ce72ba68f1b63bab7960f8fdfa89"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H567-4RHR-RCQV
Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2022-03-17 00:05An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.
{
"affected": [],
"aliases": [
"CVE-2022-24959"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-11T06:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.",
"id": "GHSA-h567-4rhr-rcqv",
"modified": "2022-03-17T00:05:44Z",
"published": "2022-02-12T00:00:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24959"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/29eb31542787e1019208a2e1047bb7c76c069536"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5092"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5096"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H586-H5C7-XHHH
Vulnerability from github – Published: 2026-06-09 15:32 – Updated: 2026-07-09 00:31In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: fix nvkm_device leak on aperture removal failure
When aperture_remove_conflicting_pci_devices() fails during probe, the error path returns directly without unwinding the nvkm_device that was just allocated by nvkm_device_pci_new(). This leaks both the device wrapper and the pci_enable_device() reference taken inside it.
Jump to the existing fail_nvkm label so nvkm_device_del() runs and balances both. The leak was introduced when the intermediate nvkm_device_del() between detection and aperture removal was dropped in favor of creating the pci device once.
{
"affected": [],
"aliases": [
"CVE-2026-52904"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T14:16:44Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix nvkm_device leak on aperture removal failure\n\nWhen aperture_remove_conflicting_pci_devices() fails during probe, the\nerror path returns directly without unwinding the nvkm_device that was\njust allocated by nvkm_device_pci_new(). This leaks both the device\nwrapper and the pci_enable_device() reference taken inside it.\n\nJump to the existing fail_nvkm label so nvkm_device_del() runs and\nbalances both. The leak was introduced when the intermediate\nnvkm_device_del() between detection and aperture removal was dropped\nin favor of creating the pci device once.",
"id": "GHSA-h586-h5c7-xhhh",
"modified": "2026-07-09T00:31:06Z",
"published": "2026-06-09T15:32:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52904"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4404d7d2dda4f3cc84a8fb6ac5417a2afc3b22d6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5edd564ccb002ffc830e7818c1c4a992db774678"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6597ff1d8de3f583be169587efeafd8af134e138"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/843c0247cf21364e33bb5a8ffc9af57107d04d05"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H5F4-6RM7-58WM
Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-26 15:32In the Linux kernel, the following vulnerability has been resolved:
nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit().
nfsd_nl_listener_set_doit() uses get_current_cred() without put_cred().
As we can see from other callers, svc_xprt_create_from_sa() does not require the extra refcount.
nfsd_nl_listener_set_doit() is always in the process context, sendmsg(), and current->cred does not go away.
Let's use current_cred() in nfsd_nl_listener_set_doit().
{
"affected": [],
"aliases": [
"CVE-2026-43394"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T15:16:50Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Fix cred ref leak in nfsd_nl_listener_set_doit().\n\nnfsd_nl_listener_set_doit() uses get_current_cred() without\nput_cred().\n\nAs we can see from other callers, svc_xprt_create_from_sa()\ndoes not require the extra refcount.\n\nnfsd_nl_listener_set_doit() is always in the process context,\nsendmsg(), and current-\u003ecred does not go away.\n\nLet\u0027s use current_cred() in nfsd_nl_listener_set_doit().",
"id": "GHSA-h5f4-6rm7-58wm",
"modified": "2026-05-26T15:32:08Z",
"published": "2026-05-08T15:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43394"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/019debe5851d7355bea9ff0248cc317878924d8f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/02e87ec0bc706cb93fa47b43d18c4d10102c7d54"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/92978c83bb4eef55d02a6c990c01c423131eefa7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cba413765376bb466035c9160fa3130402971e2c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H5G4-RRCC-VQF7
Vulnerability from github – Published: 2025-03-18 21:31 – Updated: 2025-11-03 21:32In the Linux kernel, the following vulnerability has been resolved:
kernel/resource: fix kfree() of bootmem memory again
Since commit ebff7d8f270d ("mem hotunplug: fix kfree() of bootmem memory"), we could get a resource allocated during boot via alloc_resource(). And it's required to release the resource using free_resource(). Howerver, many people use kfree directly which will result in kernel BUG. In order to fix this without fixing every call site, just leak a couple of bytes in such corner case.
{
"affected": [],
"aliases": [
"CVE-2022-49190"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:56Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernel/resource: fix kfree() of bootmem memory again\n\nSince commit ebff7d8f270d (\"mem hotunplug: fix kfree() of bootmem\nmemory\"), we could get a resource allocated during boot via\nalloc_resource(). And it\u0027s required to release the resource using\nfree_resource(). Howerver, many people use kfree directly which will\nresult in kernel BUG. In order to fix this without fixing every call\nsite, just leak a couple of bytes in such corner case.",
"id": "GHSA-h5g4-rrcc-vqf7",
"modified": "2025-11-03T21:32:52Z",
"published": "2025-03-18T21:31:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49190"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0cbcc92917c5de80f15c24d033566539ad696892"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3379a60f6bb4afcd9c456e340ac525ae649d3ce7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a9e88c2618d228d7a4e7e515cf30dc0d0d813f27"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ab86020070999e758ce2e60c4348f20bf7ddba56"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d7faa04a44a0c37ac3d222fa8e0bdcbfcee9c0c8"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H5PV-V4MG-79M7
Vulnerability from github – Published: 2022-12-02 18:30 – Updated: 2025-11-03 21:30DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.
{
"affected": [],
"aliases": [
"CVE-2022-43272"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-02T16:15:00Z",
"severity": "HIGH"
},
"details": "DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.",
"id": "GHSA-h5pv-v4mg-79m7",
"modified": "2025-11-03T21:30:45Z",
"published": "2022-12-02T18:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43272"
},
{
"type": "WEB",
"url": "https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00032.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP"
},
{
"type": "WEB",
"url": "https://www.wolai.com/vaVuMxU4gGqFakbzvc9NYw"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H5PX-P7WM-GQPV
Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2025-01-07 18:30In the Linux kernel, the following vulnerability has been resolved:
dm-integrity: fix a memory leak when rechecking the data
Memory for the "checksums" pointer will leak if the data is rechecked after checksum failure (because the associated kfree won't happen due to 'goto skip_io').
Fix this by freeing the checksums memory before recheck, and just use the "checksum_onstack" memory for storing checksum during recheck.
{
"affected": [],
"aliases": [
"CVE-2024-26860"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T11:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-integrity: fix a memory leak when rechecking the data\n\nMemory for the \"checksums\" pointer will leak if the data is rechecked\nafter checksum failure (because the associated kfree won\u0027t happen due\nto \u0027goto skip_io\u0027).\n\nFix this by freeing the checksums memory before recheck, and just use\nthe \"checksum_onstack\" memory for storing checksum during recheck.",
"id": "GHSA-h5px-p7wm-gqpv",
"modified": "2025-01-07T18:30:42Z",
"published": "2024-04-17T12:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26860"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/20e21c3c0195d915f33bc7321ee6b362177bf5bf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/338580a7fb9b0930bb38098007e89cc0fc496bf7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/55e565c42dce81a4e49c13262d5bc4eb4c2e588a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6d35654f03c35c273240d85ec67e3f2c3596c4e0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/74abc2fe09691f3d836d8a54d599ca71f1e4287b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H5WQ-3GV4-FHV7
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-03 21:30In the Linux kernel, the following vulnerability has been resolved:
driver core: location: Free struct acpi_pld_info *pld before return false
struct acpi_pld_info *pld should be freed before the return of allocation failure, to prevent memory leak, add the ACPI_FREE() to fix it.
{
"affected": [],
"aliases": [
"CVE-2023-53211"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T15:15:47Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: location: Free struct acpi_pld_info *pld before return false\n\nstruct acpi_pld_info *pld should be freed before the return of allocation\nfailure, to prevent memory leak, add the ACPI_FREE() to fix it.",
"id": "GHSA-h5wq-3gv4-fhv7",
"modified": "2025-12-03T21:30:59Z",
"published": "2025-09-15T15:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53211"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0d150f967e8410e1e6712484543eec709356a65d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5a9de90951bbeaed775e4b8d1b16b4d359e82bf5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8fe72b8f59f63ca776bb8a4fcd2f406057a9fc90"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H659-9C3J-JCVG
Vulnerability from github – Published: 2023-02-27 06:30 – Updated: 2024-06-27 18:31An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.
{
"affected": [],
"aliases": [
"CVE-2023-26257"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-27T05:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.",
"id": "GHSA-h659-9c3j-jcvg",
"modified": "2024-06-27T18:31:29Z",
"published": "2023-02-27T06:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26257"
},
{
"type": "WEB",
"url": "https://github.com/COVESA/dlt-daemon/issues/440"
},
{
"type": "WEB",
"url": "https://github.com/COVESA/dlt-daemon/pull/441/commits/b6149e203f919c899fefc702a17fbb78bdec3700"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00021.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H675-FR46-XMW3
Vulnerability from github – Published: 2025-07-09 12:31 – Updated: 2025-11-19 21:31In the Linux kernel, the following vulnerability has been resolved:
mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write
memcg_path_store() assigns a newly allocated memory buffer to filter->memcg_path, without deallocating the previously allocated and assigned memory buffer. As a result, users can leak kernel memory by continuously writing a data to memcg_path DAMOS sysfs file. Fix the leak by deallocating the previously set memory buffer.
{
"affected": [],
"aliases": [
"CVE-2025-38258"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-09T11:15:28Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter-\u003ememcg_path on write\n\nmemcg_path_store() assigns a newly allocated memory buffer to\nfilter-\u003ememcg_path, without deallocating the previously allocated and\nassigned memory buffer. As a result, users can leak kernel memory by\ncontinuously writing a data to memcg_path DAMOS sysfs file. Fix the leak\nby deallocating the previously set memory buffer.",
"id": "GHSA-h675-fr46-xmw3",
"modified": "2025-11-19T21:31:15Z",
"published": "2025-07-09T12:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38258"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/490a43d07f1663d827e802720d30cbc0494e4f81"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4a158ac0538dd5695eeaa00aa0720d711f3e4ef1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4f489fe6afb395dbc79840efa3c05440b760d883"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c5d5b0047b0c0f304608f3824139f7bd34c48413"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.