CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-HQM4-GQW3-F629
Vulnerability from github – Published: 2023-01-13 00:30 – Updated: 2023-01-24 21:30A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). In a segment-routing scenario with OSPF as IGP, when a peer interface continuously flaps, next-hop churn will happen and a continuous increase in Routing Protocol Daemon (rpd) memory consumption will be observed. This will eventually lead to an rpd crash and restart when the memory is full. The memory consumption can be monitored using the CLI command "show task memory detail" as shown in the following example: user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 412330 158334720 412330 158334720 RT_TEMPLATE_BOOK_KEE 2064 2560 T 33315 85286400 33315 85286400 user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 419005 160897920 419005 160897920 <=== RT_TEMPLATE_BOOK_KEE 2064 2560 T 39975 102336000 39975 10233600 <=== This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.4 versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; 22.1 versions prior to 22.1R2-EVO.
{
"affected": [],
"aliases": [
"CVE-2023-22406"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-13T00:15:00Z",
"severity": "MODERATE"
},
"details": "A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). In a segment-routing scenario with OSPF as IGP, when a peer interface continuously flaps, next-hop churn will happen and a continuous increase in Routing Protocol Daemon (rpd) memory consumption will be observed. This will eventually lead to an rpd crash and restart when the memory is full. The memory consumption can be monitored using the CLI command \"show task memory detail\" as shown in the following example: user@host\u003e show task memory detail | match \"RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE\" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 412330 158334720 412330 158334720 RT_TEMPLATE_BOOK_KEE 2064 2560 T 33315 85286400 33315 85286400 user@host\u003e show task memory detail | match \"RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE\" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 419005 160897920 419005 160897920 \u003c=== RT_TEMPLATE_BOOK_KEE 2064 2560 T 39975 102336000 39975 10233600 \u003c=== This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.4 versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; 22.1 versions prior to 22.1R2-EVO.",
"id": "GHSA-hqm4-gqw3-f629",
"modified": "2023-01-24T21:30:37Z",
"published": "2023-01-13T00:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22406"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA70202"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HR3F-7V27-3Q3P
Vulnerability from github – Published: 2025-09-22 21:30 – Updated: 2025-09-22 21:30In the Linux kernel, the following vulnerability has been resolved:
media: usb: go7007: s2250-board: fix leak in probe()
Call i2c_unregister_device(audio) on this error path.
{
"affected": [],
"aliases": [
"CVE-2022-49253"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:02Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: usb: go7007: s2250-board: fix leak in probe()\n\nCall i2c_unregister_device(audio) on this error path.",
"id": "GHSA-hr3f-7v27-3q3p",
"modified": "2025-09-22T21:30:16Z",
"published": "2025-09-22T21:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49253"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/14cd5a8e61c654828a1f1056d56f0b0a524d2c69"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/44973633b0064c46083833b55dd0a45e6235f8ca"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/67e4550ecd6164bfbdff54c169e5bbf9ccfaf14d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/895364fa97e60749855f789bc4568883fc7a8b39"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/948ad5e5624487079c24cb5c81c74ddd02832440"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a97130cd5b0c00eec169b10a16d922b9ea67324a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b5470f3efa530b10296257bb578ce4b1769e9a04"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b7dd177225355da55f8d80d8e568928e0eec3608"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bbdd0e15738336e6b1208304ae98525117877bbd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HR64-FHR7-7VXW
Vulnerability from github – Published: 2022-10-04 00:00 – Updated: 2022-10-06 00:00Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_AvcFrameParser::Feed function in mp4mux.
{
"affected": [],
"aliases": [
"CVE-2022-41427"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-03T14:15:00Z",
"severity": "MODERATE"
},
"details": "Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_AvcFrameParser::Feed function in mp4mux.",
"id": "GHSA-hr64-fhr7-7vxw",
"modified": "2022-10-06T00:00:58Z",
"published": "2022-10-04T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41427"
},
{
"type": "WEB",
"url": "https://github.com/axiomatic-systems/Bento4/issues/772"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HRPG-229C-XMMQ
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-04 15:30In the Linux kernel, the following vulnerability has been resolved:
netfilter: x_tables: fix percpu counter block leak on error path when creating new netns
Here is the stack where we allocate percpu counter block:
+-< __alloc_percpu +-< xt_percpu_counter_alloc +-< find_check_entry # {arp,ip,ip6}_tables.c +-< translate_table
And it can be leaked on this code path:
+-> ip6t_register_table +-> translate_table # allocates percpu counter block +-> xt_register_table # fails
there is no freeing of the counter block on xt_register_table fail. Note: xt_percpu_counter_free should be called to free it like we do in do_replace through cleanup_entry helper (or in __ip6t_unregister_table).
Probability of hitting this error path is low AFAICS (xt_register_table can only return ENOMEM here, as it is not replacing anything, as we are creating new netns, and it is hard to imagine that all previous allocations succeeded and after that one in xt_register_table failed). But it's worth fixing even the rare leak.
{
"affected": [],
"aliases": [
"CVE-2023-53200"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T15:15:46Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: x_tables: fix percpu counter block leak on error path when creating new netns\n\nHere is the stack where we allocate percpu counter block:\n\n +-\u003c __alloc_percpu\n +-\u003c xt_percpu_counter_alloc\n +-\u003c find_check_entry # {arp,ip,ip6}_tables.c\n +-\u003c translate_table\n\nAnd it can be leaked on this code path:\n\n +-\u003e ip6t_register_table\n +-\u003e translate_table # allocates percpu counter block\n +-\u003e xt_register_table # fails\n\nthere is no freeing of the counter block on xt_register_table fail.\nNote: xt_percpu_counter_free should be called to free it like we do in\ndo_replace through cleanup_entry helper (or in __ip6t_unregister_table).\n\nProbability of hitting this error path is low AFAICS (xt_register_table\ncan only return ENOMEM here, as it is not replacing anything, as we are\ncreating new netns, and it is hard to imagine that all previous\nallocations succeeded and after that one in xt_register_table failed).\nBut it\u0027s worth fixing even the rare leak.",
"id": "GHSA-hrpg-229c-xmmq",
"modified": "2025-12-04T15:30:31Z",
"published": "2025-09-15T15:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53200"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0af8c09c896810879387decfba8c942994bb61f5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3cc9610a87b7dde82f7360dd4eb6c2c27940ed57"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/512b6c4b83c91d007301ea7d7f095d16c3aceacd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e306dbee4c98025a9326386023a12ef4d887e9d1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HRQM-QPW9-W8RV
Vulnerability from github – Published: 2025-09-25 21:30 – Updated: 2025-12-16 23:59A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows an attacker to cause server unavailability (denial of service) via repeatedly calling the API endpoint.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay:com.liferay.portal.vulcan.impl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.115"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-43816"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-26T13:04:13Z",
"nvd_published_at": "2025-09-25T20:15:34Z",
"severity": "MODERATE"
},
"details": "A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows an attacker to cause server unavailability (denial of service) via repeatedly calling the API endpoint.",
"id": "GHSA-hrqm-qpw9-w8rv",
"modified": "2025-12-16T23:59:47Z",
"published": "2025-09-25T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43816"
},
{
"type": "PACKAGE",
"url": "https://github.com/liferay/liferay-portal"
},
{
"type": "WEB",
"url": "https://liferay.atlassian.net/browse/LPE-18005"
},
{
"type": "WEB",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43816"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Liferay Portal and DXP vulnerable to a memory leak"
}
GHSA-HRV2-R4HW-HHJC
Vulnerability from github – Published: 2025-10-22 18:30 – Updated: 2025-10-22 18:30In the Linux kernel, the following vulnerability has been resolved:
dpaa2-eth: retrieve the virtual address before dma_unmap
The TSO header was DMA unmapped before the virtual address was retrieved and then used to free the buffer. This meant that we were actually removing the DMA map and then trying to search for it to help in retrieving the virtual address. This lead to a invalid virtual address being used in the kfree call.
Fix this by calling dpaa2_iova_to_virt() prior to the dma_unmap call.
[ 487.231819] Unable to handle kernel paging request at virtual address fffffd9807000008
(...)
[ 487.354061] Hardware name: SolidRun LX2160A Honeycomb (DT) [ 487.359535] pstate: a0400005 (NzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 487.366485] pc : kfree+0xac/0x304 [ 487.369799] lr : kfree+0x204/0x304 [ 487.373191] sp : ffff80000c4eb120 [ 487.376493] x29: ffff80000c4eb120 x28: ffff662240c46400 x27: 0000000000000001 [ 487.383621] x26: 0000000000000001 x25: ffff662246da0cc0 x24: ffff66224af78000 [ 487.390748] x23: ffffad184f4ce008 x22: ffffad1850185000 x21: ffffad1838d13cec [ 487.397874] x20: ffff6601c0000000 x19: fffffd9807000000 x18: 0000000000000000 [ 487.405000] x17: ffffb910cdc49000 x16: ffffad184d7d9080 x15: 0000000000004000 [ 487.412126] x14: 0000000000000008 x13: 000000000000ffff x12: 0000000000000000 [ 487.419252] x11: 0000000000000004 x10: 0000000000000001 x9 : ffffad184d7d927c [ 487.426379] x8 : 0000000000000000 x7 : 0000000ffffffd1d x6 : ffff662240a94900 [ 487.433505] x5 : 0000000000000003 x4 : 0000000000000009 x3 : ffffad184f4ce008 [ 487.440632] x2 : ffff662243eec000 x1 : 0000000100000100 x0 : fffffc0000000000 [ 487.447758] Call trace: [ 487.450194] kfree+0xac/0x304 [ 487.453151] dpaa2_eth_free_tx_fd.isra.0+0x33c/0x3e0 [fsl_dpaa2_eth] [ 487.459507] dpaa2_eth_tx_conf+0x100/0x2e0 [fsl_dpaa2_eth] [ 487.464989] dpaa2_eth_poll+0xdc/0x380 [fsl_dpaa2_eth]
{
"affected": [],
"aliases": [
"CVE-2022-49452"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:21Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-eth: retrieve the virtual address before dma_unmap\n\nThe TSO header was DMA unmapped before the virtual address was retrieved\nand then used to free the buffer. This meant that we were actually\nremoving the DMA map and then trying to search for it to help in\nretrieving the virtual address. This lead to a invalid virtual address\nbeing used in the kfree call.\n\nFix this by calling dpaa2_iova_to_virt() prior to the dma_unmap call.\n\n[ 487.231819] Unable to handle kernel paging request at virtual address fffffd9807000008\n\n(...)\n\n[ 487.354061] Hardware name: SolidRun LX2160A Honeycomb (DT)\n[ 487.359535] pstate: a0400005 (NzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 487.366485] pc : kfree+0xac/0x304\n[ 487.369799] lr : kfree+0x204/0x304\n[ 487.373191] sp : ffff80000c4eb120\n[ 487.376493] x29: ffff80000c4eb120 x28: ffff662240c46400 x27: 0000000000000001\n[ 487.383621] x26: 0000000000000001 x25: ffff662246da0cc0 x24: ffff66224af78000\n[ 487.390748] x23: ffffad184f4ce008 x22: ffffad1850185000 x21: ffffad1838d13cec\n[ 487.397874] x20: ffff6601c0000000 x19: fffffd9807000000 x18: 0000000000000000\n[ 487.405000] x17: ffffb910cdc49000 x16: ffffad184d7d9080 x15: 0000000000004000\n[ 487.412126] x14: 0000000000000008 x13: 000000000000ffff x12: 0000000000000000\n[ 487.419252] x11: 0000000000000004 x10: 0000000000000001 x9 : ffffad184d7d927c\n[ 487.426379] x8 : 0000000000000000 x7 : 0000000ffffffd1d x6 : ffff662240a94900\n[ 487.433505] x5 : 0000000000000003 x4 : 0000000000000009 x3 : ffffad184f4ce008\n[ 487.440632] x2 : ffff662243eec000 x1 : 0000000100000100 x0 : fffffc0000000000\n[ 487.447758] Call trace:\n[ 487.450194] kfree+0xac/0x304\n[ 487.453151] dpaa2_eth_free_tx_fd.isra.0+0x33c/0x3e0 [fsl_dpaa2_eth]\n[ 487.459507] dpaa2_eth_tx_conf+0x100/0x2e0 [fsl_dpaa2_eth]\n[ 487.464989] dpaa2_eth_poll+0xdc/0x380 [fsl_dpaa2_eth]",
"id": "GHSA-hrv2-r4hw-hhjc",
"modified": "2025-10-22T18:30:31Z",
"published": "2025-10-22T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49452"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/06d129946a71f3159b3b40ee95549183edf2c79d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ba5fe3dd4833bbc03609c5c0c2dd2cea5fa5addf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HVGM-3M44-563V
Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-02-05 18:30In the Linux kernel, the following vulnerability has been resolved:
drm: amd: display: Fix memory leakage
This commit fixes memory leakage in dc_construct_ctx() function.
{
"affected": [],
"aliases": [
"CVE-2023-53605"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-04T16:15:57Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: amd: display: Fix memory leakage\n\nThis commit fixes memory leakage in dc_construct_ctx() function.",
"id": "GHSA-hvgm-3m44-563v",
"modified": "2026-02-05T18:30:28Z",
"published": "2025-10-04T18:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53605"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1bdea8ee92a6abc650b2189fd5c53f36859baecb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6b8701be1f66064ca72733c5f6e13748cdbf8397"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/83ace0dd67ee386be1ddcf59dab49d6d9a54e62e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9ae15ebaefc4878d614f10cc56ea672f88cea582"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d473c55ce1975c9e601c25293328a5039225d2b2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HVPQ-W3PM-9WFJ
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-02 03:31In the Linux kernel, the following vulnerability has been resolved:
mlxsw: minimal: fix potential memory leak in mlxsw_m_linecards_init
The line cards array is not freed in the error path of mlxsw_m_linecards_init(), which can lead to a memory leak. Fix by freeing the array in the error path, thereby making the error path identical to mlxsw_m_linecards_fini().
{
"affected": [],
"aliases": [
"CVE-2023-53195"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T14:15:41Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: minimal: fix potential memory leak in mlxsw_m_linecards_init\n\nThe line cards array is not freed in the error path of\nmlxsw_m_linecards_init(), which can lead to a memory leak. Fix by\nfreeing the array in the error path, thereby making the error path\nidentical to mlxsw_m_linecards_fini().",
"id": "GHSA-hvpq-w3pm-9wfj",
"modified": "2025-12-02T03:31:36Z",
"published": "2025-09-15T15:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53195"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/08fc75735fda3be97194bfbf3c899c87abb3d0fe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cd716022c968bc6748f23708b986f845b45791b7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d4f5b1dd816dccd4ee6bb60b2a81a3d4373636a9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HVR9-MMHM-XX2R
Vulnerability from github – Published: 2025-04-14 21:32 – Updated: 2025-04-14 21:32In the Linux kernel, the following vulnerability has been resolved:
jffs2: fix memory leak in jffs2_do_fill_super
If jffs2_iget() or d_make_root() in jffs2_do_fill_super() returns an error, we can observe the following kmemleak report:
unreferenced object 0xffff888105a65340 (size 64): comm "mount", pid 710, jiffies 4302851558 (age 58.239s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kmem_cache_alloc_trace+0x475/0x8a0 [] jffs2_sum_init+0x96/0x1a0 [] jffs2_do_mount_fs+0x745/0x2120 [] jffs2_do_fill_super+0x35c/0x810 [] jffs2_fill_super+0x2b9/0x3b0 [...] unreferenced object 0xffff8881bd7f0000 (size 65536): comm "mount", pid 710, jiffies 4302851558 (age 58.239s) hex dump (first 32 bytes): bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ backtrace: [] kmalloc_order+0xda/0x110 [] kmalloc_order_trace+0x21/0x130 [] __kmalloc+0x711/0x8a0 [] jffs2_sum_init+0xd9/0x1a0 [] jffs2_do_mount_fs+0x745/0x2120 [] jffs2_do_fill_super+0x35c/0x810 [] jffs2_fill_super+0x2b9/0x3b0 [...]
This is because the resources allocated in jffs2_sum_init() are not released. Call jffs2_sum_exit() to release these resources to solve the problem.
{
"affected": [],
"aliases": [
"CVE-2022-49381"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:14Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: fix memory leak in jffs2_do_fill_super\n\nIf jffs2_iget() or d_make_root() in jffs2_do_fill_super() returns\nan error, we can observe the following kmemleak report:\n\n--------------------------------------------\nunreferenced object 0xffff888105a65340 (size 64):\n comm \"mount\", pid 710, jiffies 4302851558 (age 58.239s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003cffffffff859c45e5\u003e] kmem_cache_alloc_trace+0x475/0x8a0\n [\u003cffffffff86160146\u003e] jffs2_sum_init+0x96/0x1a0\n [\u003cffffffff86140e25\u003e] jffs2_do_mount_fs+0x745/0x2120\n [\u003cffffffff86149fec\u003e] jffs2_do_fill_super+0x35c/0x810\n [\u003cffffffff8614aae9\u003e] jffs2_fill_super+0x2b9/0x3b0\n [...]\nunreferenced object 0xffff8881bd7f0000 (size 65536):\n comm \"mount\", pid 710, jiffies 4302851558 (age 58.239s)\n hex dump (first 32 bytes):\n bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................\n bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................\n backtrace:\n [\u003cffffffff858579ba\u003e] kmalloc_order+0xda/0x110\n [\u003cffffffff85857a11\u003e] kmalloc_order_trace+0x21/0x130\n [\u003cffffffff859c2ed1\u003e] __kmalloc+0x711/0x8a0\n [\u003cffffffff86160189\u003e] jffs2_sum_init+0xd9/0x1a0\n [\u003cffffffff86140e25\u003e] jffs2_do_mount_fs+0x745/0x2120\n [\u003cffffffff86149fec\u003e] jffs2_do_fill_super+0x35c/0x810\n [\u003cffffffff8614aae9\u003e] jffs2_fill_super+0x2b9/0x3b0\n [...]\n--------------------------------------------\n\nThis is because the resources allocated in jffs2_sum_init() are not\nreleased. Call jffs2_sum_exit() to release these resources to solve\nthe problem.",
"id": "GHSA-hvr9-mmhm-xx2r",
"modified": "2025-04-14T21:32:23Z",
"published": "2025-04-14T21:32:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49381"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/28048a4cf3813b7cf5cc8cce629dfdc7951cb1c2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3252d327f977b14663a10967f3b0930d6c325687"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4ba7bbeab8009faf3a726e565d98816593ddd5b0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4da8763a3d2b684c773b72ed80fad40bc264bc40"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/69295267c481545f636b69ff341b8db75aa136b9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c14adb1cf70a984ed081c67e9d27bc3caad9537c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cf9db013e167bc8fc2ecd7a13ed97a37df0c9dab"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d3a4fff1e7e408c32649030daa7c2c42a7e19a95"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ecc53e58596542791e82eff00702f8af7a313f70"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HVV3-FJWQ-P2F6
Vulnerability from github – Published: 2025-10-07 18:31 – Updated: 2026-02-03 18:30In the Linux kernel, the following vulnerability has been resolved:
hwmon: (xgene) Fix ioremap and memremap leak
Smatch reports:
drivers/hwmon/xgene-hwmon.c:757 xgene_hwmon_probe() warn: 'ctx->pcc_comm_addr' from ioremap() not released on line: 757.
This is because in drivers/hwmon/xgene-hwmon.c:701 xgene_hwmon_probe(), ioremap and memremap is not released, which may cause a leak.
To fix this, ioremap and memremap is modified to devm_ioremap and devm_memremap.
[groeck: Fixed formatting and subject]
{
"affected": [],
"aliases": [
"CVE-2023-53682"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-07T16:15:52Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (xgene) Fix ioremap and memremap leak\n\nSmatch reports:\n\ndrivers/hwmon/xgene-hwmon.c:757 xgene_hwmon_probe() warn:\n\u0027ctx-\u003epcc_comm_addr\u0027 from ioremap() not released on line: 757.\n\nThis is because in drivers/hwmon/xgene-hwmon.c:701 xgene_hwmon_probe(),\nioremap and memremap is not released, which may cause a leak.\n\nTo fix this, ioremap and memremap is modified to devm_ioremap and\ndevm_memremap.\n\n[groeck: Fixed formatting and subject]",
"id": "GHSA-hvv3-fjwq-p2f6",
"modified": "2026-02-03T18:30:30Z",
"published": "2025-10-07T18:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53682"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1773185a0a87006c1be78a978d9dd61aa7a33db8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/813cc94c7847ae4a17e9f744fb4dbdf7df6bd732"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9d482a09acd3d5f61a56aefc125d32c81994707b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.