CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-J6X7-7G72-8WW2
Vulnerability from github – Published: 2023-08-08 06:30 – Updated: 2023-11-30 21:30ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.
{
"affected": [],
"aliases": [
"CVE-2023-39978"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-08T06:15:47Z",
"severity": "LOW"
},
"details": "ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.",
"id": "GHSA-j6x7-7g72-8ww2",
"modified": "2023-11-30T21:30:26Z",
"published": "2023-08-08T06:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39978"
},
{
"type": "WEB",
"url": "https://github.com/rmagick/rmagick/pull/1406/files"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick6/commit/c90e79b3b22fec309cab55af2ee606f71b027b12"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick6/compare/6.9.12-90...6.9.12-91"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J74C-XXGV-3M4R
Vulnerability from github – Published: 2022-11-11 19:00 – Updated: 2022-11-17 18:30Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access.
{
"affected": [],
"aliases": [
"CVE-2022-29515"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-11T16:15:00Z",
"severity": "MODERATE"
},
"details": "Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access.",
"id": "GHSA-j74c-xxgv-3m4r",
"modified": "2022-11-17T18:30:30Z",
"published": "2022-11-11T19:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29515"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J793-R5PF-7W34
Vulnerability from github – Published: 2025-04-17 21:30 – Updated: 2025-04-17 21:30In the Linux kernel, the following vulnerability has been resolved:
ext4: fix memory leak in parse_apply_sb_mount_options()
If processing the on-disk mount options fails after any memory was allocated in the ext4_fs_context, e.g. s_qf_names, then this memory is leaked. Fix this by calling ext4_fc_free() instead of kfree() directly.
Reproducer:
mkfs.ext4 -F /dev/vdc
tune2fs /dev/vdc -E mount_opts=usrjquota=file
echo clear > /sys/kernel/debug/kmemleak
mount /dev/vdc /vdc
echo scan > /sys/kernel/debug/kmemleak
sleep 5
echo scan > /sys/kernel/debug/kmemleak
cat /sys/kernel/debug/kmemleak
{
"affected": [],
"aliases": [
"CVE-2022-49408"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:17Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix memory leak in parse_apply_sb_mount_options()\n\nIf processing the on-disk mount options fails after any memory was\nallocated in the ext4_fs_context, e.g. s_qf_names, then this memory is\nleaked. Fix this by calling ext4_fc_free() instead of kfree() directly.\n\nReproducer:\n\n mkfs.ext4 -F /dev/vdc\n tune2fs /dev/vdc -E mount_opts=usrjquota=file\n echo clear \u003e /sys/kernel/debug/kmemleak\n mount /dev/vdc /vdc\n echo scan \u003e /sys/kernel/debug/kmemleak\n sleep 5\n echo scan \u003e /sys/kernel/debug/kmemleak\n cat /sys/kernel/debug/kmemleak",
"id": "GHSA-j793-r5pf-7w34",
"modified": "2025-04-17T21:30:44Z",
"published": "2025-04-17T21:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49408"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9ea3e6168948189cec31d0678d2b55b395f88491"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c069db76ed7b681c69159f44be96d2137e9ca989"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f92ded66e9d0aa20b883a2a5183973abc8f41815"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J7QM-9792-FVR5
Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-04-28 18:30In the Linux kernel, the following vulnerability has been resolved:
HID: apple: avoid memory leak in apple_report_fixup()
The apple_report_fixup() function was returning a newly kmemdup()-allocated buffer, but never freeing it.
The caller of report_fixup() does not take ownership of the returned pointer, but it is permitted to return a sub-portion of the input rdesc, whose lifetime is managed by the caller.
{
"affected": [],
"aliases": [
"CVE-2026-31520"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T14:16:51Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: apple: avoid memory leak in apple_report_fixup()\n\nThe apple_report_fixup() function was returning a\nnewly kmemdup()-allocated buffer, but never freeing it.\n\nThe caller of report_fixup() does not take ownership of the returned\npointer, but it *is* permitted to return a sub-portion of the input\nrdesc, whose lifetime is managed by the caller.",
"id": "GHSA-j7qm-9792-fvr5",
"modified": "2026-04-28T18:30:29Z",
"published": "2026-04-22T15:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31520"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/239c15116d80f67d32f00acc34575f1a6b699613"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2635d0c715f3fb177e0f80ecd5fa48feb6bf3884"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/31860c3f7ac66ab897a8c90dc4e74fa17ca0b624"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/be1a341c161430282acdfe2ac99b413271575cf1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e2f090aeb7b9930a964e151910f4d45b04c8a7e5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e652ebd29928181c3e6820e303da25873e9917d4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J7W3-JHCQ-FRVR
Vulnerability from github – Published: 2024-07-29 15:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
ibmvnic: Add tx check to prevent skb leak
Below is a summary of how the driver stores a reference to an skb during transmit: tx_buff[free_map[consumer_index]]->skb = new_skb; free_map[consumer_index] = IBMVNIC_INVALID_MAP; consumer_index ++; Where variable data looks like this: free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3] consumer_index^ tx_buff == [skb=null, skb=, skb=, skb=null, skb=null]
The driver has checks to ensure that free_map[consumer_index] pointed to a valid index but there was no check to ensure that this index pointed to an unused/null skb address. So, if, by some chance, our free_map and tx_buff lists become out of sync then we were previously risking an skb memory leak. This could then cause tcp congestion control to stop sending packets, eventually leading to ETIMEDOUT.
Therefore, add a conditional to ensure that the skb address is null. If not then warn the user (because this is still a bug that should be patched) and free the old pointer to prevent memleak/tcp problems.
{
"affected": [],
"aliases": [
"CVE-2024-41066"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-29T15:15:14Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Add tx check to prevent skb leak\n\nBelow is a summary of how the driver stores a reference to an skb during\ntransmit:\n tx_buff[free_map[consumer_index]]-\u003eskb = new_skb;\n free_map[consumer_index] = IBMVNIC_INVALID_MAP;\n consumer_index ++;\nWhere variable data looks like this:\n free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3]\n \tconsumer_index^\n tx_buff == [skb=null, skb=\u003cptr\u003e, skb=\u003cptr\u003e, skb=null, skb=null]\n\nThe driver has checks to ensure that free_map[consumer_index] pointed to\na valid index but there was no check to ensure that this index pointed\nto an unused/null skb address. So, if, by some chance, our free_map and\ntx_buff lists become out of sync then we were previously risking an\nskb memory leak. This could then cause tcp congestion control to stop\nsending packets, eventually leading to ETIMEDOUT.\n\nTherefore, add a conditional to ensure that the skb address is null. If\nnot then warn the user (because this is still a bug that should be\npatched) and free the old pointer to prevent memleak/tcp problems.",
"id": "GHSA-j7w3-jhcq-frvr",
"modified": "2025-11-04T00:31:01Z",
"published": "2024-07-29T15:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41066"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0983d288caf984de0202c66641577b739caad561"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/16ad1557cae582e79bb82dddd612d9bdfaa11d4c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/267c61c4afed0ff9a2e83462abad3f41d8ca1f06"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e7b75def33eae61ddaad6cb616c517dc3882eb2a"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J7WW-Q9C4-9HXG
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-16 03:30In the Linux kernel, the following vulnerability has been resolved:
crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()
The starfive_aes_aead_do_one_req() function allocates rctx->adata with kzalloc() but fails to free it if sg_copy_to_buffer() or starfive_aes_hw_init() fails, which lead to memory leaks.
Since rctx->adata is unconditionally freed after the write_adata operations, ensure consistent cleanup by freeing the allocation in these earlier error paths as well.
Compile tested only. Issue found using a prototype static analysis tool and code review.
{
"affected": [],
"aliases": [
"CVE-2026-45950"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:11Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()\n\nThe starfive_aes_aead_do_one_req() function allocates rctx-\u003eadata with\nkzalloc() but fails to free it if sg_copy_to_buffer() or\nstarfive_aes_hw_init() fails, which lead to memory leaks.\n\nSince rctx-\u003eadata is unconditionally freed after the write_adata\noperations, ensure consistent cleanup by freeing the allocation in these\nearlier error paths as well.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review.",
"id": "GHSA-j7ww-q9c4-9hxg",
"modified": "2026-06-16T03:30:32Z",
"published": "2026-05-27T15:33:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45950"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/38d80307decc1132626a30e2a62af734630ecca5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4869d0e4e48a5301b267d359b2561c4080791a55"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5f2c964a058581e1557c32d5de651c67a80438a7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ccb679fdae2e62ed92fd9acb25ed809c0226fcc6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J8CP-H624-V86V
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-31 21:30In the Linux kernel, the following vulnerability has been resolved:
phy: mdio: fix memory leak
Syzbot reported memory leak in MDIO bus interface, the problem was in wrong state logic.
MDIOBUS_ALLOCATED indicates 2 states: 1. Bus is only allocated 2. Bus allocated and __mdiobus_register() fails, but device_register() was called
In case of device_register() has been called we should call put_device() to correctly free the memory allocated for this device, but mdiobus_free() calls just kfree(dev) in case of MDIOBUS_ALLOCATED state
To avoid this behaviour we need to set bus->state to MDIOBUS_UNREGISTERED before calling device_register(), because put_device() should be called even in case of device_register() failure.
{
"affected": [],
"aliases": [
"CVE-2021-47416"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: mdio: fix memory leak\n\nSyzbot reported memory leak in MDIO bus interface, the problem was in\nwrong state logic.\n\nMDIOBUS_ALLOCATED indicates 2 states:\n\t1. Bus is only allocated\n\t2. Bus allocated and __mdiobus_register() fails, but\n\t device_register() was called\n\nIn case of device_register() has been called we should call put_device()\nto correctly free the memory allocated for this device, but mdiobus_free()\ncalls just kfree(dev) in case of MDIOBUS_ALLOCATED state\n\nTo avoid this behaviour we need to set bus-\u003estate to MDIOBUS_UNREGISTERED\n_before_ calling device_register(), because put_device() should be\ncalled even in case of device_register() failure.",
"id": "GHSA-j8cp-h624-v86v",
"modified": "2024-12-31T21:30:44Z",
"published": "2024-05-21T15:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47416"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/064c2616234a7394867c924b5c1303974f3a4f4d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0d2dd40a7be61b89a7c99dae8ee96389d27b413a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2250392d930bd0d989f24d355d6355b0150256e7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2397b9e118721292429fea8807a698e71b94795f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/25e9f88c7e3cc35f5e3d3db199660d28a15df639"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/414bb4ead1362ef2c8592db723c017258f213988"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca6e11c337daf7925ff8a2aac8e84490a8691905"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f4f502a04ee1e543825af78f47eb7785015cd9f6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J8FR-J6MP-3J67
Vulnerability from github – Published: 2025-10-15 15:30 – Updated: 2025-10-15 15:30When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2025-61974"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-15T14:15:57Z",
"severity": "HIGH"
},
"details": "When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-j8fr-j6mp-3j67",
"modified": "2025-10-15T15:30:29Z",
"published": "2025-10-15T15:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61974"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000156733"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J8FX-M4JH-F28M
Vulnerability from github – Published: 2024-04-28 15:30 – Updated: 2025-01-07 18:30In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()
It seems to me that percpu memory for chain stats started leaking since commit 3bc158f8d0330f0a ("netfilter: nf_tables: map basechain priority to hardware priority") when nft_chain_offload_priority() returned an error.
{
"affected": [],
"aliases": [
"CVE-2022-48642"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-28T13:15:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()\n\nIt seems to me that percpu memory for chain stats started leaking since\ncommit 3bc158f8d0330f0a (\"netfilter: nf_tables: map basechain priority to\nhardware priority\") when nft_chain_offload_priority() returned an error.",
"id": "GHSA-j8fx-m4jh-f28m",
"modified": "2025-01-07T18:30:42Z",
"published": "2024-04-28T15:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48642"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/08d7524f366a886b99b1630a24a27dd6e0d7f852"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/985b031667c3177b9e7fb9787b989628e4271714"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9a4d6dd554b86e65581ef6b6638a39ae079b17ac"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b043a525a3f5520abb676a7cd8f6328fdf959e88"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J8M4-XWQW-4XQW
Vulnerability from github – Published: 2025-10-07 18:31 – Updated: 2026-02-04 18:30In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue()
If construction of the array of work queues to handle hpd_rx_irq offload work fails, we need to unwind. Destroy all the created workqueues and the allocated memory for the hpd_rx_irq_offload_work_queue struct array.
{
"affected": [],
"aliases": [
"CVE-2022-50515"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-07T16:15:35Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue()\n\nIf construction of the array of work queues to handle hpd_rx_irq offload\nwork fails, we need to unwind. Destroy all the created workqueues and\nthe allocated memory for the hpd_rx_irq_offload_work_queue struct array.",
"id": "GHSA-j8m4-xwqw-4xqw",
"modified": "2026-02-04T18:30:19Z",
"published": "2025-10-07T18:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50515"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3ba3814c00a4817eb1cd31eff08d921c40e5f3a4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/600de40ed50c8b5ecb9c7a4f41eb882066c15a00"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7136f956c73c4ba50bfeb61653dfd6a9669ea915"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8b8da09da2701330e7f2c371655887e3d7defe90"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.