Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-HQM4-GQW3-F629

Vulnerability from github – Published: 2023-01-13 00:30 – Updated: 2023-01-24 21:30
VLAI
Details

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). In a segment-routing scenario with OSPF as IGP, when a peer interface continuously flaps, next-hop churn will happen and a continuous increase in Routing Protocol Daemon (rpd) memory consumption will be observed. This will eventually lead to an rpd crash and restart when the memory is full. The memory consumption can be monitored using the CLI command "show task memory detail" as shown in the following example: user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 412330 158334720 412330 158334720 RT_TEMPLATE_BOOK_KEE 2064 2560 T 33315 85286400 33315 85286400 user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 419005 160897920 419005 160897920 <=== RT_TEMPLATE_BOOK_KEE 2064 2560 T 39975 102336000 39975 10233600 <=== This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.4 versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; 22.1 versions prior to 22.1R2-EVO.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-22406"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-13T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). In a segment-routing scenario with OSPF as IGP, when a peer interface continuously flaps, next-hop churn will happen and a continuous increase in Routing Protocol Daemon (rpd) memory consumption will be observed. This will eventually lead to an rpd crash and restart when the memory is full. The memory consumption can be monitored using the CLI command \"show task memory detail\" as shown in the following example: user@host\u003e show task memory detail | match \"RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE\" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 412330 158334720 412330 158334720 RT_TEMPLATE_BOOK_KEE 2064 2560 T 33315 85286400 33315 85286400 user@host\u003e show task memory detail | match \"RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE\" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 419005 160897920 419005 160897920 \u003c=== RT_TEMPLATE_BOOK_KEE 2064 2560 T 39975 102336000 39975 10233600 \u003c=== This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.4 versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; 22.1 versions prior to 22.1R2-EVO.",
  "id": "GHSA-hqm4-gqw3-f629",
  "modified": "2023-01-24T21:30:37Z",
  "published": "2023-01-13T00:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22406"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA70202"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HR3F-7V27-3Q3P

Vulnerability from github – Published: 2025-09-22 21:30 – Updated: 2025-09-22 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: usb: go7007: s2250-board: fix leak in probe()

Call i2c_unregister_device(audio) on this error path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49253"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:02Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: usb: go7007: s2250-board: fix leak in probe()\n\nCall i2c_unregister_device(audio) on this error path.",
  "id": "GHSA-hr3f-7v27-3q3p",
  "modified": "2025-09-22T21:30:16Z",
  "published": "2025-09-22T21:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49253"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/14cd5a8e61c654828a1f1056d56f0b0a524d2c69"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/44973633b0064c46083833b55dd0a45e6235f8ca"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/67e4550ecd6164bfbdff54c169e5bbf9ccfaf14d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/895364fa97e60749855f789bc4568883fc7a8b39"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/948ad5e5624487079c24cb5c81c74ddd02832440"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a97130cd5b0c00eec169b10a16d922b9ea67324a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b5470f3efa530b10296257bb578ce4b1769e9a04"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b7dd177225355da55f8d80d8e568928e0eec3608"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bbdd0e15738336e6b1208304ae98525117877bbd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HR64-FHR7-7VXW

Vulnerability from github – Published: 2022-10-04 00:00 – Updated: 2022-10-06 00:00
VLAI
Details

Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_AvcFrameParser::Feed function in mp4mux.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-41427"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-03T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_AvcFrameParser::Feed function in mp4mux.",
  "id": "GHSA-hr64-fhr7-7vxw",
  "modified": "2022-10-06T00:00:58Z",
  "published": "2022-10-04T00:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41427"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/772"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HRPG-229C-XMMQ

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-04 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: x_tables: fix percpu counter block leak on error path when creating new netns

Here is the stack where we allocate percpu counter block:

+-< __alloc_percpu +-< xt_percpu_counter_alloc +-< find_check_entry # {arp,ip,ip6}_tables.c +-< translate_table

And it can be leaked on this code path:

+-> ip6t_register_table +-> translate_table # allocates percpu counter block +-> xt_register_table # fails

there is no freeing of the counter block on xt_register_table fail. Note: xt_percpu_counter_free should be called to free it like we do in do_replace through cleanup_entry helper (or in __ip6t_unregister_table).

Probability of hitting this error path is low AFAICS (xt_register_table can only return ENOMEM here, as it is not replacing anything, as we are creating new netns, and it is hard to imagine that all previous allocations succeeded and after that one in xt_register_table failed). But it's worth fixing even the rare leak.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53200"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:46Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: x_tables: fix percpu counter block leak on error path when creating new netns\n\nHere is the stack where we allocate percpu counter block:\n\n  +-\u003c __alloc_percpu\n    +-\u003c xt_percpu_counter_alloc\n      +-\u003c find_check_entry # {arp,ip,ip6}_tables.c\n        +-\u003c translate_table\n\nAnd it can be leaked on this code path:\n\n  +-\u003e ip6t_register_table\n    +-\u003e translate_table # allocates percpu counter block\n    +-\u003e xt_register_table # fails\n\nthere is no freeing of the counter block on xt_register_table fail.\nNote: xt_percpu_counter_free should be called to free it like we do in\ndo_replace through cleanup_entry helper (or in __ip6t_unregister_table).\n\nProbability of hitting this error path is low AFAICS (xt_register_table\ncan only return ENOMEM here, as it is not replacing anything, as we are\ncreating new netns, and it is hard to imagine that all previous\nallocations succeeded and after that one in xt_register_table failed).\nBut it\u0027s worth fixing even the rare leak.",
  "id": "GHSA-hrpg-229c-xmmq",
  "modified": "2025-12-04T15:30:31Z",
  "published": "2025-09-15T15:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53200"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0af8c09c896810879387decfba8c942994bb61f5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3cc9610a87b7dde82f7360dd4eb6c2c27940ed57"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/512b6c4b83c91d007301ea7d7f095d16c3aceacd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e306dbee4c98025a9326386023a12ef4d887e9d1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HRQM-QPW9-W8RV

Vulnerability from github – Published: 2025-09-25 21:30 – Updated: 2025-12-16 23:59
VLAI
Summary
Liferay Portal and DXP vulnerable to a memory leak
Details

A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows an attacker to cause server unavailability (denial of service) via repeatedly calling the API endpoint.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.liferay:com.liferay.portal.vulcan.impl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.0.115"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-43816"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-26T13:04:13Z",
    "nvd_published_at": "2025-09-25T20:15:34Z",
    "severity": "MODERATE"
  },
  "details": "A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows an attacker to cause server unavailability (denial of service) via repeatedly calling the API endpoint.",
  "id": "GHSA-hrqm-qpw9-w8rv",
  "modified": "2025-12-16T23:59:47Z",
  "published": "2025-09-25T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43816"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/liferay/liferay-portal"
    },
    {
      "type": "WEB",
      "url": "https://liferay.atlassian.net/browse/LPE-18005"
    },
    {
      "type": "WEB",
      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43816"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Liferay Portal and DXP vulnerable to a memory leak"
}

GHSA-HRV2-R4HW-HHJC

Vulnerability from github – Published: 2025-10-22 18:30 – Updated: 2025-10-22 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

dpaa2-eth: retrieve the virtual address before dma_unmap

The TSO header was DMA unmapped before the virtual address was retrieved and then used to free the buffer. This meant that we were actually removing the DMA map and then trying to search for it to help in retrieving the virtual address. This lead to a invalid virtual address being used in the kfree call.

Fix this by calling dpaa2_iova_to_virt() prior to the dma_unmap call.

[ 487.231819] Unable to handle kernel paging request at virtual address fffffd9807000008

(...)

[ 487.354061] Hardware name: SolidRun LX2160A Honeycomb (DT) [ 487.359535] pstate: a0400005 (NzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 487.366485] pc : kfree+0xac/0x304 [ 487.369799] lr : kfree+0x204/0x304 [ 487.373191] sp : ffff80000c4eb120 [ 487.376493] x29: ffff80000c4eb120 x28: ffff662240c46400 x27: 0000000000000001 [ 487.383621] x26: 0000000000000001 x25: ffff662246da0cc0 x24: ffff66224af78000 [ 487.390748] x23: ffffad184f4ce008 x22: ffffad1850185000 x21: ffffad1838d13cec [ 487.397874] x20: ffff6601c0000000 x19: fffffd9807000000 x18: 0000000000000000 [ 487.405000] x17: ffffb910cdc49000 x16: ffffad184d7d9080 x15: 0000000000004000 [ 487.412126] x14: 0000000000000008 x13: 000000000000ffff x12: 0000000000000000 [ 487.419252] x11: 0000000000000004 x10: 0000000000000001 x9 : ffffad184d7d927c [ 487.426379] x8 : 0000000000000000 x7 : 0000000ffffffd1d x6 : ffff662240a94900 [ 487.433505] x5 : 0000000000000003 x4 : 0000000000000009 x3 : ffffad184f4ce008 [ 487.440632] x2 : ffff662243eec000 x1 : 0000000100000100 x0 : fffffc0000000000 [ 487.447758] Call trace: [ 487.450194] kfree+0xac/0x304 [ 487.453151] dpaa2_eth_free_tx_fd.isra.0+0x33c/0x3e0 [fsl_dpaa2_eth] [ 487.459507] dpaa2_eth_tx_conf+0x100/0x2e0 [fsl_dpaa2_eth] [ 487.464989] dpaa2_eth_poll+0xdc/0x380 [fsl_dpaa2_eth]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49452"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:21Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-eth: retrieve the virtual address before dma_unmap\n\nThe TSO header was DMA unmapped before the virtual address was retrieved\nand then used to free the buffer. This meant that we were actually\nremoving the DMA map and then trying to search for it to help in\nretrieving the virtual address. This lead to a invalid virtual address\nbeing used in the kfree call.\n\nFix this by calling dpaa2_iova_to_virt() prior to the dma_unmap call.\n\n[  487.231819] Unable to handle kernel paging request at virtual address fffffd9807000008\n\n(...)\n\n[  487.354061] Hardware name: SolidRun LX2160A Honeycomb (DT)\n[  487.359535] pstate: a0400005 (NzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  487.366485] pc : kfree+0xac/0x304\n[  487.369799] lr : kfree+0x204/0x304\n[  487.373191] sp : ffff80000c4eb120\n[  487.376493] x29: ffff80000c4eb120 x28: ffff662240c46400 x27: 0000000000000001\n[  487.383621] x26: 0000000000000001 x25: ffff662246da0cc0 x24: ffff66224af78000\n[  487.390748] x23: ffffad184f4ce008 x22: ffffad1850185000 x21: ffffad1838d13cec\n[  487.397874] x20: ffff6601c0000000 x19: fffffd9807000000 x18: 0000000000000000\n[  487.405000] x17: ffffb910cdc49000 x16: ffffad184d7d9080 x15: 0000000000004000\n[  487.412126] x14: 0000000000000008 x13: 000000000000ffff x12: 0000000000000000\n[  487.419252] x11: 0000000000000004 x10: 0000000000000001 x9 : ffffad184d7d927c\n[  487.426379] x8 : 0000000000000000 x7 : 0000000ffffffd1d x6 : ffff662240a94900\n[  487.433505] x5 : 0000000000000003 x4 : 0000000000000009 x3 : ffffad184f4ce008\n[  487.440632] x2 : ffff662243eec000 x1 : 0000000100000100 x0 : fffffc0000000000\n[  487.447758] Call trace:\n[  487.450194]  kfree+0xac/0x304\n[  487.453151]  dpaa2_eth_free_tx_fd.isra.0+0x33c/0x3e0 [fsl_dpaa2_eth]\n[  487.459507]  dpaa2_eth_tx_conf+0x100/0x2e0 [fsl_dpaa2_eth]\n[  487.464989]  dpaa2_eth_poll+0xdc/0x380 [fsl_dpaa2_eth]",
  "id": "GHSA-hrv2-r4hw-hhjc",
  "modified": "2025-10-22T18:30:31Z",
  "published": "2025-10-22T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49452"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/06d129946a71f3159b3b40ee95549183edf2c79d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ba5fe3dd4833bbc03609c5c0c2dd2cea5fa5addf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HVGM-3M44-563V

Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-02-05 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm: amd: display: Fix memory leakage

This commit fixes memory leakage in dc_construct_ctx() function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53605"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-04T16:15:57Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: amd: display: Fix memory leakage\n\nThis commit fixes memory leakage in dc_construct_ctx() function.",
  "id": "GHSA-hvgm-3m44-563v",
  "modified": "2026-02-05T18:30:28Z",
  "published": "2025-10-04T18:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53605"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1bdea8ee92a6abc650b2189fd5c53f36859baecb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6b8701be1f66064ca72733c5f6e13748cdbf8397"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/83ace0dd67ee386be1ddcf59dab49d6d9a54e62e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9ae15ebaefc4878d614f10cc56ea672f88cea582"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d473c55ce1975c9e601c25293328a5039225d2b2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HVPQ-W3PM-9WFJ

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-02 03:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mlxsw: minimal: fix potential memory leak in mlxsw_m_linecards_init

The line cards array is not freed in the error path of mlxsw_m_linecards_init(), which can lead to a memory leak. Fix by freeing the array in the error path, thereby making the error path identical to mlxsw_m_linecards_fini().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53195"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T14:15:41Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: minimal: fix potential memory leak in mlxsw_m_linecards_init\n\nThe line cards array is not freed in the error path of\nmlxsw_m_linecards_init(), which can lead to a memory leak. Fix by\nfreeing the array in the error path, thereby making the error path\nidentical to mlxsw_m_linecards_fini().",
  "id": "GHSA-hvpq-w3pm-9wfj",
  "modified": "2025-12-02T03:31:36Z",
  "published": "2025-09-15T15:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53195"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/08fc75735fda3be97194bfbf3c899c87abb3d0fe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cd716022c968bc6748f23708b986f845b45791b7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d4f5b1dd816dccd4ee6bb60b2a81a3d4373636a9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HVR9-MMHM-XX2R

Vulnerability from github – Published: 2025-04-14 21:32 – Updated: 2025-04-14 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

jffs2: fix memory leak in jffs2_do_fill_super

If jffs2_iget() or d_make_root() in jffs2_do_fill_super() returns an error, we can observe the following kmemleak report:


unreferenced object 0xffff888105a65340 (size 64): comm "mount", pid 710, jiffies 4302851558 (age 58.239s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kmem_cache_alloc_trace+0x475/0x8a0 [] jffs2_sum_init+0x96/0x1a0 [] jffs2_do_mount_fs+0x745/0x2120 [] jffs2_do_fill_super+0x35c/0x810 [] jffs2_fill_super+0x2b9/0x3b0 [...] unreferenced object 0xffff8881bd7f0000 (size 65536): comm "mount", pid 710, jiffies 4302851558 (age 58.239s) hex dump (first 32 bytes): bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ backtrace: [] kmalloc_order+0xda/0x110 [] kmalloc_order_trace+0x21/0x130 [] __kmalloc+0x711/0x8a0 [] jffs2_sum_init+0xd9/0x1a0 [] jffs2_do_mount_fs+0x745/0x2120 [] jffs2_do_fill_super+0x35c/0x810 [] jffs2_fill_super+0x2b9/0x3b0 [...]


This is because the resources allocated in jffs2_sum_init() are not released. Call jffs2_sum_exit() to release these resources to solve the problem.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:14Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: fix memory leak in jffs2_do_fill_super\n\nIf jffs2_iget() or d_make_root() in jffs2_do_fill_super() returns\nan error, we can observe the following kmemleak report:\n\n--------------------------------------------\nunreferenced object 0xffff888105a65340 (size 64):\n  comm \"mount\", pid 710, jiffies 4302851558 (age 58.239s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [\u003cffffffff859c45e5\u003e] kmem_cache_alloc_trace+0x475/0x8a0\n    [\u003cffffffff86160146\u003e] jffs2_sum_init+0x96/0x1a0\n    [\u003cffffffff86140e25\u003e] jffs2_do_mount_fs+0x745/0x2120\n    [\u003cffffffff86149fec\u003e] jffs2_do_fill_super+0x35c/0x810\n    [\u003cffffffff8614aae9\u003e] jffs2_fill_super+0x2b9/0x3b0\n    [...]\nunreferenced object 0xffff8881bd7f0000 (size 65536):\n  comm \"mount\", pid 710, jiffies 4302851558 (age 58.239s)\n  hex dump (first 32 bytes):\n    bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb  ................\n    bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb  ................\n  backtrace:\n    [\u003cffffffff858579ba\u003e] kmalloc_order+0xda/0x110\n    [\u003cffffffff85857a11\u003e] kmalloc_order_trace+0x21/0x130\n    [\u003cffffffff859c2ed1\u003e] __kmalloc+0x711/0x8a0\n    [\u003cffffffff86160189\u003e] jffs2_sum_init+0xd9/0x1a0\n    [\u003cffffffff86140e25\u003e] jffs2_do_mount_fs+0x745/0x2120\n    [\u003cffffffff86149fec\u003e] jffs2_do_fill_super+0x35c/0x810\n    [\u003cffffffff8614aae9\u003e] jffs2_fill_super+0x2b9/0x3b0\n    [...]\n--------------------------------------------\n\nThis is because the resources allocated in jffs2_sum_init() are not\nreleased. Call jffs2_sum_exit() to release these resources to solve\nthe problem.",
  "id": "GHSA-hvr9-mmhm-xx2r",
  "modified": "2025-04-14T21:32:23Z",
  "published": "2025-04-14T21:32:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49381"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/28048a4cf3813b7cf5cc8cce629dfdc7951cb1c2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3252d327f977b14663a10967f3b0930d6c325687"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4ba7bbeab8009faf3a726e565d98816593ddd5b0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4da8763a3d2b684c773b72ed80fad40bc264bc40"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/69295267c481545f636b69ff341b8db75aa136b9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c14adb1cf70a984ed081c67e9d27bc3caad9537c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cf9db013e167bc8fc2ecd7a13ed97a37df0c9dab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d3a4fff1e7e408c32649030daa7c2c42a7e19a95"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ecc53e58596542791e82eff00702f8af7a313f70"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HVV3-FJWQ-P2F6

Vulnerability from github – Published: 2025-10-07 18:31 – Updated: 2026-02-03 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (xgene) Fix ioremap and memremap leak

Smatch reports:

drivers/hwmon/xgene-hwmon.c:757 xgene_hwmon_probe() warn: 'ctx->pcc_comm_addr' from ioremap() not released on line: 757.

This is because in drivers/hwmon/xgene-hwmon.c:701 xgene_hwmon_probe(), ioremap and memremap is not released, which may cause a leak.

To fix this, ioremap and memremap is modified to devm_ioremap and devm_memremap.

[groeck: Fixed formatting and subject]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53682"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-07T16:15:52Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (xgene) Fix ioremap and memremap leak\n\nSmatch reports:\n\ndrivers/hwmon/xgene-hwmon.c:757 xgene_hwmon_probe() warn:\n\u0027ctx-\u003epcc_comm_addr\u0027 from ioremap() not released on line: 757.\n\nThis is because in drivers/hwmon/xgene-hwmon.c:701 xgene_hwmon_probe(),\nioremap and memremap is not released, which may cause a leak.\n\nTo fix this, ioremap and memremap is modified to devm_ioremap and\ndevm_memremap.\n\n[groeck: Fixed formatting and subject]",
  "id": "GHSA-hvv3-fjwq-p2f6",
  "modified": "2026-02-03T18:30:30Z",
  "published": "2025-10-07T18:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53682"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1773185a0a87006c1be78a978d9dd61aa7a33db8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/813cc94c7847ae4a17e9f744fb4dbdf7df6bd732"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9d482a09acd3d5f61a56aefc125d32c81994707b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.