CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-HPF7-WQ23-7PVR
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-05-07 15:31In the Linux kernel, the following vulnerability has been resolved:
dmaengine: ti: k3-udma-glue: fix memory leak when register device fail
If device_register() fails, it should call put_device() to give up reference, the name allocated in dev_set_name() can be freed in callback function kobject_cleanup().
{
"affected": [],
"aliases": [
"CVE-2022-49860"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T15:16:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: k3-udma-glue: fix memory leak when register device fail\n\nIf device_register() fails, it should call put_device() to give\nup reference, the name allocated in dev_set_name() can be freed\nin callback function kobject_cleanup().",
"id": "GHSA-hpf7-wq23-7pvr",
"modified": "2025-05-07T15:31:25Z",
"published": "2025-05-01T15:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49860"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/025eab5189fc7ee223ae9b4bc49d7df196543e53"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1dd27541aa2b95bde71bddd43d73f9c16d73272c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ac2b9f34f02052709aea7b34bb2a165e1853eb41"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HPH8-R9JG-PG83
Vulnerability from github – Published: 2022-11-01 19:00 – Updated: 2022-11-02 19:00open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.
{
"affected": [],
"aliases": [
"CVE-2022-43221"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-01T14:15:00Z",
"severity": "HIGH"
},
"details": "open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.",
"id": "GHSA-hph8-r9jg-pg83",
"modified": "2022-11-02T19:00:31Z",
"published": "2022-11-01T19:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43221"
},
{
"type": "WEB",
"url": "https://github.com/ToughRunner/Open5gs_bugreport3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HPHM-MG6M-84M8
Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend.
{
"affected": [],
"aliases": [
"CVE-2016-9916"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-29T22:59:00Z",
"severity": "MODERATE"
},
"details": "Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend.",
"id": "GHSA-hphm-mg6m-84m8",
"modified": "2022-05-13T01:13:37Z",
"published": "2022-05-13T01:13:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9916"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=898ae90a44551d25b8e956fd87372d303c82fe68"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=898ae90a44551d25b8e956fd87372d303c82fe68"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/12/06/11"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/7"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94729"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HPJ2-Q4FG-98GF
Vulnerability from github – Published: 2024-05-22 09:31 – Updated: 2025-09-24 03:30In the Linux kernel, the following vulnerability has been resolved:
ice: Avoid crash from unnecessary IDA free
In the remove path, there is an attempt to free the aux_idx IDA whether it was allocated or not. This can potentially cause a crash when unloading the driver on systems that do not initialize support for RDMA. But, this free cannot be gated by the status bit for RDMA, since it is allocated if the driver detects support for RDMA at probe time, but the driver can enter into a state where RDMA is not supported after the IDA has been allocated at probe time and this would lead to a memory leak.
Initialize aux_idx to an invalid value and check for a valid value when unloading to determine if an IDA free is necessary.
{
"affected": [],
"aliases": [
"CVE-2021-47453"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-22T07:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Avoid crash from unnecessary IDA free\n\nIn the remove path, there is an attempt to free the aux_idx IDA whether\nit was allocated or not. This can potentially cause a crash when\nunloading the driver on systems that do not initialize support for RDMA.\nBut, this free cannot be gated by the status bit for RDMA, since it is\nallocated if the driver detects support for RDMA at probe time, but the\ndriver can enter into a state where RDMA is not supported after the IDA\nhas been allocated at probe time and this would lead to a memory leak.\n\nInitialize aux_idx to an invalid value and check for a valid value when\nunloading to determine if an IDA free is necessary.",
"id": "GHSA-hpj2-q4fg-98gf",
"modified": "2025-09-24T03:30:25Z",
"published": "2024-05-22T09:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47453"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/73e30a62b19b9fbb4e6a3465c59da186630d5f2e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/777682e59840e24e6c5672197e6ffbcf4bff823b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HQ5F-3C8F-C5W8
Vulnerability from github – Published: 2022-10-21 12:00 – Updated: 2022-10-24 19:00A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the identifier assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-3619"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-404"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-20T20:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the identifier assigned to this vulnerability.",
"id": "GHSA-hq5f-3c8f-c5w8",
"modified": "2022-10-24T19:00:25Z",
"published": "2022-10-21T12:00:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3619"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=97097c85c088e11651146da32a4e1cdb9dfa6193"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.211918"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-HQ73-7C65-P9CQ
Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 00:34ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service.
{
"affected": [],
"aliases": [
"CVE-2026-56365"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T23:17:31Z",
"severity": "MODERATE"
},
"details": "ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service.",
"id": "GHSA-hq73-7c65-p9cq",
"modified": "2026-07-01T00:34:14Z",
"published": "2026-07-01T00:34:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x928-4434-crqj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56365"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-png-encoder-via-mng-image-writing"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-HQ83-R674-GJWH
Vulnerability from github – Published: 2025-03-14 00:30 – Updated: 2025-03-14 00:30In the Linux kernel, the following vulnerability has been resolved:
clk: mediatek: Fix memory leaks on probe
Handle the error branches to free memory where required.
Addresses-Coverity-ID: 1491825 ("Resource leak")
{
"affected": [],
"aliases": [
"CVE-2022-49108"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:48Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: Fix memory leaks on probe\n\nHandle the error branches to free memory where required.\n\nAddresses-Coverity-ID: 1491825 (\"Resource leak\")",
"id": "GHSA-hq83-r674-gjwh",
"modified": "2025-03-14T00:30:49Z",
"published": "2025-03-14T00:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49108"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/02742d1d5c95cff8b6e9379aae4ab12674f7265d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7a688c91d3fd54c53e7a9edd6052cdae98dd99d8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c6a0b413398588fc2d8b174a79ea715b66413fca"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HQF9-CPXC-Q47R
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
xen: Fix the issue of resource not being properly released in xenbus_dev_probe()
This patch fixes an issue in the function xenbus_dev_probe(). In the xenbus_dev_probe() function, within the if (err) branch at line 313, the program incorrectly returns err directly without releasing the resources allocated by err = drv->probe(dev, id). As the return value is non-zero, the upper layers assume the processing logic has failed. However, the probe operation was performed earlier without a corresponding remove operation. Since the probe actually allocates resources, failing to perform the remove operation could lead to problems.
To fix this issue, we followed the resource release logic of the xenbus_dev_remove() function by adding a new block fail_remove before the fail_put block. After entering the branch if (err) at line 313, the function will use a goto statement to jump to the fail_remove block, ensuring that the previously acquired resources are correctly released, thus preventing the reference count leak.
This bug was identified by an experimental static analysis tool developed by our team. The tool specializes in analyzing reference count operations and detecting potential issues where resources are not properly managed. In this case, the tool flagged the missing release operation as a potential problem, which led to the development of this patch.
{
"affected": [],
"aliases": [
"CVE-2024-53198"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T14:15:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: Fix the issue of resource not being properly released in xenbus_dev_probe()\n\nThis patch fixes an issue in the function xenbus_dev_probe(). In the\nxenbus_dev_probe() function, within the if (err) branch at line 313, the\nprogram incorrectly returns err directly without releasing the resources\nallocated by err = drv-\u003eprobe(dev, id). As the return value is non-zero,\nthe upper layers assume the processing logic has failed. However, the probe\noperation was performed earlier without a corresponding remove operation.\nSince the probe actually allocates resources, failing to perform the remove\noperation could lead to problems.\n\nTo fix this issue, we followed the resource release logic of the\nxenbus_dev_remove() function by adding a new block fail_remove before the\nfail_put block. After entering the branch if (err) at line 313, the\nfunction will use a goto statement to jump to the fail_remove block,\nensuring that the previously acquired resources are correctly released,\nthus preventing the reference count leak.\n\nThis bug was identified by an experimental static analysis tool developed\nby our team. The tool specializes in analyzing reference count operations\nand detecting potential issues where resources are not properly managed.\nIn this case, the tool flagged the missing release operation as a\npotential problem, which led to the development of this patch.",
"id": "GHSA-hqf9-cpxc-q47r",
"modified": "2025-11-03T21:31:48Z",
"published": "2024-12-27T15:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53198"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0aa9e30b5b4af5dd504801689d6d84c584290a45"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/217bdce88b104269b73603b84d0ab4dd04f481bc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2f977a4c82d35d063f5fe198bbc501c4b1c5ea0e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3fc0996d2fefe61219375fd650601724b8cf2d30"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/804b96f8d0a02fa10b92f28b2e042f9128ed3ffc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/87106169b4ce26f85561f953d13d1fd86d99b612"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/afc545da381ba0c651b2658966ac737032676f01"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e8823e6ff313465910edea07581627d85e68d9fd"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HQFW-8GWG-7R3Q
Vulnerability from github – Published: 2024-08-17 12:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
block: initialize integrity buffer to zero before writing it to media
Metadata added by bio_integrity_prep is using plain kmalloc, which leads to random kernel memory being written media. For PI metadata this is limited to the app tag that isn't used by kernel generated metadata, but for non-PI metadata the entire buffer leaks kernel memory.
Fix this by adding the __GFP_ZERO flag to allocations for writes.
{
"affected": [],
"aliases": [
"CVE-2024-43854"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-17T10:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: initialize integrity buffer to zero before writing it to media\n\nMetadata added by bio_integrity_prep is using plain kmalloc, which leads\nto random kernel memory being written media. For PI metadata this is\nlimited to the app tag that isn\u0027t used by kernel generated metadata,\nbut for non-PI metadata the entire buffer leaks kernel memory.\n\nFix this by adding the __GFP_ZERO flag to allocations for writes.",
"id": "GHSA-hqfw-8gwg-7r3q",
"modified": "2025-11-04T00:31:16Z",
"published": "2024-08-17T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43854"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b1982806a00"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HQJ3-8V2M-82W8
Vulnerability from github – Published: 2025-04-14 21:32 – Updated: 2025-04-14 21:32In the Linux kernel, the following vulnerability has been resolved:
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
kobject_init_and_add() takes reference even when it fails. According to the doc of kobject_init_and_add()
If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object.
Fix this issue by calling kobject_put().
{
"affected": [],
"aliases": [
"CVE-2022-49370"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:13Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle\n\nkobject_init_and_add() takes reference even when it fails.\nAccording to the doc of kobject_init_and_add()\n\n If this function returns an error, kobject_put() must be called to\n properly clean up the memory associated with the object.\n\nFix this issue by calling kobject_put().",
"id": "GHSA-hqj3-8v2m-82w8",
"modified": "2025-04-14T21:32:22Z",
"published": "2025-04-14T21:32:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49370"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3ba359ebe914ac3f8c6c832b28007c14c39d3766"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/660ba678f9998aca6db74f2dd912fa5124f0fa31"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/985706bd3bbeffc8737bc05965ca8d24837bc7db"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a724634b2a49f6ff0177a9e19a5a92fc1545e1b7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a9bfb37d6ba7c376b0d53337a4c5f5ff324bd725"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c66cc3c62870a27ea8f060a7e4c1ad8d26dd3f0d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ec752973aa721ee281d5441e497364637c626c7b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ed38d04342dfbe9e5aca745c8b5eb4188a74f0ef"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fdffa4ad8f6bf1ece877edfb807f2b2c729d8578"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.