CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-HW33-JPQX-4VV6
Vulnerability from github – Published: 2026-01-31 12:30 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
dmaengine: dw: dmamux: fix OF node leak on route allocation failure
Make sure to drop the reference taken to the DMA master OF node also on late route allocation failures.
{
"affected": [],
"aliases": [
"CVE-2025-71189"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-31T12:16:04Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: dw: dmamux: fix OF node leak on route allocation failure\n\nMake sure to drop the reference taken to the DMA master OF node also on\nlate route allocation failures.",
"id": "GHSA-hw33-jpqx-4vv6",
"modified": "2026-07-14T15:31:39Z",
"published": "2026-01-31T12:30:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71189"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6b87288581a0fcbe54b39da5c10e1aee2df8776e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8f7a391211381ed2f6802032c78c7820d166bc49"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/db7c79c1bbfb1b0184e78a17ac2bd0f2bc3134d1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eabe40f8a53c29f531e92778ea243e379f4f7978"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ec25e60f9f95464aa11411db31d0906b3fb7b9f2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HW5C-J7V3-VV8G
Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-11 15:30In the Linux kernel, the following vulnerability has been resolved:
USB: isp116x: fix memory leak with using debugfs_lookup()
When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.
{
"affected": [],
"aliases": [
"CVE-2023-53413"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T14:15:44Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: isp116x: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time. To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once.",
"id": "GHSA-hw5c-j7v3-vv8g",
"modified": "2025-12-11T15:30:30Z",
"published": "2025-09-18T15:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53413"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/542a99cd6eadfb543bf190431c3fb520f3da0bbc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6f12097467ea1ef57f29dd29c1d082e4752cef37"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a60b4902a626dda08a31d9cf89ccce11bef8dd33"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a95f62d5813facbec20ec087472eb313ee5fa8af"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HW5F-Q2PP-Q95M
Vulnerability from github – Published: 2025-10-23 18:31 – Updated: 2025-10-23 18:31FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.
{
"affected": [],
"aliases": [
"CVE-2025-50949"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-23T16:15:49Z",
"severity": "MODERATE"
},
"details": "FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.",
"id": "GHSA-hw5f-q2pp-q95m",
"modified": "2025-10-23T18:31:14Z",
"published": "2025-10-23T18:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50949"
},
{
"type": "WEB",
"url": "https://github.com/fontforge/fontforge/pull/5491"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HW78-GPFH-VW3Q
Vulnerability from github – Published: 2024-07-11 18:31 – Updated: 2024-10-03 00:30A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS).
Consumed memory can be freed by manually restarting Routing Protocol Daemon (rpd).
Memory utilization could be monitored by: user@host> show system memory or show system monitor memory status
This issue affects:
Junos OS: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S8,
- from 22.2 before 22.2R3-S4,
- from 22.3 before 22.3R3-S3,
- from 22.4 before 22.4R3-S3,
- from 23.2 before 23.2R2-S1,
- from 23.4 before 23.4R1-S2, 23.4R2,
- from 24.2 before 24.2R2-EVO.
Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4 before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S3-EVO,
- from 23.2 before 23.2R2-S1-EVO,
- from 23.4 before 23.4R1-S2, 23.4R2,
- from 24.2 before 24.2R2-EVO.
{
"affected": [],
"aliases": [
"CVE-2024-39549"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-11T17:15:15Z",
"severity": "HIGH"
},
"details": "A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of\u00a0Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS).\n\nConsumed memory can be freed by manually restarting Routing Protocol Daemon (rpd).\n\nMemory utilization could be monitored by:\u00a0\nuser@host\u003e show system memory or show system monitor memory status\n\nThis issue affects:\n\nJunos OS:\u00a0 * All versions before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S8,\n\n * from 22.2 before 22.2R3-S4,\u00a0\n * from 22.3 before 22.3R3-S3,\u00a0\n * from 22.4 before 22.4R3-S3,\n * from 23.2 before 23.2R2-S1,\u00a0\n * from 23.4 before 23.4R1-S2, 23.4R2,\n * from 24.2 before\u00a024.2R2-EVO.\n\n\nJunos OS Evolved:\n * All versions before 21.2R3-S8-EVO, \n * from 21.4 before 21.4R3-S8-EVO,\n * from 22.2 before 22.2R3-S4-EVO, \n * from 22.3 before 22.3R3-S3-EVO, \n * from 22.4 before 22.4R3-S3-EVO,\n\n * from 23.2 before 23.2R2-S1-EVO, \n * from 23.4 before 23.4R1-S2, 23.4R2,\n * from 24.2 before 24.2R2-EVO.",
"id": "GHSA-hw78-gpfh-vw3q",
"modified": "2024-10-03T00:30:40Z",
"published": "2024-07-11T18:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39549"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA83011"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-HX96-C38Q-F7WG
Vulnerability from github – Published: 2025-05-09 09:33 – Updated: 2025-11-12 21:31In the Linux kernel, the following vulnerability has been resolved:
net: ngbe: fix memory leak in ngbe_probe() error path
When ngbe_sw_init() is called, memory is allocated for wx->rss_key in wx_init_rss_key(). However, in ngbe_probe() function, the subsequent error paths after ngbe_sw_init() don't free the rss_key. Fix that by freeing it in error path along with wx->mac_table.
Also change the label to which execution jumps when ngbe_sw_init() fails, because otherwise, it could lead to a double free for rss_key, when the mac_table allocation fails in wx_sw_init().
{
"affected": [],
"aliases": [
"CVE-2025-37874"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-09T07:16:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ngbe: fix memory leak in ngbe_probe() error path\n\nWhen ngbe_sw_init() is called, memory is allocated for wx-\u003erss_key\nin wx_init_rss_key(). However, in ngbe_probe() function, the subsequent\nerror paths after ngbe_sw_init() don\u0027t free the rss_key. Fix that by\nfreeing it in error path along with wx-\u003emac_table.\n\nAlso change the label to which execution jumps when ngbe_sw_init()\nfails, because otherwise, it could lead to a double free for rss_key,\nwhen the mac_table allocation fails in wx_sw_init().",
"id": "GHSA-hx96-c38q-f7wg",
"modified": "2025-11-12T21:31:03Z",
"published": "2025-05-09T09:33:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37874"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/397487338eff1891c4654ce7deaafbf72a1688b2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7c2b66a31c7a4866400f7e6fb43cb32021bfca01"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8335a3feb9d0d97e5e8f76d38b6bb8573d5b4a29"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/88fa80021b77732bc98f73fb69d69c7cc37b9f0d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HX98-Q4R6-MGCV
Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-21 18:33In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path
nfqnl_recv_verdict() calls find_dequeue_entry() to remove the queue entry from the queue data structures, taking ownership of the entry. For PF_BRIDGE packets, it then calls nfqa_parse_bridge() to parse VLAN attributes. If nfqa_parse_bridge() returns an error (e.g. NFQA_VLAN present but NFQA_VLAN_TCI missing), the function returns immediately without freeing the dequeued entry or its sk_buff.
This leaks the nf_queue_entry, its associated sk_buff, and all held references (net_device refcounts, struct net refcount). Repeated triggering exhausts kernel memory.
Fix this by dropping the entry via nfqnl_reinject() with NF_DROP verdict on the error path, consistent with other error handling in this file.
{
"affected": [],
"aliases": [
"CVE-2026-43451"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T15:16:57Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_queue: fix entry leak in bridge verdict error path\n\nnfqnl_recv_verdict() calls find_dequeue_entry() to remove the queue\nentry from the queue data structures, taking ownership of the entry.\nFor PF_BRIDGE packets, it then calls nfqa_parse_bridge() to parse VLAN\nattributes. If nfqa_parse_bridge() returns an error (e.g. NFQA_VLAN\npresent but NFQA_VLAN_TCI missing), the function returns immediately\nwithout freeing the dequeued entry or its sk_buff.\n\nThis leaks the nf_queue_entry, its associated sk_buff, and all held\nreferences (net_device refcounts, struct net refcount). Repeated\ntriggering exhausts kernel memory.\n\nFix this by dropping the entry via nfqnl_reinject() with NF_DROP verdict\non the error path, consistent with other error handling in this file.",
"id": "GHSA-hx98-q4r6-mgcv",
"modified": "2026-05-21T18:33:06Z",
"published": "2026-05-08T15:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43451"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b18d1b834ab5a5009be70b530f978d7989e445b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/208669df703a25a601f45822b10c413f258bf275"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/47b1c5d1b0944aa88299f55a846fabaefc756982"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9853d94b82d303fc4ac37d592a23a154096ecd41"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a907bea273b60d3e604ec4e8e1f6c49954805794"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b38d2b4603fd3dda24eb8b3dd81c18a0930be97b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cf4a4df38d1747e06fc54f9879bd7a6f4178032f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f1ba83755d81c6fc66ac7acd723d238f974091e9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HXCX-W659-FRW9
Vulnerability from github – Published: 2024-05-19 09:34 – Updated: 2025-09-23 15:31In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: rfi: fix potential response leaks
If the rx payload length check fails, or if kmemdup() fails, we still need to free the command response. Fix that.
{
"affected": [],
"aliases": [
"CVE-2024-35912"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-19T09:15:11Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: rfi: fix potential response leaks\n\nIf the rx payload length check fails, or if kmemdup() fails,\nwe still need to free the command response. Fix that.",
"id": "GHSA-hxcx-w659-frw9",
"modified": "2025-09-23T15:31:04Z",
"published": "2024-05-19T09:34:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35912"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/06a093807eb7b5c5b29b6cff49f8174a4e702341"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/28db0ae86cb91a4ab0e855cff779daead936b7d5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/99a75d75007421d8e08ba139e24f77395cd08f62"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c0a40f2f8eba07416f695ffe2011bf3f8b0b6dc8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7f0e784894dfcb265f0f9fa499103b0ca7eabde"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HXGV-F94V-H963
Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2024-03-21 03:33A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e.
{
"affected": [],
"aliases": [
"CVE-2019-19065"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-18T06:15:00Z",
"severity": "HIGH"
},
"details": "A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e.",
"id": "GHSA-hxgv-f94v-h963",
"modified": "2024-03-21T03:33:48Z",
"published": "2022-05-24T17:01:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19065"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/34b3be18a04ecdc610aae4c48e5d1b799d8689f6"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4208-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4210-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4226-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HXJ4-885F-GRGP
Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2024-02-22 01:45A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.wildfly.openssl:wildfly-openssl-natives-parent"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.3.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-25644"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-13T23:13:57Z",
"nvd_published_at": "2020-10-06T14:15:00Z",
"severity": "HIGH"
},
"details": "A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"id": "GHSA-hxj4-885f-grgp",
"modified": "2024-02-22T01:45:33Z",
"published": "2022-05-24T17:30:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25644"
},
{
"type": "WEB",
"url": "https://github.com/wildfly-security/wildfly-openssl-natives/pull/4"
},
{
"type": "WEB",
"url": "https://github.com/wildfly-security/wildfly-openssl-natives/pull/4/files"
},
{
"type": "WEB",
"url": "https://github.com/wildfly-security/wildfly-openssl-natives/commit/7c26514676f3fb0dee0bcaa7d4680f982372950f"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485"
},
{
"type": "PACKAGE",
"url": "https://github.com/wildfly-security/wildfly-openssl-natives"
},
{
"type": "WEB",
"url": "https://issues.redhat.com/browse/WFSSL-51"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20201016-0004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Wildfly-OpenSSL memory leak flaw"
}
GHSA-HXRF-6739-FV3G
Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-03-25 21:30In the Linux kernel, the following vulnerability has been resolved:
ASoC: stm32: sai: fix OF node leak on probe
The reference taken to the sync provider OF node when probing the platform device is currently only dropped if the set_sync() callback fails during DAI probe.
Make sure to drop the reference on platform probe failures (e.g. probe deferral) and on driver unbind.
This also avoids a potential use-after-free in case the DAI is ever reprobed without first rebinding the platform driver.
{
"affected": [],
"aliases": [
"CVE-2025-71081"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T16:16:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: stm32: sai: fix OF node leak on probe\n\nThe reference taken to the sync provider OF node when probing the\nplatform device is currently only dropped if the set_sync() callback\nfails during DAI probe.\n\nMake sure to drop the reference on platform probe failures (e.g. probe\ndeferral) and on driver unbind.\n\nThis also avoids a potential use-after-free in case the DAI is ever\nreprobed without first rebinding the platform driver.",
"id": "GHSA-hxrf-6739-fv3g",
"modified": "2026-03-25T21:30:21Z",
"published": "2026-01-13T18:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71081"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/23261f0de09427367e99f39f588e31e2856a690e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3752afcc6d80d5525e236e329895ba2cb93bcb26"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4054a3597d047f3fe87864ef87f399b5d523e6c0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7daa50a2157e41c964b745ab1dc378b5b3b626d1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/acda653169e180b1d860dbb6bc5aceb105858394"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bae74771fc5d3b2a9cf6f5aa64596083d032c4a3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.