Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-Q775-QV8G-9C7H

Vulnerability from github – Published: 2022-09-17 00:00 – Updated: 2022-09-22 00:00
VLAI
Details

The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-39004"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-16T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.",
  "id": "GHSA-q775-qv8g-9c7h",
  "modified": "2022-09-22T00:00:31Z",
  "published": "2022-09-17T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39004"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2022/9"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q7C3-MRWP-RR4G

Vulnerability from github – Published: 2026-01-23 15:31 – Updated: 2026-02-26 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: Fix memory leak in get_file_all_info()

In get_file_all_info(), if vfs_getattr() fails, the function returns immediately without freeing the allocated filename, leading to a memory leak.

Fix this by freeing the filename before returning in this error case.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-71153"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-23T15:16:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Fix memory leak in get_file_all_info()\n\nIn get_file_all_info(), if vfs_getattr() fails, the function returns\nimmediately without freeing the allocated filename, leading to a memory\nleak.\n\nFix this by freeing the filename before returning in this error case.",
  "id": "GHSA-q7c3-mrwp-rr4g",
  "modified": "2026-02-26T21:31:26Z",
  "published": "2026-01-23T15:31:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71153"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0c56693b06a68476ba113db6347e7897475f9e4c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5012b4c812230ae066902a00442708c999111183"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/676907004256e0226c7ed3691db9f431404ca258"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d026f47db68638521df8543535ef863814fb01b1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q7F5-6Q4V-P39V

Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2024-10-24 06:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods

In m_can_pci_remove() and error handling path of m_can_pci_probe(), m_can_class_free_dev() should be called to free resource allocated by m_can_class_allocate_dev(), otherwise there will be memleak.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49024"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T20:15:13Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods\n\nIn m_can_pci_remove() and error handling path of m_can_pci_probe(),\nm_can_class_free_dev() should be called to free resource allocated by\nm_can_class_allocate_dev(), otherwise there will be memleak.",
  "id": "GHSA-q7f5-6q4v-p39v",
  "modified": "2024-10-24T06:30:29Z",
  "published": "2024-10-21T21:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49024"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0bbb88651ef6b7fbb1bf75ec7ba69add632e834b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1eca1d4cc21b6d0fc5f9a390339804c0afce9439"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ea8dc27bb044e19868155e500ce397007be98656"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q7G4-FR87-482C

Vulnerability from github – Published: 2024-03-15 21:30 – Updated: 2025-01-07 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix memory leak in ext4_mb_init_backend on error path.

Fix a memory leak discovered by syzbot when a file system is corrupted with an illegally large s_log_groups_per_flex.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47116"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-15T21:15:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix memory leak in ext4_mb_init_backend on error path.\n\nFix a memory leak discovered by syzbot when a file system is corrupted\nwith an illegally large s_log_groups_per_flex.",
  "id": "GHSA-q7g4-fr87-482c",
  "modified": "2025-01-07T18:30:38Z",
  "published": "2024-03-15T21:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47116"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/04fb2baa0b147f51db065a1b13a11954abe592d0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2050c6e5b161e5e25ce3c420fef58b24fa388a49"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a8867f4e3809050571c98de7a2d465aff5e4daf5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q7HG-QX63-Q53R

Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-24 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: ulpi: fix memory leak on ulpi_register() error paths

Commit 01af542392b5 ("usb: ulpi: fix double free in ulpi_register_interface() error path") removed kfree(ulpi) from ulpi_register_interface() to fix a double-free when device_register() fails.

But when ulpi_of_register() or ulpi_read_id() fail before device_register() is called, the ulpi allocation is leaked.

Add kfree(ulpi) on both error paths to properly clean up the allocation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46109"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-28T10:16:26Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: ulpi: fix memory leak on ulpi_register() error paths\n\nCommit 01af542392b5 (\"usb: ulpi: fix double free in\nulpi_register_interface() error path\") removed kfree(ulpi) from\nulpi_register_interface() to fix a double-free when device_register()\nfails.\n\nBut when ulpi_of_register() or ulpi_read_id() fail before\ndevice_register() is called, the ulpi allocation is leaked.\n\nAdd kfree(ulpi) on both error paths to properly clean up the allocation.",
  "id": "GHSA-q7hg-qx63-q53r",
  "modified": "2026-06-24T18:32:31Z",
  "published": "2026-05-28T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46109"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b9fcab1b8608d429e5f239afb197de928d4de7d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0c2c0c6820fe96fa4be0a0499f8d3f3321b9af6c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2a71e01b2cf9b4329ff67102c1bea7448c2a2d2d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7bd61ed0bf9f4f1f2673d489b3bda1555b48d054"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b0c0d44adb55c66663886cb6e30ee92cbb0f5385"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/be2c1d825f54277472c87019e82013ac534ddc4c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f1b855c00988a9cb41134cab7cf9faedba775dd9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f30ccfc2985590b33a23a3d8bed7ca16c0af551b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q7RM-C66R-G7QX

Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2022-05-24 16:58
VLAI
Details

A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.1X75 all versions. Versions before 18.1R1 are not affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-0059"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-09T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.1X75 all versions. Versions before 18.1R1 are not affected.",
  "id": "GHSA-q7rm-c66r-g7qx",
  "modified": "2022-05-24T16:58:12Z",
  "published": "2022-05-24T16:58:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0059"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA10957"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-Q867-J66R-989P

Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2023-01-17 21:30
VLAI
Details

A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19074"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-18T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.",
  "id": "GHSA-q867-j66r-989p",
  "modified": "2023-01-17T21:30:19Z",
  "published": "2022-05-24T17:01:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19074"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/728c1e2a05e4b5fc52fab3421dce772a806612a2"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20191205-0001"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4526-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4527-1"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q8CJ-QGWH-M89M

Vulnerability from github – Published: 2024-05-03 18:30 – Updated: 2025-09-18 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

sched/debug: fix dentry leak in update_sched_domain_debugfs

Kuyo reports that the pattern of using debugfs_remove(debugfs_lookup()) leaks a dentry and with a hotplug stress test, the machine eventually runs out of memory.

Fix this up by using the newly created debugfs_lookup_and_remove() call instead which properly handles the dentry reference counting logic.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48699"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T16:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/debug: fix dentry leak in update_sched_domain_debugfs\n\nKuyo reports that the pattern of using debugfs_remove(debugfs_lookup())\nleaks a dentry and with a hotplug stress test, the machine eventually\nruns out of memory.\n\nFix this up by using the newly created debugfs_lookup_and_remove() call\ninstead which properly handles the dentry reference counting logic.",
  "id": "GHSA-q8cj-qgwh-m89m",
  "modified": "2025-09-18T18:30:21Z",
  "published": "2024-05-03T18:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48699"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0c32a93963e03c03e561d5a066eedad211880ba3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/26e9a1ded8923510e5529fbb28390b22228700c2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c2e406596571659451f4b95e37ddfd5a8ef1d0dc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q8GH-4J4R-HP3V

Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13
VLAI
Details

Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-5525"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-15T15:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.",
  "id": "GHSA-q8gh-4j4r-hp3v",
  "modified": "2022-05-13T01:13:41Z",
  "published": "2022-05-13T01:13:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5525"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201702-28"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=12351a91da97b414eec8cdb09f1d9f41e535a401"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=12351a91da97b414eec8cdb09f1d9f41e535a401"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/01/17/19"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/01/18/7"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95671"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q8PM-H92V-PX9X

Vulnerability from github – Published: 2025-03-18 21:31 – Updated: 2025-03-18 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf, sockmap: Fix memleak in sk_psock_queue_msg

If tcp_bpf_sendmsg is running during a tear down operation we may enqueue data on the ingress msg queue while tear down is trying to free it.

sk1 (redirect sk2) sk2 ------------------- --------------- tcp_bpf_sendmsg() tcp_bpf_send_verdict() tcp_bpf_sendmsg_redir() bpf_tcp_ingress() sock_map_close() lock_sock() lock_sock() ... blocking sk_psock_stop sk_psock_clear_state(psock, SK_PSOCK_TX_ENABLED); release_sock(sk); lock_sock() sk_mem_charge() get_page() sk_psock_queue_msg() sk_psock_test_state(psock, SK_PSOCK_TX_ENABLED); drop_sk_msg() release_sock()

While drop_sk_msg(), the msg has charged memory form sk by sk_mem_charge and has sg pages need to put. To fix we use sk_msg_free() and then kfee() msg.

This issue can cause the following info: WARNING: CPU: 0 PID: 9202 at net/core/stream.c:205 sk_stream_kill_queues+0xc8/0xe0 Call Trace: inet_csk_destroy_sock+0x55/0x110 tcp_rcv_state_process+0xe5f/0xe90 ? sk_filter_trim_cap+0x10d/0x230 ? tcp_v4_do_rcv+0x161/0x250 tcp_v4_do_rcv+0x161/0x250 tcp_v4_rcv+0xc3a/0xce0 ip_protocol_deliver_rcu+0x3d/0x230 ip_local_deliver_finish+0x54/0x60 ip_local_deliver+0xfd/0x110 ? ip_protocol_deliver_rcu+0x230/0x230 ip_rcv+0xd6/0x100 ? ip_local_deliver+0x110/0x110 __netif_receive_skb_one_core+0x85/0xa0 process_backlog+0xa4/0x160 __napi_poll+0x29/0x1b0 net_rx_action+0x287/0x300 __do_softirq+0xff/0x2fc do_softirq+0x79/0x90

WARNING: CPU: 0 PID: 531 at net/ipv4/af_inet.c:154 inet_sock_destruct+0x175/0x1b0 Call Trace: __sk_destruct+0x24/0x1f0 sk_psock_destroy+0x19b/0x1c0 process_one_work+0x1b3/0x3c0 ? process_one_work+0x3c0/0x3c0 worker_thread+0x30/0x350 ? process_one_work+0x3c0/0x3c0 kthread+0xe6/0x110 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49207"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:57Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix memleak in sk_psock_queue_msg\n\nIf tcp_bpf_sendmsg is running during a tear down operation we may enqueue\ndata on the ingress msg queue while tear down is trying to free it.\n\n sk1 (redirect sk2)                         sk2\n -------------------                      ---------------\ntcp_bpf_sendmsg()\n tcp_bpf_send_verdict()\n  tcp_bpf_sendmsg_redir()\n   bpf_tcp_ingress()\n                                          sock_map_close()\n                                           lock_sock()\n    lock_sock() ... blocking\n                                           sk_psock_stop\n                                            sk_psock_clear_state(psock, SK_PSOCK_TX_ENABLED);\n                                           release_sock(sk);\n    lock_sock()\n    sk_mem_charge()\n    get_page()\n    sk_psock_queue_msg()\n     sk_psock_test_state(psock, SK_PSOCK_TX_ENABLED);\n      drop_sk_msg()\n    release_sock()\n\nWhile drop_sk_msg(), the msg has charged memory form sk by sk_mem_charge\nand has sg pages need to put. To fix we use sk_msg_free() and then kfee()\nmsg.\n\nThis issue can cause the following info:\nWARNING: CPU: 0 PID: 9202 at net/core/stream.c:205 sk_stream_kill_queues+0xc8/0xe0\nCall Trace:\n \u003cIRQ\u003e\n inet_csk_destroy_sock+0x55/0x110\n tcp_rcv_state_process+0xe5f/0xe90\n ? sk_filter_trim_cap+0x10d/0x230\n ? tcp_v4_do_rcv+0x161/0x250\n tcp_v4_do_rcv+0x161/0x250\n tcp_v4_rcv+0xc3a/0xce0\n ip_protocol_deliver_rcu+0x3d/0x230\n ip_local_deliver_finish+0x54/0x60\n ip_local_deliver+0xfd/0x110\n ? ip_protocol_deliver_rcu+0x230/0x230\n ip_rcv+0xd6/0x100\n ? ip_local_deliver+0x110/0x110\n __netif_receive_skb_one_core+0x85/0xa0\n process_backlog+0xa4/0x160\n __napi_poll+0x29/0x1b0\n net_rx_action+0x287/0x300\n __do_softirq+0xff/0x2fc\n do_softirq+0x79/0x90\n \u003c/IRQ\u003e\n\nWARNING: CPU: 0 PID: 531 at net/ipv4/af_inet.c:154 inet_sock_destruct+0x175/0x1b0\nCall Trace:\n \u003cTASK\u003e\n __sk_destruct+0x24/0x1f0\n sk_psock_destroy+0x19b/0x1c0\n process_one_work+0x1b3/0x3c0\n ? process_one_work+0x3c0/0x3c0\n worker_thread+0x30/0x350\n ? process_one_work+0x3c0/0x3c0\n kthread+0xe6/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e",
  "id": "GHSA-q8pm-h92v-px9x",
  "modified": "2025-03-18T21:31:59Z",
  "published": "2025-03-18T21:31:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49207"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/03948ed6553960db62f1c33bec29e64d7c191a3f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4dd2e947d3be13a4de3b3028859b9a6497266bcf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/938d3480b92fa5e454b7734294f12a7b75126f09"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ef9785f429794567792561a584901faa9291d3ee"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.