Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-HJH8-VW62-Q697

Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-11 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

PM: EM: fix memory leak with using debugfs_lookup()

When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53411"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T14:15:44Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: EM: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time.  To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once.",
  "id": "GHSA-hjh8-vw62-q697",
  "modified": "2025-12-11T15:30:30Z",
  "published": "2025-09-18T15:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53411"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/30fee10192e1239478a0987bc7ee445d5e980d46"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5100c4efc30636aa48ac517dece3c3b7f84fe367"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/84e4d4885d0ae011860fb599d50d01b8fdca2b87"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a0e8c13ccd6a9a636d27353da62c2410c4eca337"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e974e8f1e37d22c0de07374f8ddc84073fef2f1d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJJQ-3JJ4-C7C6

Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:31
VLAI
Details

An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4139"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281",
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-27T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An incorrect TLB flush issue was found in the Linux kernel\u2019s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.",
  "id": "GHSA-hjjq-3jj4-c7c6",
  "modified": "2024-04-04T05:31:56Z",
  "published": "2023-07-06T19:24:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4139"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2147572"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230309-0004"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2022/11/30/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJJV-G993-99J8

Vulnerability from github – Published: 2025-10-07 18:31 – Updated: 2026-02-03 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

nvme-core: fix dev_pm_qos memleak

Call dev_pm_qos_hide_latency_tolerance() in the error unwind patch to avoid following kmemleak:-

blktests (master) # kmemleak-clear; ./check nvme/044; blktests (master) # kmemleak-scan ; kmemleak-show nvme/044 (Test bi-directional authentication) [passed] runtime 2.111s ... 2.124s unreferenced object 0xffff888110c46240 (size 96): comm "nvme", pid 33461, jiffies 4345365353 (age 75.586s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000069ac2cec>] kmalloc_trace+0x25/0x90 [<000000006acc66d5>] dev_pm_qos_update_user_latency_tolerance+0x6f/0x100 [<00000000cc376ea7>] nvme_init_ctrl+0x38e/0x410 [nvme_core] [<000000007df61b4b>] 0xffffffffc05e88b3 [<00000000d152b985>] 0xffffffffc05744cb [<00000000f04a4041>] vfs_write+0xc5/0x3c0 [<00000000f9491baf>] ksys_write+0x5f/0xe0 [<000000001c46513d>] do_syscall_64+0x3b/0x90 [<00000000ecf348fe>] entry_SYSCALL_64_after_hwframe+0x72/0xdc

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53670"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-07T16:15:50Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-core: fix dev_pm_qos memleak\n\nCall dev_pm_qos_hide_latency_tolerance() in the error unwind patch to\navoid following kmemleak:-\n\nblktests (master) # kmemleak-clear; ./check nvme/044;\nblktests (master) # kmemleak-scan ; kmemleak-show\nnvme/044 (Test bi-directional authentication)                [passed]\n    runtime  2.111s  ...  2.124s\nunreferenced object 0xffff888110c46240 (size 96):\n  comm \"nvme\", pid 33461, jiffies 4345365353 (age 75.586s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [\u003c0000000069ac2cec\u003e] kmalloc_trace+0x25/0x90\n    [\u003c000000006acc66d5\u003e] dev_pm_qos_update_user_latency_tolerance+0x6f/0x100\n    [\u003c00000000cc376ea7\u003e] nvme_init_ctrl+0x38e/0x410 [nvme_core]\n    [\u003c000000007df61b4b\u003e] 0xffffffffc05e88b3\n    [\u003c00000000d152b985\u003e] 0xffffffffc05744cb\n    [\u003c00000000f04a4041\u003e] vfs_write+0xc5/0x3c0\n    [\u003c00000000f9491baf\u003e] ksys_write+0x5f/0xe0\n    [\u003c000000001c46513d\u003e] do_syscall_64+0x3b/0x90\n    [\u003c00000000ecf348fe\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
  "id": "GHSA-hjjv-g993-99j8",
  "modified": "2026-02-03T21:31:47Z",
  "published": "2025-10-07T18:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53670"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2ed9a89192e3192e5fea7ff6475c8722513f325e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7237c26431cc78e5ec3259f4350f3dd58f6a4319"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7ed5cf8e6d9bfb6a78d0471317edff14f0f2b4dd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e1379e067b9485e5af03399fe3f0d39bccb023ad"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJPW-PWWM-FVGM

Vulnerability from github – Published: 2022-03-24 00:00 – Updated: 2022-07-05 00:00
VLAI
Details

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0854"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-23T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A memory leak flaw was found in the Linux kernel\u2019s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.",
  "id": "GHSA-hjpw-pwwm-fvgm",
  "modified": "2022-07-05T00:00:55Z",
  "published": "2022-03-24T00:00:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0854"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8\u0026id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5161"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5173"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJW3-6GHP-6F5F

Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2023-08-15 15:30
VLAI
Details

A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to the incorrect processing of certain MOBIKE packets. An attacker could exploit this vulnerability by sending crafted MOBIKE packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. The MOBIKE feature is supported only for IPv4 addresses.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1708"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401",
      "CWE-404"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-03T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to the incorrect processing of certain MOBIKE packets. An attacker could exploit this vulnerability by sending crafted MOBIKE packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. The MOBIKE feature is supported only for IPv4 addresses.",
  "id": "GHSA-hjw3-6ghp-6f5f",
  "modified": "2023-08-15T15:30:46Z",
  "published": "2022-05-24T16:45:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1708"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-ike-dos"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108166"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HM5P-668J-X4Q6

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-24 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: zr364xx: fix memory leak in zr364xx_start_readpipe

syzbot reported memory leak in zr364xx driver. The problem was in non-freed urb in case of usb_submit_urb() fail.

backtrace: [] kmalloc include/linux/slab.h:561 [inline] [] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74 [] zr364xx_start_readpipe+0x78/0x130 drivers/media/usb/zr364xx/zr364xx.c:1022 [] zr364xx_board_init drivers/media/usb/zr364xx/zr364xx.c:1383 [inline] [] zr364xx_probe+0x6a3/0x851 drivers/media/usb/zr364xx/zr364xx.c:1516 [] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [] really_probe+0x159/0x500 drivers/base/dd.c:576

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47344"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:21Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: zr364xx: fix memory leak in zr364xx_start_readpipe\n\nsyzbot reported memory leak in zr364xx driver.\nThe problem was in non-freed urb in case of\nusb_submit_urb() fail.\n\nbacktrace:\n  [\u003cffffffff82baedf6\u003e] kmalloc include/linux/slab.h:561 [inline]\n  [\u003cffffffff82baedf6\u003e] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74\n  [\u003cffffffff82f7cce8\u003e] zr364xx_start_readpipe+0x78/0x130 drivers/media/usb/zr364xx/zr364xx.c:1022\n  [\u003cffffffff84251dfc\u003e] zr364xx_board_init drivers/media/usb/zr364xx/zr364xx.c:1383 [inline]\n  [\u003cffffffff84251dfc\u003e] zr364xx_probe+0x6a3/0x851 drivers/media/usb/zr364xx/zr364xx.c:1516\n  [\u003cffffffff82bb6507\u003e] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396\n  [\u003cffffffff826018a9\u003e] really_probe+0x159/0x500 drivers/base/dd.c:576",
  "id": "GHSA-hm5p-668j-x4q6",
  "modified": "2024-12-24T18:30:48Z",
  "published": "2024-05-21T15:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47344"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/021c294dff030f3ba38eb81e400ba123db32ecbc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0a045eac8d0427b64577a24d74bb8347c905ac65"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0edd6759167295ea9969e89283b81017b4c688aa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5f3f81f1c96b501d180021c23c25e9f48eaab235"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b0633051a6cb24186ff04ce1af99c7de18c1987e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bbc80a972a3c5d7eba3f6c9c07af8fea42f5c513"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c57b2bd3247925e253729dce283d6bf6abc9339d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c57bfd8000d7677bf435873b440eec0c47f73a08"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d69b39d89f362cfeeb54a68690768d0d257b2c8f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HM6Q-48C6-P943

Vulnerability from github – Published: 2026-03-04 18:31 – Updated: 2026-03-04 18:31
VLAI
Details

A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also impact the availability of services to devices elsewhere in the network.

This vulnerability is due to the improper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted, authenticated IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust memory, causing the device to reload.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20014"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-04T18:16:15Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also impact the availability of services to devices elsewhere in the network.\n\n This vulnerability is due to the improper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted, authenticated IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust memory, causing the device to reload.",
  "id": "GHSA-hm6q-48c6-p943",
  "modified": "2026-03-04T18:31:54Z",
  "published": "2026-03-04T18:31:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20014"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-eBueGdEG"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HMQQ-G55H-WVGF

Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2025-01-06 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

gpio: sim: fix a memory leak

Fix an inverted logic bug in gpio_sim_remove_hogs() that leads to GPIO hog structures never being freed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52706"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T16:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: sim: fix a memory leak\n\nFix an inverted logic bug in gpio_sim_remove_hogs() that leads to GPIO\nhog structures never being freed.",
  "id": "GHSA-hmqq-g55h-wvgf",
  "modified": "2025-01-06T21:30:49Z",
  "published": "2024-05-21T18:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52706"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/79eeab1d85e0fee4c0bc36f3b6ddf3920f39f74b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/854e1ecff266033d3149666d3c5b8b0e174b4210"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HMW9-9296-84Q4

Vulnerability from github – Published: 2022-03-02 00:00 – Updated: 2022-03-17 00:04
VLAI
Details

A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A Specially crafAn out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.ted stl files can exhaust available memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-44961"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-01T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A Specially crafAn out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.ted stl files can exhaust available memory.",
  "id": "GHSA-hmw9-9296-84q4",
  "modified": "2022-03-17T00:04:34Z",
  "published": "2022-03-02T00:00:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44961"
    },
    {
      "type": "WEB",
      "url": "https://hackmd.io/nDT_UKLyRQendxDwil9A4w"
    },
    {
      "type": "WEB",
      "url": "http://libslic3r.com"
    },
    {
      "type": "WEB",
      "url": "http://slic3r.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HP7P-HW7M-PRXM

Vulnerability from github – Published: 2025-09-18 18:30 – Updated: 2026-02-19 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

clk: mediatek: fix of_iomap memory leak

Smatch reports: drivers/clk/mediatek/clk-mtk.c:583 mtk_clk_simple_probe() warn: 'base' from of_iomap() not released on lines: 496.

This problem was also found in linux-next. In mtk_clk_simple_probe(), base is not released when handling errors if clk_data is not existed, which may cause a leak. So free_base should be added here to release base.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53424"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T16:15:46Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: fix of_iomap memory leak\n\nSmatch reports:\ndrivers/clk/mediatek/clk-mtk.c:583 mtk_clk_simple_probe() warn:\n    \u0027base\u0027 from of_iomap() not released on lines: 496.\n\nThis problem was also found in linux-next. In mtk_clk_simple_probe(),\nbase is not released when handling errors\nif clk_data is not existed, which may cause a leak.\nSo free_base should be added here to release base.",
  "id": "GHSA-hp7p-hw7m-prxm",
  "modified": "2026-02-19T18:31:42Z",
  "published": "2025-09-18T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53424"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2cae6a28d8c12c597e8656962271520434c61c48"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3db7285e044144fd88a356f5b641b9cd4b231a77"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/47234e19b00816a8a7b278c7173f6d4e928c43c7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/847d5dd788ce05f0aaaa36ea174f7f0b9cf86f7d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.