Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-7WQ6-HWPJ-WCQ2

Vulnerability from github – Published: 2023-06-06 21:30 – Updated: 2023-11-29 03:30
VLAI
Details

A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2602"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-06T20:15:12Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.",
  "id": "GHSA-7wq6-hwpj-wcq2",
  "modified": "2023-11-29T03:30:22Z",
  "published": "2023-06-06T21:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2602"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209114"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW"
    },
    {
      "type": "WEB",
      "url": "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7WX7-HCFJ-9CVG

Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-03-16 15:30
VLAI
Details

in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-0639"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-16T14:18:07Z",
    "severity": "LOW"
  },
  "details": "in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory.",
  "id": "GHSA-7wx7-hcfj-9cvg",
  "modified": "2026-03-16T15:30:41Z",
  "published": "2026-03-16T15:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0639"
    },
    {
      "type": "WEB",
      "url": "https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-02.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7X76-CW6Q-RM95

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-19 15:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

thermal: core: Fix thermal zone governor cleanup issues

If thermal_zone_device_register_with_trips() fails after adding a thermal governor to the thermal zone being registered, the governor is not removed from it as appropriate which may lead to a memory leak.

In turn, thermal_zone_device_unregister() calls thermal_set_governor() without acquiring the thermal zone lock beforehand which may race with a governor update via sysfs and may lead to a use-after-free in that case.

Address these issues by adding two thermal_set_governor() calls, one to thermal_release() to remove the governor from the given thermal zone, and one to the thermal zone registration error path to cover failures preceding the thermal zone device registration.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46021"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:20Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: Fix thermal zone governor cleanup issues\n\nIf thermal_zone_device_register_with_trips() fails after adding\na thermal governor to the thermal zone being registered, the\ngovernor is not removed from it as appropriate which may lead to\na memory leak.\n\nIn turn, thermal_zone_device_unregister() calls thermal_set_governor()\nwithout acquiring the thermal zone lock beforehand which may race with\na governor update via sysfs and may lead to a use-after-free in that\ncase.\n\nAddress these issues by adding two thermal_set_governor() calls, one to\nthermal_release() to remove the governor from the given thermal zone,\nand one to the thermal zone registration error path to cover failures\npreceding the thermal zone device registration.",
  "id": "GHSA-7x76-cw6q-rm95",
  "modified": "2026-06-19T15:33:12Z",
  "published": "2026-05-27T15:33:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46021"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/37a430a2d4e66ec8238da6c7f7e48809bf265e13"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/41ff66baf81c6541f4f985dd7eac4494d03d9440"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/64d4ebf91d082034bbc5ae3ba2d7fd800bc02d06"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/75f8f3c3e09122270986de9d7aa347d701676761"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e563d8db50f303171aceb79eec0807e7ba06951"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a172fa18bc370b776ac1510abb0dcb50a7a35fac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d4eb861adde5ce22e459fbd29366f47bb2167977"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f412e541d25a3dfaf3d53e012ade6ff03cae8a45"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7X9V-XJQV-HPFR

Vulnerability from github – Published: 2025-03-12 00:31 – Updated: 2025-03-12 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: sfp: fix memory leak in sfp_probe()

sfp_probe() allocates a memory chunk from sfp with sfp_alloc(). When devm_add_action() fails, sfp is not freed, which leads to a memory leak.

We should use devm_add_action_or_reset() instead of devm_add_action().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49619"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:37Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sfp: fix memory leak in sfp_probe()\n\nsfp_probe() allocates a memory chunk from sfp with sfp_alloc(). When\ndevm_add_action() fails, sfp is not freed, which leads to a memory leak.\n\nWe should use devm_add_action_or_reset() instead of devm_add_action().",
  "id": "GHSA-7x9v-xjqv-hpfr",
  "modified": "2025-03-12T00:31:46Z",
  "published": "2025-03-12T00:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49619"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0a18d802d65cf662644fd1d369c86d84a5630652"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1545bc727625ea6e8decd717e5d1e8cc704ccf8f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/204543581a2f26bb3b997a304c0bd06926ba7f15"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/67dc32542a1fb7790d0853cf4a5cf859ac6a2002"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9ec5a97f327a89031fce6cfc3e95543c53936638"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ede990cfc42775bd0141e21f37ee365dcaeeb50f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f22ddc8a5278d7fb6369a0aeb0d8775a0aefaaee"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7XF4-WR6X-3R95

Vulnerability from github – Published: 2024-05-17 12:31 – Updated: 2025-09-26 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: mctp: take ownership of skb in mctp_local_output

Currently, mctp_local_output only takes ownership of skb on success, and we may leak an skb if mctp_local_output fails in specific states; the skb ownership isn't transferred until the actual output routing occurs.

Instead, make mctp_local_output free the skb on all error paths up to the route action, so it always consumes the passed skb.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27418"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T12:15:13Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: take ownership of skb in mctp_local_output\n\nCurrently, mctp_local_output only takes ownership of skb on success, and\nwe may leak an skb if mctp_local_output fails in specific states; the\nskb ownership isn\u0027t transferred until the actual output routing occurs.\n\nInstead, make mctp_local_output free the skb on all error paths up to\nthe route action, so it always consumes the passed skb.",
  "id": "GHSA-7xf4-wr6x-3r95",
  "modified": "2025-09-26T18:31:17Z",
  "published": "2024-05-17T12:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27418"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3773d65ae5154ed7df404b050fd7387a36ab5ef3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a3c8fa54e904b0ddb52a08cc2d8ac239054f61fd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a639441c880ac479495e5ab37e3c29f21ae5771b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cbebc55ceacef1fc0651e80e0103cc184552fc68"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7XX4-26G9-3J94

Vulnerability from github – Published: 2025-10-07 18:31 – Updated: 2026-02-04 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()

The fsl_pamu_probe() returns directly when create_csd() failed, leaving irq and memories unreleased. Fix by jumping to error if create_csd() returns error.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50525"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-07T16:15:36Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()\n\nThe fsl_pamu_probe() returns directly when create_csd() failed, leaving\nirq and memories unreleased.\nFix by jumping to error if create_csd() returns error.",
  "id": "GHSA-7xx4-26g9-3j94",
  "modified": "2026-02-04T18:30:19Z",
  "published": "2025-10-07T18:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50525"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d240ac0e4c35d3f64fc782c11433138c1bd016e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/17fd440594961c5e2ea0f58591bc1bdba0629c75"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/73f5fc5f884ad0c5f7d57f66303af64f9f002526"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9238b687fd62cde14c6e2e8576a40e4246de7ebe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9fbccdf2fefa3944dd8ba8c6a808b387787f3917"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a305d0e4d0ce3166e31d7dbcb4c98b09cad6d49a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c93983230562883e0b5f122040efbb3d478c36d4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/de7eb55009796687fc0a1670e0b944fa8ed54e9b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e42b543d08052c3b223bcfb48f05cbaf0b767f86"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8227-GC3M-7GX5

Vulnerability from github – Published: 2022-10-19 19:00 – Updated: 2022-10-26 19:00
VLAI
Details

Bento4 1.6.0 has memory leaks via the mp4fragment.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-40884"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-19T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Bento4 1.6.0 has memory leaks via the mp4fragment.",
  "id": "GHSA-8227-gc3m-7gx5",
  "modified": "2022-10-26T19:00:39Z",
  "published": "2022-10-19T19:00:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40884"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/759"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yangfar/CVE/blob/main/CVE-2022-40884.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-822W-7669-Q3G6

Vulnerability from github – Published: 2024-10-29 03:31 – Updated: 2024-10-30 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets()

The sysfs_target->regions allocated in damon_sysfs_regions_alloc() is not freed in damon_sysfs_test_add_targets(), which cause the following memory leak, free it to fix it.

unreferenced object 0xffffff80c2a8db80 (size 96):
  comm "kunit_try_catch", pid 187, jiffies 4294894363
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc 0):
    [<0000000001e3714d>] kmemleak_alloc+0x34/0x40
    [<000000008e6835c1>] __kmalloc_cache_noprof+0x26c/0x2f4
    [<000000001286d9f8>] damon_sysfs_test_add_targets+0x1cc/0x738
    [<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac
    [<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec
    [<00000000adf936cf>] kthread+0x2e8/0x374
    [<0000000041bb1628>] ret_from_fork+0x10/0x20
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50068"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-29T01:15:04Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets()\n\nThe sysfs_target-\u003eregions allocated in damon_sysfs_regions_alloc() is not\nfreed in damon_sysfs_test_add_targets(), which cause the following memory\nleak, free it to fix it.\n\n\tunreferenced object 0xffffff80c2a8db80 (size 96):\n\t  comm \"kunit_try_catch\", pid 187, jiffies 4294894363\n\t  hex dump (first 32 bytes):\n\t    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n\t    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n\t  backtrace (crc 0):\n\t    [\u003c0000000001e3714d\u003e] kmemleak_alloc+0x34/0x40\n\t    [\u003c000000008e6835c1\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t    [\u003c000000001286d9f8\u003e] damon_sysfs_test_add_targets+0x1cc/0x738\n\t    [\u003c0000000032ef8f77\u003e] kunit_try_run_case+0x13c/0x3ac\n\t    [\u003c00000000f3edea23\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t    [\u003c00000000adf936cf\u003e] kthread+0x2e8/0x374\n\t    [\u003c0000000041bb1628\u003e] ret_from_fork+0x10/0x20",
  "id": "GHSA-822w-7669-q3g6",
  "modified": "2024-10-30T18:30:48Z",
  "published": "2024-10-29T03:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50068"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/05d43455f6bffa6abc7b937ca58be00452e6973f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2d6a1c835685de3b0c8e8dc871f60f4ef92ab01a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-833C-QFXR-5PP5

Vulnerability from github – Published: 2025-07-25 15:30 – Updated: 2025-11-19 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

video: screen_info: Relocate framebuffers behind PCI bridges

Apply PCI host-bridge window offsets to screen_info framebuffers. Fixes invalid access to I/O memory.

Resources behind a PCI host bridge can be relocated by a certain offset in the kernel's CPU address range used for I/O. The framebuffer memory range stored in screen_info refers to the CPU addresses as seen during boot (where the offset is 0). During boot up, firmware may assign a different memory offset to the PCI host bridge and thereby relocating the framebuffer address of the PCI graphics device as seen by the kernel. The information in screen_info must be updated as well.

The helper pcibios_bus_to_resource() performs the relocation of the screen_info's framebuffer resource (given in PCI bus addresses). The result matches the I/O-memory resource of the PCI graphics device (given in CPU addresses). As before, we store away the information necessary to later update the information in screen_info itself.

Commit 78aa89d1dfba ("firmware/sysfb: Update screen_info for relocated EFI framebuffers") added the code for updating screen_info. It is based on similar functionality that pre-existed in efifb. Efifb uses a pointer to the PCI resource, while the newer code does a memcpy of the region. Hence efifb sees any updates to the PCI resource and avoids the issue.

v3: - Only use struct pci_bus_region for PCI bus addresses (Bjorn) - Clarify address semantics in commit messages and comments (Bjorn) v2: - Fixed tags (Takashi, Ivan) - Updated information on efifb

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38427"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-25T15:15:27Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: screen_info: Relocate framebuffers behind PCI bridges\n\nApply PCI host-bridge window offsets to screen_info framebuffers. Fixes\ninvalid access to I/O memory.\n\nResources behind a PCI host bridge can be relocated by a certain offset\nin the kernel\u0027s CPU address range used for I/O. The framebuffer memory\nrange stored in screen_info refers to the CPU addresses as seen during\nboot (where the offset is 0). During boot up, firmware may assign a\ndifferent memory offset to the PCI host bridge and thereby relocating\nthe framebuffer address of the PCI graphics device as seen by the kernel.\nThe information in screen_info must be updated as well.\n\nThe helper pcibios_bus_to_resource() performs the relocation of the\nscreen_info\u0027s framebuffer resource (given in PCI bus addresses). The\nresult matches the I/O-memory resource of the PCI graphics device (given\nin CPU addresses). As before, we store away the information necessary to\nlater update the information in screen_info itself.\n\nCommit 78aa89d1dfba (\"firmware/sysfb: Update screen_info for relocated\nEFI framebuffers\") added the code for updating screen_info. It is based\non similar functionality that pre-existed in efifb. Efifb uses a pointer\nto the PCI resource, while the newer code does a memcpy of the region.\nHence efifb sees any updates to the PCI resource and avoids the issue.\n\nv3:\n- Only use struct pci_bus_region for PCI bus addresses (Bjorn)\n- Clarify address semantics in commit messages and comments (Bjorn)\nv2:\n- Fixed tags (Takashi, Ivan)\n- Updated information on efifb",
  "id": "GHSA-833c-qfxr-5pp5",
  "modified": "2025-11-19T21:31:17Z",
  "published": "2025-07-25T15:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38427"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2f29b5c231011b94007d2c8a6d793992f2275db1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5c70e3ad85d2890d8af375333699429de26327f2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aeda386d86d79269a08f470dbdc53d13a91e51fa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cc3cc41ed67054a03134bea42408c720eec0fa04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8367-HGVV-7M56

Vulnerability from github – Published: 2024-12-29 12:30 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()

Hook "qed_ops->common->sb_init = qed_sb_init" does not release the DMA memory sb_virt when it fails. Add dma_free_coherent() to free it. This is the same way as qedr_alloc_mem_sb() and qede_alloc_mem_sb().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56748"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-29T12:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()\n\nHook \"qed_ops-\u003ecommon-\u003esb_init = qed_sb_init\" does not release the DMA\nmemory sb_virt when it fails. Add dma_free_coherent() to free it. This\nis the same way as qedr_alloc_mem_sb() and qede_alloc_mem_sb().",
  "id": "GHSA-8367-hgvv-7m56",
  "modified": "2025-11-03T21:32:02Z",
  "published": "2024-12-29T12:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56748"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0e04bd5a11dffe8c1c0e4c9fc79f7d3cd6182dd5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/64654bf5efb3f748e6fc41227adda689618ce9c4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/78a169dc69fbdaf114c40e2d56955bf6bd4fc3c0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7c1832287b21ff68c4e3625e63cc7619edf5908b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/97384449ddfc07f12ca75f510eb070020d7abb34"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a56777a3ef5b35e24a20c4418bcf88bad033807a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b514f45e0fe18d763a1afc34401b1585333cb329"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c62c30429db3eb4ced35c7fcf6f04a61ce3a01bb"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.