Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-H6G6-QP55-M96Q

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-13 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

cxl: Fix a memory leak in an error handling path

A bitmap_zalloc() must be balanced by a corresponding bitmap_free() in the error handling path of afu_allocate_irqs().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50025"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:30Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl: Fix a memory leak in an error handling path\n\nA bitmap_zalloc() must be balanced by a corresponding bitmap_free() in the\nerror handling path of afu_allocate_irqs().",
  "id": "GHSA-h6g6-qp55-m96q",
  "modified": "2025-11-13T21:31:17Z",
  "published": "2025-06-18T12:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50025"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3a15b45b5454da862376b5d69a4967f5c6fa1368"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4be138bcd6d68cec0ce47051b117541061f5141a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6544ff559315498ad6c0a311359ca44987f9ca07"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/695af60af755873399ce01cb97176768828bc1fd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/89d51dc6878c47b6400922fac21b6a33f9d1a588"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/addff638c41753639368c252d0c5ba0d8fe9ed97"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c2557780ee7818b701681c226fa4cb7c0b171665"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c2c7a29f99788e9e5dfe41d16868ea33da7cc235"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H768-P74V-9G52

Vulnerability from github – Published: 2024-02-27 18:31 – Updated: 2024-08-29 21:31
VLAI
Details

Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27508"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-27T16:15:47Z",
    "severity": "HIGH"
  },
  "details": "Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c.",
  "id": "GHSA-h768-p74v-9g52",
  "modified": "2024-08-29T21:31:01Z",
  "published": "2024-02-27T18:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27508"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LuMingYinDetect/Atheme_defects/blob/main/Atheme_detect_1.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H76C-M8M4-8VH3

Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-20 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()

If device_register() fails in snd_ac97_dev_register(), it should call put_device() to give up reference, or the name allocated in dev_set_name() is leaked.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50427"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T12:15:34Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ac97: fix possible memory leak in snd_ac97_dev_register()\n\nIf device_register() fails in snd_ac97_dev_register(), it should\ncall put_device() to give up reference, or the name allocated in\ndev_set_name() is leaked.",
  "id": "GHSA-h76c-m8m4-8vh3",
  "modified": "2026-01-20T18:31:51Z",
  "published": "2025-10-01T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50427"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f8e9a15c8ecf95057061d370a2dddaf1cee4aeb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4881bda5ea05c8c240fc8afeaa928e2bc43f61fa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4fdf6f978c6b605ca0d67bf0e982b7a8fc0f4aab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/758dbcc6fbf2286eff02743b093c70a18a407d66"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a602ec9d88f177dba78bc97fb1adecc7a71ff279"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bfce73088682ef0770da951f51156c36a89be490"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c68b2e9ef246117f696e360bbdd2f5736b3a7127"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ee8bf0946f62ef00e5db4b613a9f664ac567259a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H772-36JH-J5R8

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-17 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource

Unlike release_mem_region(), a call to release_resource() does not free the resource, so it has to be freed explicitly to avoid a memory leak.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50110"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:40Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource\n\nUnlike release_mem_region(), a call to release_resource() does not\nfree the resource, so it has to be freed explicitly to avoid a memory\nleak.",
  "id": "GHSA-h772-36jh-j5r8",
  "modified": "2025-11-17T21:31:18Z",
  "published": "2025-06-18T12:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50110"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3a1becb1f13268ef58f19190608a7c742fb6fcf5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/84ddf527f90755beec6b55ce2e31331f5ccd4e37"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c6d9c0798ed366a09a9e53d71edcd2266e34a6eb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ee1fb8f75abe361413913e3a6e93c8c0a4d83cd9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H7WJ-HH9R-8G9P

Vulnerability from github – Published: 2025-09-17 15:30 – Updated: 2025-12-11 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

accel/qaic: Fix slicing memory leak

The temporary buffer storing slicing configuration data from user is only freed on error. This is a memory leak. Free the buffer unconditionally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53350"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-17T15:15:38Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix slicing memory leak\n\nThe temporary buffer storing slicing configuration data from user is only\nfreed on error.  This is a memory leak.  Free the buffer unconditionally.",
  "id": "GHSA-h7wj-hh9r-8g9p",
  "modified": "2025-12-11T15:30:29Z",
  "published": "2025-09-17T15:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53350"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2d956177b7c96e62fac762a3b7da4318cde27a73"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/df45c3e46cdb41f486eecb4277fbcc4c1ffbf9be"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H85X-RXVW-X49J

Vulnerability from github – Published: 2025-01-21 15:31 – Updated: 2025-02-28 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

gpio: virtuser: fix missing lookup table cleanups

When a virtuser device is created via configfs and the probe fails due to an incorrect lookup table, the table is not removed. This prevents subsequent probe attempts from succeeding, even if the issue is corrected, unless the device is released. Additionally, cleanup is also needed in the less likely case of platform_device_register_full() failure.

Besides, a consistent memory leak in lookup_table->dev_id was spotted using kmemleak by toggling the live state between 0 and 1 with a correct lookup table.

Introduce gpio_virtuser_remove_lookup_table() as the counterpart to the existing gpio_virtuser_make_lookup_table() and call it from all necessary points to ensure proper cleanup.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21661"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-21T13:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: virtuser: fix missing lookup table cleanups\n\nWhen a virtuser device is created via configfs and the probe fails due\nto an incorrect lookup table, the table is not removed. This prevents\nsubsequent probe attempts from succeeding, even if the issue is\ncorrected, unless the device is released. Additionally, cleanup is also\nneeded in the less likely case of platform_device_register_full()\nfailure.\n\nBesides, a consistent memory leak in lookup_table-\u003edev_id was spotted\nusing kmemleak by toggling the live state between 0 and 1 with a correct\nlookup table.\n\nIntroduce gpio_virtuser_remove_lookup_table() as the counterpart to the\nexisting gpio_virtuser_make_lookup_table() and call it from all\nnecessary points to ensure proper cleanup.",
  "id": "GHSA-h85x-rxvw-x49j",
  "modified": "2025-02-28T21:32:14Z",
  "published": "2025-01-21T15:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21661"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a619cba8c69c434258ff4101d463322cd63e1bdc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d72d0126b1f6981f6ce8b4247305f359958c11b5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H862-VV4F-WGF5

Vulnerability from github – Published: 2023-09-20 21:31 – Updated: 2024-04-04 07:46
VLAI
Details

An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41484"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-20T20:15:11Z",
    "severity": "HIGH"
  },
  "details": "An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file.",
  "id": "GHSA-h862-vv4f-wgf5",
  "modified": "2024-04-04T07:46:54Z",
  "published": "2023-09-20T21:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41484"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eddieantonio/imgcat/issues/49"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H86P-MCMJ-RH92

Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-02-10 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

driver core: fix resource leak in device_add()

When calling kobject_add() failed in device_add(), it will call cleanup_glue_dir() to free resource. But in kobject_add(), dev->kobj.parent has been set to NULL. This will cause resource leak.

The process is as follows: device_add() get_device_parent() class_dir_create_and_add() kobject_add() //kobject_get() ... dev->kobj.parent = kobj; ... kobject_add() //failed, but set dev->kobj.parent = NULL ... glue_dir = get_glue_dir(dev) //glue_dir = NULL, and goto //"Error" label ... cleanup_glue_dir() //becaues glue_dir is NULL, not call //kobject_put()

The preceding problem may cause insmod mac80211_hwsim.ko to failed. sysfs: cannot create duplicate filename '/devices/virtual/mac80211_hwsim' Call Trace: dump_stack_lvl+0x8e/0xd1 sysfs_warn_dup.cold+0x1c/0x29 sysfs_create_dir_ns+0x224/0x280 kobject_add_internal+0x2aa/0x880 kobject_add+0x135/0x1a0 get_device_parent+0x3d7/0x590 device_add+0x2aa/0x1cb0 device_create_groups_vargs+0x1eb/0x260 device_create+0xdc/0x110 mac80211_hwsim_new_radio+0x31e/0x4790 [mac80211_hwsim] init_mac80211_hwsim+0x48d/0x1000 [mac80211_hwsim] do_one_initcall+0x10f/0x630 do_init_module+0x19f/0x5e0 load_module+0x64b7/0x6eb0 __do_sys_finit_module+0x140/0x200 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 kobject_add_internal failed for mac80211_hwsim with -EEXIST, don't try to register things with the same name in the same directory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53594"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-04T16:15:55Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: fix resource leak in device_add()\n\nWhen calling kobject_add() failed in device_add(), it will call\ncleanup_glue_dir() to free resource. But in kobject_add(),\ndev-\u003ekobj.parent has been set to NULL. This will cause resource leak.\n\nThe process is as follows:\ndevice_add()\n\tget_device_parent()\n\t\tclass_dir_create_and_add()\n\t\t\tkobject_add()\t\t//kobject_get()\n\t...\n\tdev-\u003ekobj.parent = kobj;\n\t...\n\tkobject_add()\t\t//failed, but set dev-\u003ekobj.parent = NULL\n\t...\n\tglue_dir = get_glue_dir(dev)\t//glue_dir = NULL, and goto\n\t\t\t\t\t//\"Error\" label\n\t...\n\tcleanup_glue_dir()\t//becaues glue_dir is NULL, not call\n\t\t\t\t//kobject_put()\n\nThe preceding problem may cause insmod mac80211_hwsim.ko to failed.\nsysfs: cannot create duplicate filename \u0027/devices/virtual/mac80211_hwsim\u0027\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x8e/0xd1\nsysfs_warn_dup.cold+0x1c/0x29\nsysfs_create_dir_ns+0x224/0x280\nkobject_add_internal+0x2aa/0x880\nkobject_add+0x135/0x1a0\nget_device_parent+0x3d7/0x590\ndevice_add+0x2aa/0x1cb0\ndevice_create_groups_vargs+0x1eb/0x260\ndevice_create+0xdc/0x110\nmac80211_hwsim_new_radio+0x31e/0x4790 [mac80211_hwsim]\ninit_mac80211_hwsim+0x48d/0x1000 [mac80211_hwsim]\ndo_one_initcall+0x10f/0x630\ndo_init_module+0x19f/0x5e0\nload_module+0x64b7/0x6eb0\n__do_sys_finit_module+0x140/0x200\ndo_syscall_64+0x35/0x80\nentry_SYSCALL_64_after_hwframe+0x46/0xb0\n\u003c/TASK\u003e\nkobject_add_internal failed for mac80211_hwsim with -EEXIST, don\u0027t try to\nregister things with the same name in the same directory.",
  "id": "GHSA-h86p-mcmj-rh92",
  "modified": "2026-02-10T00:30:28Z",
  "published": "2025-10-04T18:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53594"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6977b1a5d67097eaa4d02b0c126c04cc6e8917c0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8d389e363075c2e1deb84a560686ea92123e4b8b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d1dbff10c6cd3b43457f3efd3c9c4950009635bf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f39d21154db87545d8f0b25d13c326f37cc32239"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H8G9-274C-2QQG

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30
VLAI
Details

On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Prior to the kernel crash other processes might be impacted, such as failure to establish SSH connection to the device. The administrator can monitor the output of the following command to check if there is memory leak caused by this issue: user@device> show system virtual-memory | match "pfe_ipc|kmem" pfe_ipc 147 5K - 164352 16,32,64,8192 <-- increasing vm.kmem_map_free: 127246336 <-- decreasing pfe_ipc 0 0K - 18598 32,8192 vm.kmem_map_free: 134582272 This issue affects Juniper Networks Junos OS: 17.4R3; 18.1 version 18.1R3-S5 and later versions prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions prior to 18.2R3-S3; 18.2X75 version 18.2X75-D420, 18.2X75-D50 and later versions prior to 18.2X75-D430, 18.2X75-D53, 18.2X75-D60; 18.3 version 18.3R3 and later versions prior to 18.3R3-S2; 18.4 version 18.4R1-S4, 18.4R2 and later versions prior to 18.4R2-S5, 18.4R3-S1; 19.1 version 19.1R2 and later versions prior to 19.1R2-S2, 19.1R3; 19.2 version 19.2R1 and later versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 17.4R3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1683"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-16T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Prior to the kernel crash other processes might be impacted, such as failure to establish SSH connection to the device. The administrator can monitor the output of the following command to check if there is memory leak caused by this issue: user@device\u003e show system virtual-memory | match \"pfe_ipc|kmem\" pfe_ipc 147 5K - 164352 16,32,64,8192 \u003c-- increasing vm.kmem_map_free: 127246336 \u003c-- decreasing pfe_ipc 0 0K - 18598 32,8192 vm.kmem_map_free: 134582272 This issue affects Juniper Networks Junos OS: 17.4R3; 18.1 version 18.1R3-S5 and later versions prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions prior to 18.2R3-S3; 18.2X75 version 18.2X75-D420, 18.2X75-D50 and later versions prior to 18.2X75-D430, 18.2X75-D53, 18.2X75-D60; 18.3 version 18.3R3 and later versions prior to 18.3R3-S2; 18.4 version 18.4R1-S4, 18.4R2 and later versions prior to 18.4R2-S5, 18.4R3-S1; 19.1 version 19.1R2 and later versions prior to 19.1R2-S2, 19.1R3; 19.2 version 19.2R1 and later versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 17.4R3.",
  "id": "GHSA-h8g9-274c-2qqg",
  "modified": "2022-05-24T17:30:52Z",
  "published": "2022-05-24T17:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1683"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA11080"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-H96C-7JGR-J376

Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-12 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drivers: base: dd: fix memory leak with using debugfs_lookup()

When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53390"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T14:15:42Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: base: dd: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time.  To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once.",
  "id": "GHSA-h96c-7jgr-j376",
  "modified": "2025-12-12T21:31:31Z",
  "published": "2025-09-18T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53390"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/36c893d3a759ae7c91ee7d4871ebfc7504f08c40"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a7a9efdb193d3c8a35821548a8e99612c358828"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7f1e53f88e8babf293ec052b70aa9d2a3554360c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e47e2bf78812adbd73c45c941d3c51add30b58d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.