Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-75HM-6R7Q-72P3

Vulnerability from github – Published: 2024-05-01 15:30 – Updated: 2026-05-12 12:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: v4l2-tpg: fix some memleaks in tpg_alloc

In tpg_alloc, resources should be deallocated in each and every error-handling paths, since they are allocated in for statements. Otherwise there would be memleaks because tpg_free is called only when tpg_alloc return 0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27078"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-01T13:15:51Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-tpg: fix some memleaks in tpg_alloc\n\nIn tpg_alloc, resources should be deallocated in each and every\nerror-handling paths, since they are allocated in for statements.\nOtherwise there would be memleaks because tpg_free is called only when\ntpg_alloc return 0.",
  "id": "GHSA-75hm-6r7q-72p3",
  "modified": "2026-05-12T12:31:45Z",
  "published": "2024-05-01T15:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27078"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0de691ff547d86dd54c24b40a81f9c925df8dd77"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/31096da07933598da8522c54bd007376fb152a09"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4c86c772fef06f5d7a66151bac42366825db0941"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/622b1cf38521569869c8f7b9fbe9e4f1a289add7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6bf5c2fade8ed53b2d26fa9875e5b04f36c7145d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/770a57922ce36a8476c43f7400b6501c554ea511"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8269ab16415f2065cd792c49b0475543936cbd79"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8cf9c5051076e0eb958f4361d50d8b0c3ee6691c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/94303a06e1852a366e9671fff46d19459f88cb28"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-75J9-8G79-FP7R

Vulnerability from github – Published: 2026-02-23 21:31 – Updated: 2026-02-23 21:31
VLAI
Details

saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-61146"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-23T19:22:56Z",
    "severity": "MODERATE"
  },
  "details": "saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c.",
  "id": "GHSA-75j9-8g79-fp7r",
  "modified": "2026-02-23T21:31:26Z",
  "published": "2026-02-23T21:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61146"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saitoha/libsixel/issues/207"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saitoha/libsixel/commit/e0ba6685262a3679cc5b9009c0c5b7dc8a3f262e"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/optionGo/1100e5be05c5558501a95f5e99160584"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-75M5-RXWG-H223

Vulnerability from github – Published: 2024-05-01 15:30 – Updated: 2026-05-12 12:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity

The entity->name (i.e. name) is allocated in v4l2_m2m_register_entity but isn't freed in its following error-handling paths. This patch adds such deallocation to prevent memleak of entity->name.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27077"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-01T13:15:51Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity\n\nThe entity-\u003ename (i.e. name) is allocated in v4l2_m2m_register_entity\nbut isn\u0027t freed in its following error-handling paths. This patch\nadds such deallocation to prevent memleak of entity-\u003ename.",
  "id": "GHSA-75m5-rxwg-h223",
  "modified": "2026-05-12T12:31:45Z",
  "published": "2024-05-01T15:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27077"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0175f2d34c85744f9ad6554f696cf0afb5bd04e4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0c9550b032de48d6a7fa6a4ddc09699d64d9300d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3dd8abb0ed0e0a7c66d6d677c86ccb188cc39333"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5dc319cc3c4f7b74f7dfba349aa26f87efb52458"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8f94b49a5b5d386c038e355bef6347298aabd211"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/90029b9c979b60de5cb2b70ade4bbf61d561bc5d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9c23ef30e840fedc66948299509f6c2777c9cf4f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/afd2a82fe300032f63f8be5d6cd6981e75f8bbf2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dc866b69cc51af9b8509b4731b8ce2a4950cd0ef"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-75WP-8GPW-F4FR

Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-22 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: hinic: fix memory leak when reading function table

When the input parameter idx meets the expected case option in hinic_dbg_get_func_table(), read_data is not released. Fix it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50438"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T12:15:35Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hinic: fix memory leak when reading function table\n\nWhen the input parameter idx meets the expected case option in\nhinic_dbg_get_func_table(), read_data is not released. Fix it.",
  "id": "GHSA-75wp-8gpw-f4fr",
  "modified": "2026-01-22T00:31:29Z",
  "published": "2025-10-01T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50438"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4c1f602df8956bc0decdafd7e4fc7eef50c550b1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bb01910763f935b16538084b4269696e0de17f79"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e6765fe8de372a84f8dbe9e03ec13c7c70f946b8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ee98ab337036c983239aa550850861c88a5c4262"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-76W4-C3W3-FPG6

Vulnerability from github – Published: 2022-05-24 17:08 – Updated: 2022-05-24 17:08
VLAI
Details

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to memory leak .

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-3756"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-13T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to memory leak .",
  "id": "GHSA-76w4-c3w3-fpg6",
  "modified": "2022-05-24T17:08:59Z",
  "published": "2022-05-24T17:08:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3756"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-774G-C8XQ-C2V2

Vulnerability from github – Published: 2025-09-22 21:30 – Updated: 2025-12-11 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6

When tcp_ao_copy_all_matching() fails in tcp_v6_syn_recv_sock() it just exits the function. This ends up causing a memory-leak:

unreferenced object 0xffff0000281a8200 (size 2496): comm "softirq", pid 0, jiffies 4295174684 hex dump (first 32 bytes): 7f 00 00 06 7f 00 00 06 00 00 00 00 cb a8 88 13 ................ 0a 00 03 61 00 00 00 00 00 00 00 00 00 00 00 00 ...a............ backtrace (crc 5ebdbe15): kmemleak_alloc+0x44/0xe0 kmem_cache_alloc_noprof+0x248/0x470 sk_prot_alloc+0x48/0x120 sk_clone_lock+0x38/0x3b0 inet_csk_clone_lock+0x34/0x150 tcp_create_openreq_child+0x3c/0x4a8 tcp_v6_syn_recv_sock+0x1c0/0x620 tcp_check_req+0x588/0x790 tcp_v6_rcv+0x5d0/0xc18 ip6_protocol_deliver_rcu+0x2d8/0x4c0 ip6_input_finish+0x74/0x148 ip6_input+0x50/0x118 ip6_sublist_rcv+0x2fc/0x3b0 ipv6_list_rcv+0x114/0x170 __netif_receive_skb_list_core+0x16c/0x200 netif_receive_skb_list_internal+0x1f0/0x2d0

This is because in tcp_v6_syn_recv_sock (and the IPv4 counterpart), when exiting upon error, inet_csk_prepare_forced_close() and tcp_done() need to be called. They make sure the newsk will end up being correctly free'd.

tcp_v4_syn_recv_sock() makes this very clear by having the put_and_exit label that takes care of things. So, this patch here makes sure tcp_v4_syn_recv_sock and tcp_v6_syn_recv_sock have similar error-handling and thus fixes the leak for TCP-AO.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-39852"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-19T16:15:44Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6\n\nWhen tcp_ao_copy_all_matching() fails in tcp_v6_syn_recv_sock() it just\nexits the function. This ends up causing a memory-leak:\n\nunreferenced object 0xffff0000281a8200 (size 2496):\n  comm \"softirq\", pid 0, jiffies 4295174684\n  hex dump (first 32 bytes):\n    7f 00 00 06 7f 00 00 06 00 00 00 00 cb a8 88 13  ................\n    0a 00 03 61 00 00 00 00 00 00 00 00 00 00 00 00  ...a............\n  backtrace (crc 5ebdbe15):\n    kmemleak_alloc+0x44/0xe0\n    kmem_cache_alloc_noprof+0x248/0x470\n    sk_prot_alloc+0x48/0x120\n    sk_clone_lock+0x38/0x3b0\n    inet_csk_clone_lock+0x34/0x150\n    tcp_create_openreq_child+0x3c/0x4a8\n    tcp_v6_syn_recv_sock+0x1c0/0x620\n    tcp_check_req+0x588/0x790\n    tcp_v6_rcv+0x5d0/0xc18\n    ip6_protocol_deliver_rcu+0x2d8/0x4c0\n    ip6_input_finish+0x74/0x148\n    ip6_input+0x50/0x118\n    ip6_sublist_rcv+0x2fc/0x3b0\n    ipv6_list_rcv+0x114/0x170\n    __netif_receive_skb_list_core+0x16c/0x200\n    netif_receive_skb_list_internal+0x1f0/0x2d0\n\nThis is because in tcp_v6_syn_recv_sock (and the IPv4 counterpart), when\nexiting upon error, inet_csk_prepare_forced_close() and tcp_done() need\nto be called. They make sure the newsk will end up being correctly\nfree\u0027d.\n\ntcp_v4_syn_recv_sock() makes this very clear by having the put_and_exit\nlabel that takes care of things. So, this patch here makes sure\ntcp_v4_syn_recv_sock and tcp_v6_syn_recv_sock have similar\nerror-handling and thus fixes the leak for TCP-AO.",
  "id": "GHSA-774g-c8xq-c2v2",
  "modified": "2025-12-11T18:30:35Z",
  "published": "2025-09-22T21:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39852"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3d2b356d994a8801acb397cafd28b13672c37ab5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/46d33c878fc0b3d7570366b2c9912395b3f4e701"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fa390321aba0a54d0f7ae95ee4ecde1358bb9234"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-77HM-Q3FV-FQ9X

Vulnerability from github – Published: 2022-06-15 00:00 – Updated: 2022-06-24 00:00
VLAI
Details

A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40633"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-14T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.",
  "id": "GHSA-77hm-q3fv-fq9x",
  "modified": "2022-06-24T00:00:33Z",
  "published": "2022-06-15T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40633"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/giflib/bugs/157"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-77PH-FPQV-C298

Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-04-23 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

nfc: nci: free skb on nci_transceive early error paths

nci_transceive() takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it.

Due to issues clearing NCI_DATA_EXCHANGE fixed by subsequent changes the nci/nci_dev selftest hits the error path occasionally in NIPA, and kmemleak detects leaks:

unreferenced object 0xff11000015ce6a40 (size 640): comm "nci_dev", pid 3954, jiffies 4295441246 hex dump (first 32 bytes): 6b 6b 6b 6b 00 a4 00 0c 02 e1 03 6b 6b 6b 6b 6b kkkk.......kkkkk 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk backtrace (crc 7c40cc2a): kmem_cache_alloc_node_noprof+0x492/0x630 __alloc_skb+0x11e/0x5f0 alloc_skb_with_frags+0xc6/0x8f0 sock_alloc_send_pskb+0x326/0x3f0 nfc_alloc_send_skb+0x94/0x1d0 rawsock_sendmsg+0x162/0x4c0 do_syscall_64+0x117/0xfc0

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23339"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T11:16:31Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: free skb on nci_transceive early error paths\n\nnci_transceive() takes ownership of the skb passed by the caller,\nbut the -EPROTO, -EINVAL, and -EBUSY error paths return without\nfreeing it.\n\nDue to issues clearing NCI_DATA_EXCHANGE fixed by subsequent changes\nthe nci/nci_dev selftest hits the error path occasionally in NIPA,\nand kmemleak detects leaks:\n\nunreferenced object 0xff11000015ce6a40 (size 640):\n  comm \"nci_dev\", pid 3954, jiffies 4295441246\n  hex dump (first 32 bytes):\n    6b 6b 6b 6b 00 a4 00 0c 02 e1 03 6b 6b 6b 6b 6b  kkkk.......kkkkk\n    6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk\n  backtrace (crc 7c40cc2a):\n    kmem_cache_alloc_node_noprof+0x492/0x630\n    __alloc_skb+0x11e/0x5f0\n    alloc_skb_with_frags+0xc6/0x8f0\n    sock_alloc_send_pskb+0x326/0x3f0\n    nfc_alloc_send_skb+0x94/0x1d0\n    rawsock_sendmsg+0x162/0x4c0\n    do_syscall_64+0x117/0xfc0",
  "id": "GHSA-77ph-fpqv-c298",
  "modified": "2026-04-23T21:31:17Z",
  "published": "2026-03-25T12:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23339"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3245801d44a44c090acefe19a12d22d12cac45c5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/33f6b8a96dda045789796c3bcb451c74ac158039"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/54f7f0eaafa56b5994cdb5c7967946922c2e1d22"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6d898f943766440cf766d30364e715111c3563b5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7bd4b0c4779f978a6528c9b7937d2ca18e936e2c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9d448bbab724b94d6c561e1f314656f5b88a7cb3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b367cb44d919f35b07cd56feffa15e68cd9f53f9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dcbcccfc5195c9caaa4bb8d31f23c345f00a9e89"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-77VW-M47Q-M4GP

Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-23 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtw88: Fix memory leak in rtw88_usb

Kmemleak shows the following leak arising from routine in the usb probe routine:

unreferenced object 0xffff895cb29bba00 (size 512): comm "(udev-worker)", pid 534, jiffies 4294903932 (age 102751.088s) hex dump (first 32 bytes): 77 30 30 30 00 00 00 00 02 2f 2d 2b 30 00 00 00 w000...../-+0... 02 00 2a 28 00 00 00 00 ff 55 ff ff ff 00 00 00 ..*(.....U...... backtrace: [] kmalloc_trace+0x26/0x90 [] rtw_usb_probe+0x2f1/0x680 [rtw_usb] [] usb_probe_interface+0xdd/0x2e0 [usbcore] [] really_probe+0x18e/0x3d0 [] __driver_probe_device+0x78/0x160 [] driver_probe_device+0x1f/0x90 [] __driver_attach+0xbf/0x1b0 [] bus_for_each_dev+0x70/0xc0 [] bus_add_driver+0x10e/0x210 [] driver_register+0x55/0xf0 [] usb_register_driver+0x88/0x140 [usbcore] [] do_one_initcall+0x43/0x210 [] do_init_module+0x4a/0x200 [] __do_sys_finit_module+0xac/0x120 [] do_syscall_64+0x56/0x80 [] entry_SYSCALL_64_after_hwframe+0x46/0xb0

The leak was verified to be real by unloading the driver, which resulted in a dangling pointer to the allocation.

The allocated memory is freed in rtw_usb_intf_deinit().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53529"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T12:15:57Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: Fix memory leak in rtw88_usb\n\nKmemleak shows the following leak arising from routine in the usb\nprobe routine:\n\nunreferenced object 0xffff895cb29bba00 (size 512):\n  comm \"(udev-worker)\", pid 534, jiffies 4294903932 (age 102751.088s)\n  hex dump (first 32 bytes):\n    77 30 30 30 00 00 00 00 02 2f 2d 2b 30 00 00 00  w000...../-+0...\n    02 00 2a 28 00 00 00 00 ff 55 ff ff ff 00 00 00  ..*(.....U......\n  backtrace:\n    [\u003cffffffff9265fa36\u003e] kmalloc_trace+0x26/0x90\n    [\u003cffffffffc17eec41\u003e] rtw_usb_probe+0x2f1/0x680 [rtw_usb]\n    [\u003cffffffffc03e19fd\u003e] usb_probe_interface+0xdd/0x2e0 [usbcore]\n    [\u003cffffffff92b4f2fe\u003e] really_probe+0x18e/0x3d0\n    [\u003cffffffff92b4f5b8\u003e] __driver_probe_device+0x78/0x160\n    [\u003cffffffff92b4f6bf\u003e] driver_probe_device+0x1f/0x90\n    [\u003cffffffff92b4f8df\u003e] __driver_attach+0xbf/0x1b0\n    [\u003cffffffff92b4d350\u003e] bus_for_each_dev+0x70/0xc0\n    [\u003cffffffff92b4e51e\u003e] bus_add_driver+0x10e/0x210\n    [\u003cffffffff92b50935\u003e] driver_register+0x55/0xf0\n    [\u003cffffffffc03e0708\u003e] usb_register_driver+0x88/0x140 [usbcore]\n    [\u003cffffffff92401153\u003e] do_one_initcall+0x43/0x210\n    [\u003cffffffff9254f42a\u003e] do_init_module+0x4a/0x200\n    [\u003cffffffff92551d1c\u003e] __do_sys_finit_module+0xac/0x120\n    [\u003cffffffff92ee6626\u003e] do_syscall_64+0x56/0x80\n    [\u003cffffffff9300006a\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe leak was verified to be real by unloading the driver, which resulted\nin a dangling pointer to the allocation.\n\nThe allocated memory is freed in rtw_usb_intf_deinit().",
  "id": "GHSA-77vw-m47q-m4gp",
  "modified": "2026-01-23T21:30:36Z",
  "published": "2025-10-01T12:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53529"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/59a3a312009723e3e5082899655fdcc420e2b47a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5bba1ad561a8b5bb14704d8f511cf10466336e3d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-77WF-7C6R-CX8J

Vulnerability from github – Published: 2025-03-02 15:30 – Updated: 2025-03-02 15:30
VLAI
Details

A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1816"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-02T14:15:34Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue.",
  "id": "GHSA-77wf-7c6r-cx8j",
  "modified": "2025-03-02T15:30:31Z",
  "published": "2025-03-02T15:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1816"
    },
    {
      "type": "WEB",
      "url": "https://ffmpeg.org"
    },
    {
      "type": "WEB",
      "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0526535cd58444dd264e810b2f3348b4d96cff3b"
    },
    {
      "type": "WEB",
      "url": "https://trac.ffmpeg.org/attachment/ticket/11475/poc"
    },
    {
      "type": "WEB",
      "url": "https://trac.ffmpeg.org/ticket/11475"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.298089"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.298089"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.506575"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.