CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-7FMQ-QW39-X2X2
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-10 21:30In the Linux kernel, the following vulnerability has been resolved:
drm/drv: Fix potential memory leak in drm_dev_init()
drm_dev_init() will add drm_dev_init_release() as a callback. When drmm_add_action() failed, the release function won't be added. As the result, the ref cnt added by device_get() in drm_dev_init() won't be put by drm_dev_init_release(), which leads to the memleak. Use drmm_add_action_or_reset() instead of drmm_add_action() to prevent memleak.
unreferenced object 0xffff88810bc0c800 (size 2048): comm "modprobe", pid 8322, jiffies 4305809845 (age 15.292s) hex dump (first 32 bytes): e8 cc c0 0b 81 88 ff ff ff ff ff ff 00 00 00 00 ................ 20 24 3c 0c 81 88 ff ff 18 c8 c0 0b 81 88 ff ff $<............. backtrace: [<000000007251f72d>] __kmalloc+0x4b/0x1c0 [<0000000045f21f26>] platform_device_alloc+0x2d/0xe0 [<000000004452a479>] platform_device_register_full+0x24/0x1c0 [<0000000089f4ea61>] 0xffffffffa0736051 [<00000000235b2441>] do_one_initcall+0x7a/0x380 [<0000000001a4a177>] do_init_module+0x5c/0x230 [<000000002bf8a8e2>] load_module+0x227d/0x2420 [<00000000637d6d0a>] __do_sys_finit_module+0xd5/0x140 [<00000000c99fc324>] do_syscall_64+0x3f/0x90 [<000000004d85aa77>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
{
"affected": [],
"aliases": [
"CVE-2022-49830"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T15:16:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/drv: Fix potential memory leak in drm_dev_init()\n\ndrm_dev_init() will add drm_dev_init_release() as a callback. When\ndrmm_add_action() failed, the release function won\u0027t be added. As the\nresult, the ref cnt added by device_get() in drm_dev_init() won\u0027t be put\nby drm_dev_init_release(), which leads to the memleak. Use\ndrmm_add_action_or_reset() instead of drmm_add_action() to prevent\nmemleak.\n\nunreferenced object 0xffff88810bc0c800 (size 2048):\n comm \"modprobe\", pid 8322, jiffies 4305809845 (age 15.292s)\n hex dump (first 32 bytes):\n e8 cc c0 0b 81 88 ff ff ff ff ff ff 00 00 00 00 ................\n 20 24 3c 0c 81 88 ff ff 18 c8 c0 0b 81 88 ff ff $\u003c.............\n backtrace:\n [\u003c000000007251f72d\u003e] __kmalloc+0x4b/0x1c0\n [\u003c0000000045f21f26\u003e] platform_device_alloc+0x2d/0xe0\n [\u003c000000004452a479\u003e] platform_device_register_full+0x24/0x1c0\n [\u003c0000000089f4ea61\u003e] 0xffffffffa0736051\n [\u003c00000000235b2441\u003e] do_one_initcall+0x7a/0x380\n [\u003c0000000001a4a177\u003e] do_init_module+0x5c/0x230\n [\u003c000000002bf8a8e2\u003e] load_module+0x227d/0x2420\n [\u003c00000000637d6d0a\u003e] __do_sys_finit_module+0xd5/0x140\n [\u003c00000000c99fc324\u003e] do_syscall_64+0x3f/0x90\n [\u003c000000004d85aa77\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"id": "GHSA-7fmq-qw39-x2x2",
"modified": "2025-11-10T21:30:28Z",
"published": "2025-05-01T15:31:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49830"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/07e56de8766fe5be67252596244b84ac0ec0de91"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bd8d1335e6e70a396094ef98913b513140c0b86b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c47a823ea186263ab69cfb665327b7f72cb5e779"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ff963634f7b2e0dc011349abb3fb81a0d074f443"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7FPC-WX39-R8J5
Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2024-04-04 07:07An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
{
"affected": [],
"aliases": [
"CVE-2022-47008"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-22T19:16:30Z",
"severity": "MODERATE"
},
"details": "An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.",
"id": "GHSA-7fpc-wx39-r8j5",
"modified": "2024-04-04T07:07:40Z",
"published": "2023-08-22T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47008"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29255%20"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7FVW-HRGG-4CR6
Vulnerability from github – Published: 2025-04-09 21:31 – Updated: 2025-04-09 21:31A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually leads to an FPC crash and restart.
This issue does not affect MX Series platforms. Heap size growth on FPC can be seen using below command.
user@host> show chassis fpc Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%) Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer 0 Online 45 3 0 2 2 2 32768 19 0 <<<<<<< Heap increase in all fPCs
This issue affects Junos OS:
- All versions before 21.2R3-S7,
- 21.4 versions before 21.4R3-S4,
- 22.2 versions before 22.2R3-S1,
- 22.3 versions before 22.3R3-S1,
- 22.4 versions before 22.4R2-S2, 22.4R3.
and Junos OS Evolved:
- All versions before 21.2R3-S7-EVO,
- 21.4-EVO versions before 21.4R3-S4-EVO,
- 22.2-EVO versions before 22.2R3-S1-EVO,
-
22.3-EVO versions before 22.3R3-S1-EVO,
-
22.4-EVO versions before 22.4R3-EVO.
{
"affected": [],
"aliases": [
"CVE-2025-21595"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-09T20:15:25Z",
"severity": "HIGH"
},
"details": "A Missing Release of Memory after Effective Lifetime\u00a0vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually leads to an FPC crash and restart.\n\nThis issue does not affect MX Series platforms.\nHeap size growth on FPC can be seen using below command.\n\n\nuser@host\u003e show chassis fpc\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Temp CPU Utilization (%) CPU Utilization (%) Memory \u00a0 Utilization (%)\nSlot State \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 (C) Total Interrupt \u00a0 \u00a0 1min \u00a0 5min \u00a0 15min \u00a0 DRAM (MB) \u00a0 Heap \u00a0 Buffer\n\u00a0 0 Online \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 45 \u00a0 \u00a0 3 \u00a0 \u00a0 \u00a0 \u00a0 0 \u00a0 \u00a0 \u00a0 2 \u00a0 \u00a0 \u00a0 2 \u00a0 \u00a0 \u00a02 \u00a0 \u00a0 \u00a0 32768 \u00a0 \u00a0 \u00a019\u00a0 \u00a0 \u00a0 \u00a00\u2003\u003c\u003c\u003c\u003c\u003c\u003c\u003c Heap increase in all fPCs\n\n\nThis issue affects Junos OS:\n\n * All versions before 21.2R3-S7,\n * 21.4 versions before 21.4R3-S4,\n * 22.2 versions before 22.2R3-S1,\u00a0\n * 22.3 versions before 22.3R3-S1,\u00a0\n * 22.4 versions before 22.4R2-S2, 22.4R3.\n\n\nand Junos OS Evolved:\n\n * All versions before 21.2R3-S7-EVO,\n * 21.4-EVO versions before 21.4R3-S4-EVO,\n * 22.2-EVO versions before 22.2R3-S1-EVO,\u00a0\n * 22.3-EVO versions before 22.3R3-S1-EVO,\u00a0\n\n * 22.4-EVO versions before 22.4R3-EVO.",
"id": "GHSA-7fvw-hrgg-4cr6",
"modified": "2025-04-09T21:31:43Z",
"published": "2025-04-09T21:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21595"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA96450"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-7FW8-M89X-2XHM
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-01-14 18:31In the Linux kernel, the following vulnerability has been resolved:
nvme-tcp: fix the memleak while create new ctrl failed
Now while we create new ctrl failed, we have not free the tagset occupied by admin_q, here try to fix it.
{
"affected": [],
"aliases": [
"CVE-2024-56632"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T15:15:22Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix the memleak while create new ctrl failed\n\nNow while we create new ctrl failed, we have not free the\ntagset occupied by admin_q, here try to fix it.",
"id": "GHSA-7fw8-m89x-2xhm",
"modified": "2025-01-14T18:31:55Z",
"published": "2024-12-27T15:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56632"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ceff9ac13a2478afddce85414d404e6aff6425f6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fec55c29e54d3ca6fe9d7d7d9266098b4514fd34"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7G45-9XMP-G2W6
Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2025-12-18 00:34xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
{
"affected": [],
"aliases": [
"CVE-2019-20388"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-404"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-21T23:15:00Z",
"severity": "HIGH"
},
"details": "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.",
"id": "GHSA-7g45-9xmp-g2w6",
"modified": "2025-12-18T00:34:04Z",
"published": "2022-05-24T17:07:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20388"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202010-04"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200702-0005"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7G88-W646-8R4R
Vulnerability from github – Published: 2026-02-14 18:30 – Updated: 2026-03-18 15:30In the Linux kernel, the following vulnerability has been resolved:
octeon_ep: Fix memory leak in octep_device_setup()
In octep_device_setup(), if octep_ctrl_net_init() fails, the function returns directly without unmapping the mapped resources and freeing the allocated configuration memory.
Fix this by jumping to the unsupported_dev label, which performs the necessary cleanup. This aligns with the error handling logic of other paths in this function.
Compile tested only. Issue found using a prototype static analysis tool and code review.
{
"affected": [],
"aliases": [
"CVE-2026-23160"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-14T16:15:56Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: Fix memory leak in octep_device_setup()\n\nIn octep_device_setup(), if octep_ctrl_net_init() fails, the function\nreturns directly without unmapping the mapped resources and freeing the\nallocated configuration memory.\n\nFix this by jumping to the unsupported_dev label, which performs the\nnecessary cleanup. This aligns with the error handling logic of other\npaths in this function.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review.",
"id": "GHSA-7g88-w646-8r4r",
"modified": "2026-03-18T15:30:40Z",
"published": "2026-02-14T18:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23160"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5058d3f8f17202e673f90af1446252322bd0850f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8016dc5ee19a77678c264f8ba368b1e873fa705b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d753f3c3f9d7a6e6dbb4d3a97b73007d71624551"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fdfd28e13c244d7c3345e74f339fd1b67605b694"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7H22-X3WX-HV9P
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12.
{
"affected": [],
"aliases": [
"CVE-2021-21723"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-26T18:16:00Z",
"severity": "HIGH"
},
"details": "Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12.",
"id": "GHSA-7h22-x3wx-hv9p",
"modified": "2022-05-24T17:40:19Z",
"published": "2022-05-24T17:40:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21723"
},
{
"type": "WEB",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014424"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7HGQ-Q722-GW74
Vulnerability from github – Published: 2025-09-17 15:30 – Updated: 2025-12-11 15:30In the Linux kernel, the following vulnerability has been resolved:
kernel/fail_function: fix memory leak with using debugfs_lookup()
When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.
{
"affected": [],
"aliases": [
"CVE-2023-53346"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-17T15:15:38Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernel/fail_function: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time. To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once.",
"id": "GHSA-7hgq-q722-gw74",
"modified": "2025-12-11T15:30:29Z",
"published": "2025-09-17T15:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53346"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/29d53c4c5a6f6d2b93aaac95b65cb4c907faf2ff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2bb3669f576559db273efe49e0e69f82450efbca"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/94f68f3e059c478e240f65fcb64746fe371295df"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bb99db06b8b6ce9351633fc61bec9919d8f6f52b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dd9981a11d74ff2eb253bb5c459876f8bd3c6c36"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f6d3aee1c66358471275df9dddd480010f061b0e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7HPX-3FCF-FXR2
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-01-06 18:31In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix qi_batch NULL pointer with nested parent domain
The qi_batch is allocated when assigning cache tag for a domain. While for nested parent domain, it is missed. Hence, when trying to map pages to the nested parent, NULL dereference occurred. Also, there is potential memleak since there is no lock around domain->qi_batch allocation.
To solve it, add a helper for qi_batch allocation, and call it in both the __cache_tag_assign_domain() and __cache_tag_assign_parent_domain().
BUG: kernel NULL pointer dereference, address: 0000000000000200 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 8104795067 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 223 UID: 0 PID: 4357 Comm: qemu-system-x86 Not tainted 6.13.0-rc1-00028-g4b50c3c3b998-dirty #2632 Call Trace: ? __die+0x24/0x70 ? page_fault_oops+0x80/0x150 ? do_user_addr_fault+0x63/0x7b0 ? exc_page_fault+0x7c/0x220 ? asm_exc_page_fault+0x26/0x30 ? cache_tag_flush_range_np+0x13c/0x260 intel_iommu_iotlb_sync_map+0x1a/0x30 iommu_map+0x61/0xf0 batch_to_domain+0x188/0x250 iopt_area_fill_domains+0x125/0x320 ? rcu_is_watching+0x11/0x50 iopt_map_pages+0x63/0x100 iopt_map_common.isra.0+0xa7/0x190 iopt_map_user_pages+0x6a/0x80 iommufd_ioas_map+0xcd/0x1d0 iommufd_fops_ioctl+0x118/0x1c0 __x64_sys_ioctl+0x93/0xc0 do_syscall_64+0x71/0x140 entry_SYSCALL_64_after_hwframe+0x76/0x7e
{
"affected": [],
"aliases": [
"CVE-2024-56668"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T15:15:26Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix qi_batch NULL pointer with nested parent domain\n\nThe qi_batch is allocated when assigning cache tag for a domain. While\nfor nested parent domain, it is missed. Hence, when trying to map pages\nto the nested parent, NULL dereference occurred. Also, there is potential\nmemleak since there is no lock around domain-\u003eqi_batch allocation.\n\nTo solve it, add a helper for qi_batch allocation, and call it in both\nthe __cache_tag_assign_domain() and __cache_tag_assign_parent_domain().\n\n BUG: kernel NULL pointer dereference, address: 0000000000000200\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 8104795067 P4D 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 223 UID: 0 PID: 4357 Comm: qemu-system-x86 Not tainted 6.13.0-rc1-00028-g4b50c3c3b998-dirty #2632\n Call Trace:\n ? __die+0x24/0x70\n ? page_fault_oops+0x80/0x150\n ? do_user_addr_fault+0x63/0x7b0\n ? exc_page_fault+0x7c/0x220\n ? asm_exc_page_fault+0x26/0x30\n ? cache_tag_flush_range_np+0x13c/0x260\n intel_iommu_iotlb_sync_map+0x1a/0x30\n iommu_map+0x61/0xf0\n batch_to_domain+0x188/0x250\n iopt_area_fill_domains+0x125/0x320\n ? rcu_is_watching+0x11/0x50\n iopt_map_pages+0x63/0x100\n iopt_map_common.isra.0+0xa7/0x190\n iopt_map_user_pages+0x6a/0x80\n iommufd_ioas_map+0xcd/0x1d0\n iommufd_fops_ioctl+0x118/0x1c0\n __x64_sys_ioctl+0x93/0xc0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"id": "GHSA-7hpx-3fcf-fxr2",
"modified": "2025-01-06T18:31:00Z",
"published": "2024-12-27T15:31:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56668"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/74536f91962d5f6af0a42414773ce61e653c10ee"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ffd774c34774fd4cc0e9cf2976595623a6c3a077"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7HRX-2H6P-X7PC
Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-11-10 18:30In the Linux kernel, the following vulnerability has been resolved:
scsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc()
Don't allocate memory again when IOC is being reinitialized.
{
"affected": [],
"aliases": [
"CVE-2023-53115"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-02T16:15:30Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc()\n\nDon\u0027t allocate memory again when IOC is being reinitialized.",
"id": "GHSA-7hrx-2h6p-x7pc",
"modified": "2025-11-10T18:30:29Z",
"published": "2025-05-02T18:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53115"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5aab9342f12f980b64617a034d121efbbf09100a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7277b4eec2f25a0653646ba95b1f25fa16be1d6c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c798304470cab88723d895726d17fcb96472e0e9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.