CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-MWQ4-JMCC-2CX4
Vulnerability from github – Published: 2021-05-27 15:14 – Updated: 2021-12-10 19:58A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
{
"affected": [],
"aliases": [
"CVE-2021-20193"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-26T17:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.",
"id": "GHSA-mwq4-jmcc-2cx4",
"modified": "2021-12-10T19:58:00Z",
"published": "2021-05-27T15:14:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20193"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917565"
},
{
"type": "WEB",
"url": "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777"
},
{
"type": "WEB",
"url": "https://savannah.gnu.org/bugs/?59897"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202105-29"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Out-of-bounds Read and Missing Release of Memory after Effective Lifetime in tar"
}
GHSA-MWV2-C8V8-86PX
Vulnerability from github – Published: 2022-05-24 17:12 – Updated: 2022-05-24 17:12Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory address leak vulnerability. Successful exploitation could lead to information disclosure .
{
"affected": [],
"aliases": [
"CVE-2020-3800"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-25T18:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory address leak vulnerability. Successful exploitation could lead to information disclosure .",
"id": "GHSA-mwv2-c8v8-86px",
"modified": "2022-05-24T17:12:44Z",
"published": "2022-05-24T17:12:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3800"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb20-13.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MX2C-4M76-C7R4
Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-04-24 21:31In the Linux kernel, the following vulnerability has been resolved:
nvme: fix admin queue leak on controller reset
When nvme_alloc_admin_tag_set() is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queue.
This fixes a regression introduced by commit 03b3bcd319b3 ("nvme: fix admin request_queue lifetime").
{
"affected": [],
"aliases": [
"CVE-2026-23360"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T11:16:34Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix admin queue leak on controller reset\n\nWhen nvme_alloc_admin_tag_set() is called during a controller reset,\na previous admin queue may still exist. Release it properly before\nallocating a new one to avoid orphaning the old queue.\n\nThis fixes a regression introduced by commit 03b3bcd319b3 (\"nvme: fix\nadmin request_queue lifetime\").",
"id": "GHSA-mx2c-4m76-c7r4",
"modified": "2026-04-24T21:31:57Z",
"published": "2026-03-25T12:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23360"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/089a6f17881a82c6c6e05f8564a867be0767eade"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2efbc838a26d3da72d8fe05770bdf869d4ca3ac5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/64f87b96de0e645a4c066c7cffd753f334446db6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6e28bab900e40e4d610b04f9f82e01983d8fb356"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8eb2b3cdcd9b6631b94b82c1f4f6bc32b40d942f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b84bb7bd913d8ca2f976ee6faf4a174f91c02b8d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e159eb852aeee95443a9458ecb7d072bbb689913"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MX8J-X7HF-PQ75
Vulnerability from github – Published: 2025-03-14 00:30 – Updated: 2025-03-14 00:30In the Linux kernel, the following vulnerability has been resolved:
scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req()
In pm8001_chip_fw_flash_update_build(), if pm8001_chip_fw_flash_update_build() fails, the struct fw_control_ex allocated must be freed.
{
"affected": [],
"aliases": [
"CVE-2022-49119"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:49Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req()\n\nIn pm8001_chip_fw_flash_update_build(), if\npm8001_chip_fw_flash_update_build() fails, the struct fw_control_ex\nallocated must be freed.",
"id": "GHSA-mx8j-x7hf-pq75",
"modified": "2025-03-14T00:30:50Z",
"published": "2025-03-14T00:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49119"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a25ed5f21f94f9ae4bcc8dd747e978668890c921"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d83574666bac4b1462e90df393fbed6c5f57d1a3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e5ecdb01952f230921aa8163d8d7f4c97c925ed8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f792a3629f4c4aa4c3703d66b43ce1edcc3ec09a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fe5b8ea5583b5c3f6f68e06acba50387edf3b5d5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MXQF-2H29-G694
Vulnerability from github – Published: 2026-02-04 18:30 – Updated: 2026-03-18 18:31In the Linux kernel, the following vulnerability has been resolved:
can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak
Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak").
In usb_8dev_open() -> usb_8dev_start(), the URBs for USB-in transfers are allocated, added to the priv->rx_submitted anchor and submitted. In the complete callback usb_8dev_read_bulk_callback(), the URBs are processed and resubmitted. In usb_8dev_close() -> unlink_all_urbs() the URBs are freed by calling usb_kill_anchored_urbs(&priv->rx_submitted).
However, this does not take into account that the USB framework unanchors the URB before the complete function is called. This means that once an in-URB has been completed, it is no longer anchored and is ultimately not released in usb_kill_anchored_urbs().
Fix the memory leak by anchoring the URB in the usb_8dev_read_bulk_callback() to the priv->rx_submitted anchor.
{
"affected": [],
"aliases": [
"CVE-2026-23108"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-04T17:16:21Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak\n\nFix similar memory leak as in commit 7352e1d5932a (\"can: gs_usb:\ngs_usb_receive_bulk_callback(): fix URB memory leak\").\n\nIn usb_8dev_open() -\u003e usb_8dev_start(), the URBs for USB-in transfers are\nallocated, added to the priv-\u003erx_submitted anchor and submitted. In the\ncomplete callback usb_8dev_read_bulk_callback(), the URBs are processed and\nresubmitted. In usb_8dev_close() -\u003e unlink_all_urbs() the URBs are freed by\ncalling usb_kill_anchored_urbs(\u0026priv-\u003erx_submitted).\n\nHowever, this does not take into account that the USB framework unanchors\nthe URB before the complete function is called. This means that once an\nin-URB has been completed, it is no longer anchored and is ultimately not\nreleased in usb_kill_anchored_urbs().\n\nFix the memory leak by anchoring the URB in the\nusb_8dev_read_bulk_callback() to the priv-\u003erx_submitted anchor.",
"id": "GHSA-mxqf-2h29-g694",
"modified": "2026-03-18T18:31:11Z",
"published": "2026-02-04T18:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23108"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/07e9373739c6388af9d99797cdb2e79dbbcbe92b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/59ff56992bba28051ad67cd8cc7b0edfe7280796"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/60719661b4cbd7ffbed1a0e0fa3bbc82d8bd2be9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ea4a98e924164586066b39f29bfcc7cc9da108cd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ef6e608e5ee71eca0cd3475c737e684cef24f240"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7a980b3b8f80fe367f679da376cf76e800f9480"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/feb8243eaea7efd5279b19667d7189fd8654c87a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MXRC-PW88-9MFJ
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-28 00:00Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
{
"affected": [],
"aliases": [
"CVE-2021-22173"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-17T15:15:00Z",
"severity": "HIGH"
},
"details": "Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file",
"id": "GHSA-mxrc-pw88-9mfj",
"modified": "2022-05-28T00:00:24Z",
"published": "2022-05-24T17:42:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22173"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22173.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17124"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-21"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2021-01.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MXVM-WQQJ-9W63
Vulnerability from github – Published: 2022-08-26 00:03 – Updated: 2022-09-01 00:00There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' to release the return value of 'xmlGetProp()'.
{
"affected": [],
"aliases": [
"CVE-2021-42522"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-25T18:15:00Z",
"severity": "HIGH"
},
"details": "There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call \u0027g_free()\u0027 to release the return value of \u0027xmlGetProp()\u0027.",
"id": "GHSA-mxvm-wqqj-9w63",
"modified": "2022-09-01T00:00:23Z",
"published": "2022-08-26T00:03:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42522"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/anjuta/-/issues/12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MXXX-554W-HPP3
Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22On BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, when processing certain SNMP requests with a request-id of 0, the snmpd process may leak a small amount of memory.
{
"affected": [],
"aliases": [
"CVE-2019-6606"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-28T21:29:00Z",
"severity": "MODERATE"
},
"details": "On BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, when processing certain SNMP requests with a request-id of 0, the snmpd process may leak a small amount of memory.",
"id": "GHSA-mxxx-554w-hpp3",
"modified": "2022-05-13T01:22:45Z",
"published": "2022-05-13T01:22:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6606"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K35209601"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107636"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-P267-6P34-QMHJ
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-04 18:31In the Linux kernel, the following vulnerability has been resolved:
tipc: fix memory leak in tipc_link_xmit
In case the backlog transmit queue for system-importance messages is overloaded, tipc_link_xmit() returns -ENOBUFS but the skb list is not purged. This leads to memory leak and failure when a skb is allocated.
This commit fixes this issue by purging the skb list before tipc_link_xmit() returns.
{
"affected": [],
"aliases": [
"CVE-2025-37757"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T13:15:54Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix memory leak in tipc_link_xmit\n\nIn case the backlog transmit queue for system-importance messages is overloaded,\ntipc_link_xmit() returns -ENOBUFS but the skb list is not purged. This leads to\nmemory leak and failure when a skb is allocated.\n\nThis commit fixes this issue by purging the skb list before tipc_link_xmit()\nreturns.",
"id": "GHSA-p267-6p34-qmhj",
"modified": "2025-11-04T18:31:33Z",
"published": "2025-05-01T15:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37757"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/09c2dcda2c551bba30710c33f6ac678ae7395389"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/24e6280cdd7f8d01fc6b9b365fb800c2fb7ea9bb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/69ae94725f4fc9e75219d2d69022029c5b24bc9a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7c5957f7905b4aede9d7a559d271438f3ca9e852"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/84895f5ce3829d9fc030e5ec2d8729da4c0c9d08"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a40cbfbb8f95c325430f017883da669b2aa927d4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d0e02d3d27a0b4dcb13f954f537ca1dd8f282dcf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d4d40e437adb376be16b3a12dd5c63f0fa768247"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ed06675d3b8cd37120b447646d53f7cd3e6fcd63"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P299-525G-4H76
Vulnerability from github – Published: 2024-11-09 12:30 – Updated: 2024-11-13 18:31In the Linux kernel, the following vulnerability has been resolved:
drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic()
modprobe drm_hdmi_state_helper_test and then rmmod it, the following memory leak occurs.
The mode allocated in drm_mode_duplicate() called by
drm_display_mode_from_cea_vic() is not freed, which cause the memory leak:
unreferenced object 0xffffff80ccd18100 (size 128):
comm "kunit_try_catch", pid 1851, jiffies 4295059695
hex dump (first 32 bytes):
57 62 00 00 80 02 90 02 f0 02 20 03 00 00 e0 01 Wb........ .....
ea 01 ec 01 0d 02 00 00 0a 00 00 00 00 00 00 00 ................
backtrace (crc c2f1aa95):
[<000000000f10b11b>] kmemleak_alloc+0x34/0x40
[<000000001cd4cf73>] __kmalloc_cache_noprof+0x26c/0x2f4
[<00000000f1f3cffa>] drm_mode_duplicate+0x44/0x19c
[<000000008cbeef13>] drm_display_mode_from_cea_vic+0x88/0x98
[<0000000019daaacf>] 0xffffffedc11ae69c
[<000000000aad0f85>] kunit_try_run_case+0x13c/0x3ac
[<00000000a9210bac>] kunit_generic_run_threadfn_adapter+0x80/0xec
[<000000000a0b2e9e>] kthread+0x2e8/0x374
[<00000000bd668858>] ret_from_fork+0x10/0x20
......
Free mode by using drm_kunit_display_mode_from_cea_vic()
to fix it.
{
"affected": [],
"aliases": [
"CVE-2024-50213"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-09T11:15:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic()\n\nmodprobe drm_hdmi_state_helper_test and then rmmod it, the following\nmemory leak occurs.\n\nThe `mode` allocated in drm_mode_duplicate() called by\ndrm_display_mode_from_cea_vic() is not freed, which cause the memory leak:\n\n\tunreferenced object 0xffffff80ccd18100 (size 128):\n\t comm \"kunit_try_catch\", pid 1851, jiffies 4295059695\n\t hex dump (first 32 bytes):\n\t 57 62 00 00 80 02 90 02 f0 02 20 03 00 00 e0 01 Wb........ .....\n\t ea 01 ec 01 0d 02 00 00 0a 00 00 00 00 00 00 00 ................\n\t backtrace (crc c2f1aa95):\n\t [\u003c000000000f10b11b\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c000000001cd4cf73\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c00000000f1f3cffa\u003e] drm_mode_duplicate+0x44/0x19c\n\t [\u003c000000008cbeef13\u003e] drm_display_mode_from_cea_vic+0x88/0x98\n\t [\u003c0000000019daaacf\u003e] 0xffffffedc11ae69c\n\t [\u003c000000000aad0f85\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c00000000a9210bac\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c000000000a0b2e9e\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000bd668858\u003e] ret_from_fork+0x10/0x20\n\t......\n\nFree `mode` by using drm_kunit_display_mode_from_cea_vic()\nto fix it.",
"id": "GHSA-p299-525g-4h76",
"modified": "2024-11-13T18:31:53Z",
"published": "2024-11-09T12:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50213"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3bc3fae8a0f22e0e713729b50e2111f6a8c64724"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/add4163aca0d4a86e9fe4aa513865e4237db8aef"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.