Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-7977-F593-WGC3

Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-02-10 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf, cpumap: Make sure kthread is running before map update returns

The following warning was reported when running stress-mode enabled xdp_redirect_cpu with some RT threads:

------------[ cut here ]------------ WARNING: CPU: 4 PID: 65 at kernel/bpf/cpumap.c:135 CPU: 4 PID: 65 Comm: kworker/4:1 Not tainted 6.5.0-rc2+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Workqueue: events cpu_map_kthread_stop RIP: 0010:put_cpu_map_entry+0xda/0x220 ...... Call Trace: ? show_regs+0x65/0x70 ? __warn+0xa5/0x240 ...... ? put_cpu_map_entry+0xda/0x220 cpu_map_kthread_stop+0x41/0x60 process_one_work+0x6b0/0xb80 worker_thread+0x96/0x720 kthread+0x1a5/0x1f0 ret_from_fork+0x3a/0x70 ret_from_fork_asm+0x1b/0x30

The root cause is the same as commit 436901649731 ("bpf: cpumap: Fix memory leak in cpu_map_update_elem"). The kthread is stopped prematurely by kthread_stop() in cpu_map_kthread_stop(), and kthread() doesn't call cpu_map_kthread_run() at all but XDP program has already queued some frames or skbs into ptr_ring. So when __cpu_map_ring_cleanup() checks the ptr_ring, it will find it was not emptied and report a warning.

An alternative fix is to use __cpu_map_ring_cleanup() to drop these pending frames or skbs when kthread_stop() returns -EINTR, but it may confuse the user, because these frames or skbs have been handled correctly by XDP program. So instead of dropping these frames or skbs, just make sure the per-cpu kthread is running before __cpu_map_entry_alloc() returns.

After apply the fix, the error handle for kthread_stop() will be unnecessary because it will always return 0, so just remove it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53577"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-04T16:15:53Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Make sure kthread is running before map update returns\n\nThe following warning was reported when running stress-mode enabled\nxdp_redirect_cpu with some RT threads:\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 4 PID: 65 at kernel/bpf/cpumap.c:135\n  CPU: 4 PID: 65 Comm: kworker/4:1 Not tainted 6.5.0-rc2+ #1\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n  Workqueue: events cpu_map_kthread_stop\n  RIP: 0010:put_cpu_map_entry+0xda/0x220\n  ......\n  Call Trace:\n   \u003cTASK\u003e\n   ? show_regs+0x65/0x70\n   ? __warn+0xa5/0x240\n   ......\n   ? put_cpu_map_entry+0xda/0x220\n   cpu_map_kthread_stop+0x41/0x60\n   process_one_work+0x6b0/0xb80\n   worker_thread+0x96/0x720\n   kthread+0x1a5/0x1f0\n   ret_from_fork+0x3a/0x70\n   ret_from_fork_asm+0x1b/0x30\n   \u003c/TASK\u003e\n\nThe root cause is the same as commit 436901649731 (\"bpf: cpumap: Fix memory\nleak in cpu_map_update_elem\"). The kthread is stopped prematurely by\nkthread_stop() in cpu_map_kthread_stop(), and kthread() doesn\u0027t call\ncpu_map_kthread_run() at all but XDP program has already queued some\nframes or skbs into ptr_ring. So when __cpu_map_ring_cleanup() checks\nthe ptr_ring, it will find it was not emptied and report a warning.\n\nAn alternative fix is to use __cpu_map_ring_cleanup() to drop these\npending frames or skbs when kthread_stop() returns -EINTR, but it may\nconfuse the user, because these frames or skbs have been handled\ncorrectly by XDP program. So instead of dropping these frames or skbs,\njust make sure the per-cpu kthread is running before\n__cpu_map_entry_alloc() returns.\n\nAfter apply the fix, the error handle for kthread_stop() will be\nunnecessary because it will always return 0, so just remove it.",
  "id": "GHSA-7977-f593-wgc3",
  "modified": "2026-02-10T15:30:21Z",
  "published": "2025-10-04T18:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53577"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/640a604585aa30f93e39b17d4d6ba69fcb1e66c9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7a1178a3671b40746830d355836b72e47ceb2490"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b44d28b98f185d2f2348aa3c3636838c316f889e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ecb45b852af5e88257020b88bea5ff0798d72aca"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-79HQ-4GRW-2Q67

Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-08-02 00:00
VLAI
Details

An issue was discovered in lrzip version 0.641. There are memory leaks in fill_buffer() in stream.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33451"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-26T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in lrzip version 0.641. There are memory leaks in fill_buffer() in stream.c.",
  "id": "GHSA-79hq-4grw-2q67",
  "modified": "2022-08-02T00:00:27Z",
  "published": "2022-07-27T00:00:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33451"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ckolivas/lrzip/issues/198"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-79HQ-VF7M-FQVR

Vulnerability from github – Published: 2024-01-19 15:30 – Updated: 2024-01-26 00:30
VLAI
Details

openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22563"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-19T15:15:09Z",
    "severity": "HIGH"
  },
  "details": "openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.",
  "id": "GHSA-79hq-vf7m-fqvr",
  "modified": "2024-01-26T00:30:26Z",
  "published": "2024-01-19T15:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22563"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openvswitch/ovs-issues/issues/315"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-79JM-HGJ4-5MPX

Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-04-27 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix leak of rxgk context in rxgk_verify_response()

Fix rxgk_verify_response() to clean up the rxgk context it creates.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31632"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-24T15:16:42Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix leak of rxgk context in rxgk_verify_response()\n\nFix rxgk_verify_response() to clean up the rxgk context it creates.",
  "id": "GHSA-79jm-hgj4-5mpx",
  "modified": "2026-04-27T21:30:48Z",
  "published": "2026-04-24T15:32:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31632"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1bd3d01378c1f9ecd313d394b51c808c1f418615"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4b5e8365515f4409de7d3b92a439154ee4f90f6d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7e1876caa8363056f58a21d3b31b82c2daf7e608"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-79RQ-PP6P-6HMR

Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2023-05-27 06:30
VLAI
Details

Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33364"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-13T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.",
  "id": "GHSA-79rq-pp6p-6hmr",
  "modified": "2023-05-27T06:30:36Z",
  "published": "2022-05-24T19:14:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33364"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/1783"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/fe5155cf047252d1c4cb91602048bfa682af0ea7"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5411"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7C6F-R892-6P89

Vulnerability from github – Published: 2022-05-13 01:05 – Updated: 2025-04-12 13:04
VLAI
Details

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-6304"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-09-26T19:59:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.",
  "id": "GHSA-7c6f-r892-6p89",
  "modified": "2025-04-12T13:04:48Z",
  "published": "2022-05-13T01:05:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6304"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/tns-2016-21"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/tns-2016-20"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/tns-2016-16"
    },
    {
      "type": "WEB",
      "url": "https://www.openssl.org/news/secadv/20160922.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201612-16"
    },
    {
      "type": "WEB",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
    },
    {
      "type": "WEB",
      "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
    },
    {
      "type": "WEB",
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
    },
    {
      "type": "WEB",
      "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=2c0d295e26306e15a92eb23a84a1802005c1c137"
    },
    {
      "type": "WEB",
      "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
    },
    {
      "type": "WEB",
      "url": "https://bto.bluecoat.com/security-advisory/sa132"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2494"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2493"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1802"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1801"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1658"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1414"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1413"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2802.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2016/Dec/47"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2016/Oct/62"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3673"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93150"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036878"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037640"
    },
    {
      "type": "WEB",
      "url": "http://www.splunk.com/view/SP-CAAAPSV"
    },
    {
      "type": "WEB",
      "url": "http://www.splunk.com/view/SP-CAAAPUE"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-3087-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-3087-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7F3F-6H8V-698G

Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-13 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

remoteproc: imx_rproc: Fix invalid loaded resource table detection

imx_rproc_elf_find_loaded_rsc_table() may incorrectly report a loaded resource table even when the current firmware does not provide one.

When the device tree contains a "rsc-table" entry, priv->rsc_table is non-NULL and denotes where a resource table would be located if one is present in memory. However, when the current firmware has no resource table, rproc->table_ptr is NULL. The function still returns priv->rsc_table, and the remoteproc core interprets this as a valid loaded resource table.

Fix this by returning NULL from imx_rproc_elf_find_loaded_rsc_table() when there is no resource table for the current firmware (i.e. when rproc->table_ptr is NULL). This aligns the function's semantics with the remoteproc core: a loaded resource table is only reported when a valid table_ptr exists.

With this change, starting firmware without a resource table no longer triggers a crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43145"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-06T12:16:31Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Fix invalid loaded resource table detection\n\nimx_rproc_elf_find_loaded_rsc_table() may incorrectly report a loaded\nresource table even when the current firmware does not provide one.\n\nWhen the device tree contains a \"rsc-table\" entry, priv-\u003ersc_table is\nnon-NULL and denotes where a resource table would be located if one is\npresent in memory. However, when the current firmware has no resource\ntable, rproc-\u003etable_ptr is NULL. The function still returns\npriv-\u003ersc_table, and the remoteproc core interprets this as a valid loaded\nresource table.\n\nFix this by returning NULL from imx_rproc_elf_find_loaded_rsc_table() when\nthere is no resource table for the current firmware (i.e. when\nrproc-\u003etable_ptr is NULL). This aligns the function\u0027s semantics with the\nremoteproc core: a loaded resource table is only reported when a valid\ntable_ptr exists.\n\nWith this change, starting firmware without a resource table no longer\ntriggers a crash.",
  "id": "GHSA-7f3f-6h8v-698g",
  "modified": "2026-05-13T21:31:58Z",
  "published": "2026-05-06T12:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43145"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/198c629bd03863591f3fbf5ce8ff974a33f13dc9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/26aa5295010ffaebcf8f1991c53fa7cf2ee1b20d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/500778df9e4c313190368908ff40c23948508e97"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/65379adf7d231c930572db45933ff4538f4c5128"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/91baf24d972ea3c04a75dd18821c03d223c0dbc0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9bd98d088f47153a81a6ec8162b4415c64aa7f39"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fcec79b6a3649ae7b1f659267602ca402c240d6e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7F7V-JF43-H9PW

Vulnerability from github – Published: 2024-03-02 00:31 – Updated: 2025-11-03 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

uio_hv_generic: Fix another memory leak in error handling paths

Memory allocated by 'vmbus_alloc_ring()' at the beginning of the probe function is never freed in the error handling path.

Add the missing 'vmbus_free_ring()' call.

Note that it is already freed in the .remove function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47070"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-01T22:15:46Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Fix another memory leak in error handling paths\n\nMemory allocated by \u0027vmbus_alloc_ring()\u0027 at the beginning of the probe\nfunction is never freed in the error handling path.\n\nAdd the missing \u0027vmbus_free_ring()\u0027 call.\n\nNote that it is already freed in the .remove function.",
  "id": "GHSA-7f7v-jf43-h9pw",
  "modified": "2025-11-03T18:31:13Z",
  "published": "2024-03-02T00:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47070"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b0226be3a52dadd965644bc52a807961c2c26df"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/261bbd90cc53d2835343f056770156cf1e82cf03"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5f59240cf25b2f7a0fdffc2701482a70310fec07"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7F8W-63F6-6XPV

Vulnerability from github – Published: 2022-07-21 00:00 – Updated: 2022-07-30 00:00
VLAI
Details

A Missing Release of Memory after Effective Lifetime vulnerability in the Application Quality of Experience (appqoe) subsystem of the PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated network based attacker to cause a Denial of Service (DoS). Upon receiving specific traffic a memory leak will occur. Sustained processing of such specific traffic will eventually lead to an out of memory condition that prevents all services from continuing to function, and requires a manual restart to recover. A device is only vulnerable when advance(d) policy based routing (APBR) is configured and AppQoE (sla rule) is not configured for these APBR rules. This issue affects Juniper Networks Junos OS on SRX Series: 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.3R1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22205"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-20T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A Missing Release of Memory after Effective Lifetime vulnerability in the Application Quality of Experience (appqoe) subsystem of the PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated network based attacker to cause a Denial of Service (DoS). Upon receiving specific traffic a memory leak will occur. Sustained processing of such specific traffic will eventually lead to an out of memory condition that prevents all services from continuing to function, and requires a manual restart to recover. A device is only vulnerable when advance(d) policy based routing (APBR) is configured and AppQoE (sla rule) is not configured for these APBR rules. This issue affects Juniper Networks Junos OS on SRX Series: 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.3R1.",
  "id": "GHSA-7f8w-63f6-6xpv",
  "modified": "2022-07-30T00:00:16Z",
  "published": "2022-07-21T00:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22205"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA69709"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7FHG-F25C-34R6

Vulnerability from github – Published: 2024-08-21 09:31 – Updated: 2024-09-06 15:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM

storvsc_queuecommand() maps the scatter/gather list using scsi_dma_map(), which in a confidential VM allocates swiotlb bounce buffers. If the I/O submission fails in storvsc_do_io(), the I/O is typically retried by higher level code, but the bounce buffer memory is never freed. The mostly like cause of I/O submission failure is a full VMBus channel ring buffer, which is not uncommon under high I/O loads. Eventually enough bounce buffer memory leaks that the confidential VM can't do any I/O. The same problem can arise in a non-confidential VM with kernel boot parameter swiotlb=force.

Fix this by doing scsi_dma_unmap() in the case of an I/O submission error, which frees the bounce buffer memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48890"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-21T07:15:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM\n\nstorvsc_queuecommand() maps the scatter/gather list using scsi_dma_map(),\nwhich in a confidential VM allocates swiotlb bounce buffers. If the I/O\nsubmission fails in storvsc_do_io(), the I/O is typically retried by higher\nlevel code, but the bounce buffer memory is never freed.  The mostly like\ncause of I/O submission failure is a full VMBus channel ring buffer, which\nis not uncommon under high I/O loads.  Eventually enough bounce buffer\nmemory leaks that the confidential VM can\u0027t do any I/O. The same problem\ncan arise in a non-confidential VM with kernel boot parameter\nswiotlb=force.\n\nFix this by doing scsi_dma_unmap() in the case of an I/O submission\nerror, which frees the bounce buffer memory.",
  "id": "GHSA-7fhg-f25c-34r6",
  "modified": "2024-09-06T15:32:56Z",
  "published": "2024-08-21T09:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48890"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/67ff3d0a49f3d445c3922e30a54e03c161da561e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/87c71e88f6a6619ffb1ff88f84dff48ef6d57adb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.