CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-J8Q5-RWMR-9HG8
Vulnerability from github – Published: 2022-08-11 00:00 – Updated: 2025-11-03 21:30The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
{
"affected": [],
"aliases": [
"CVE-2021-33645"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-10T20:15:00Z",
"severity": "HIGH"
},
"details": "The th_read() function doesn\u2019t free a variable t-\u003eth_buf.gnu_longlink after allocating memory, which may cause a memory leak.",
"id": "GHSA-j8q5-rwmr-9hg8",
"modified": "2025-11-03T21:30:42Z",
"published": "2022-08-11T00:00:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33645"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00026.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC"
},
{
"type": "WEB",
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J8QJ-FRMG-5G7V
Vulnerability from github – Published: 2025-08-14 18:31 – Updated: 2025-08-14 18:31A vulnerability in the DHCP client functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to exhaust available memory.
This vulnerability is due to improper validation of incoming DHCP packets. An attacker could exploit this vulnerability by repeatedly sending crafted DHCPv4 packets to an affected device. A successful exploit could allow the attacker to exhaust available memory, which would affect availability of services and prevent new processes from starting, resulting in a Denial of Service (DoS) condition that would require a manual reboot. Note: On Cisco Secure FTD Software, this vulnerability does not affect management interfaces.
{
"affected": [],
"aliases": [
"CVE-2025-20135"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-14T17:15:34Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the DHCP client functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to exhaust available memory.\n\nThis vulnerability is due to improper validation of incoming DHCP packets. An attacker could exploit this vulnerability by repeatedly sending crafted DHCPv4 packets to an affected device. A successful exploit could allow the attacker to exhaust available memory, which would affect availability of services and prevent new processes from starting, resulting in a Denial of Service (DoS) condition that would require a manual reboot.\nNote: On Cisco Secure FTD Software, this vulnerability does not affect management interfaces.",
"id": "GHSA-j8qj-frmg-5g7v",
"modified": "2025-08-14T18:31:29Z",
"published": "2025-08-14T18:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20135"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dhcp-qj7nGs4N"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-J989-F892-2335
Vulnerability from github – Published: 2026-06-26 23:11 – Updated: 2026-06-26 23:11When providing invalid options to the wand option parser a small memory leak will occur.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-53464"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-26T23:11:25Z",
"nvd_published_at": "2026-06-10T23:16:50Z",
"severity": "MODERATE"
},
"details": "When providing invalid options to the wand option parser a small memory leak will occur.",
"id": "GHSA-j989-f892-2335",
"modified": "2026-06-26T23:11:25Z",
"published": "2026-06-26T23:11:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j989-f892-2335"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53464"
},
{
"type": "PACKAGE",
"url": "https://github.com/ImageMagick/ImageMagick"
},
{
"type": "WEB",
"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.14.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "ImageMagick: Memory Leak in wand option parser when providing invalid arguments"
}
GHSA-J98C-9XHR-MRFF
Vulnerability from github – Published: 2024-02-27 21:31 – Updated: 2024-04-10 21:30In the Linux kernel, the following vulnerability has been resolved:
media: staging/intel-ipu3: Fix memory leak in imu_fmt
We are losing the reference to an allocated memory if try. Change the order of the check to avoid that.
{
"affected": [],
"aliases": [
"CVE-2021-46944"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-27T19:04:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: staging/intel-ipu3: Fix memory leak in imu_fmt\n\nWe are losing the reference to an allocated memory if try. Change the\norder of the check to avoid that.",
"id": "GHSA-j98c-9xhr-mrff",
"modified": "2024-04-10T21:30:28Z",
"published": "2024-02-27T21:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46944"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/14d0e99c3ef6b0648535a31bf2eaabb4eff97b9e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3630901933afba1d16c462b04d569b7576339223"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/517f6f570566a863c2422b843c8b7d099474f6a9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/74ba0adb5e983503b18a96121d965cad34ac7ce3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ff792ae52005c85a2d829c153e08d99a356e007d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J9G6-83MP-8MVR
Vulnerability from github – Published: 2024-05-01 15:30 – Updated: 2024-11-06 21:30In the Linux kernel, the following vulnerability has been resolved:
media: ttpci: fix two memleaks in budget_av_attach
When saa7146_register_device and saa7146_vv_init fails, budget_av_attach should free the resources it allocates, like the error-handling of ttpci_budget_init does. Besides, there are two fixme comment refers to such deallocations.
{
"affected": [],
"aliases": [
"CVE-2024-27073"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T13:15:51Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ttpci: fix two memleaks in budget_av_attach\n\nWhen saa7146_register_device and saa7146_vv_init fails, budget_av_attach\nshould free the resources it allocates, like the error-handling of\nttpci_budget_init does. Besides, there are two fixme comment refers to\nsuch deallocations.",
"id": "GHSA-j9g6-83mp-8mvr",
"modified": "2024-11-06T21:30:54Z",
"published": "2024-05-01T15:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27073"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1597cd1a88cfcdc4bf8b1b44cd458fed9a5a5d63"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/24e51d6eb578b82ff292927f14b9f5ec05a46beb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/55ca0c7eae8499bb96f4e5d9b26af95e89c4e6a0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/656b8cc123d7635dd399d9f02594f27aa797ac3c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7393c681f9aa05ffe2385e8716989565eed2fe06"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/910363473e4bf97da3c350e08d915546dd6cc30b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/af37aed04997e644f7e1b52b696b62dcae3cc016"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d0b07f712bf61e1a3cf23c87c663791c42e50837"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JC29-447W-5F82
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c.
{
"affected": [],
"aliases": [
"CVE-2020-22056"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-02T18:15:00Z",
"severity": "MODERATE"
},
"details": "A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c.",
"id": "GHSA-jc29-447w-5f82",
"modified": "2022-05-24T19:03:51Z",
"published": "2022-05-24T19:03:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22056"
},
{
"type": "WEB",
"url": "https://trac.ffmpeg.org/ticket/8304"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JC5R-26G5-FR8W
Vulnerability from github – Published: 2025-02-20 18:31 – Updated: 2025-02-20 21:30Multiple memory leaks have been identified in the clip actions parsing functions (parseSWF_CLIPACTIONS and parseSWF_CLIPACTIONRECORD) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via a crafted SWF file.
{
"affected": [],
"aliases": [
"CVE-2025-26311"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-20T17:15:13Z",
"severity": "MODERATE"
},
"details": "Multiple memory leaks have been identified in the clip actions parsing functions (parseSWF_CLIPACTIONS and parseSWF_CLIPACTIONRECORD) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via a crafted SWF file.",
"id": "GHSA-jc5r-26g5-fr8w",
"modified": "2025-02-20T21:30:52Z",
"published": "2025-02-20T18:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26311"
},
{
"type": "WEB",
"url": "https://github.com/libming/libming/issues/329"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JCJ3-VP6R-4J69
Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-04-29 21:31In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw88: fix device leak on probe failure
Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the structures are needed after disconnect.
This driver takes a reference to the USB device during probe but does not to release it on all probe errors (e.g. when descriptor parsing fails).
Drop the redundant device reference to fix the leak, reduce cargo culting, make it easier to spot drivers where an extra reference is needed, and reduce the risk of further memory leaks.
{
"affected": [],
"aliases": [
"CVE-2026-31604"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-24T15:16:39Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix device leak on probe failure\n\nDriver core holds a reference to the USB interface and its parent USB\ndevice while the interface is bound to a driver and there is no need to\ntake additional references unless the structures are needed after\ndisconnect.\n\nThis driver takes a reference to the USB device during probe but does\nnot to release it on all probe errors (e.g. when descriptor parsing\nfails).\n\nDrop the redundant device reference to fix the leak, reduce cargo\nculting, make it easier to spot drivers where an extra reference is\nneeded, and reduce the risk of further memory leaks.",
"id": "GHSA-jcj3-vp6r-4j69",
"modified": "2026-04-29T21:31:24Z",
"published": "2026-04-24T15:32:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31604"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/25a827b7e1d5747a255bdc757f1d3e9e1e8a4e2a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/89a9c1bc7d797120bcc290864e0cb10a440a677f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a4f4371d194dfa5473cc961f86194084b1b13a69"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/af7307e96dad00bcc2675dac650d8558a52f2c6f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bbb15e71156cd9f5e1869eee7207a06ea8e96c39"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f632987306bce9242cdfcf911ee0b2c9455e05a3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JCP9-G46R-J6HH
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-10 21:31In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Fix bo leak in xe_dma_buf_init_obj() on allocation failure
When drm_gpuvm_resv_object_alloc() fails, the pre-allocated storage bo is not freed. Add xe_bo_free(storage) before returning the error.
xe_dma_buf_init_obj() calls xe_bo_init_locked(), which frees the bo on error. Therefore, xe_dma_buf_init_obj() must also free the bo on its own error paths. Otherwise, since xe_gem_prime_import() cannot distinguish whether the failure originated from xe_dma_buf_init_obj() or from xe_bo_init_locked(), it cannot safely decide whether the bo should be freed.
Add comments documenting the ownership semantics: on success, ownership of storage is transferred to the returned drm_gem_object; on failure, storage is freed before returning.
v2: Add comments to explain the free logic.
(cherry picked from commit 78a6c5f899f22338bbf48b44fb8950409c5a69b9)
{
"affected": [],
"aliases": [
"CVE-2026-46224"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:38Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix bo leak in xe_dma_buf_init_obj() on allocation failure\n\nWhen drm_gpuvm_resv_object_alloc() fails, the pre-allocated storage bo\nis not freed. Add xe_bo_free(storage) before returning the error.\n\nxe_dma_buf_init_obj() calls xe_bo_init_locked(), which frees the bo on\nerror. Therefore, xe_dma_buf_init_obj() must also free the bo on its own\nerror paths. Otherwise, since xe_gem_prime_import() cannot distinguish\nwhether the failure originated from xe_dma_buf_init_obj() or from\nxe_bo_init_locked(), it cannot safely decide whether the bo should be\nfreed.\n\nAdd comments documenting the ownership semantics: on success, ownership\nof storage is transferred to the returned drm_gem_object; on failure,\nstorage is freed before returning.\n\nv2: Add comments to explain the free logic.\n\n(cherry picked from commit 78a6c5f899f22338bbf48b44fb8950409c5a69b9)",
"id": "GHSA-jcp9-g46r-j6hh",
"modified": "2026-06-10T21:31:25Z",
"published": "2026-05-28T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46224"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8fa8c2a22585fcb31dc605b91a67bbcca223fdd7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/93a528f67ce5095bcab46a69839eca97f43dd352"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f9ad21b90162baf1d78f8036ff3813c3ec1ac88e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JCWR-3268-P643
Vulnerability from github – Published: 2025-09-23 15:31 – Updated: 2025-09-23 15:31In the Linux kernel, the following vulnerability has been resolved:
remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region
The device_node pointer is returned by of_parse_phandle() or of_get_child_by_name() with refcount incremented. We should use of_node_put() on it when done.
This function only call of_node_put(node) when of_address_to_resource succeeds, missing error cases.
{
"affected": [],
"aliases": [
"CVE-2022-49188"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:55Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region\n\nThe device_node pointer is returned by of_parse_phandle() or\nof_get_child_by_name() with refcount incremented.\nWe should use of_node_put() on it when done.\n\nThis function only call of_node_put(node) when of_address_to_resource\nsucceeds, missing error cases.",
"id": "GHSA-jcwr-3268-p643",
"modified": "2025-09-23T15:31:08Z",
"published": "2025-09-23T15:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49188"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/07a5dcc4bed9d7cae54adf5aa10ff9f037a3204b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7d988735e757e111f9722de7cf1b40a84a48b1f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b9df3007b3cda4936cc50f5a7d2d30505a652828"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bd4771ba2cf9e18473a42b5b70175e50d67a64bb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7210ca29a783c94478da02368731e4c9cf7cdb7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.