Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-84GC-CF68-FRM5

Vulnerability from github – Published: 2025-04-03 09:32 – Updated: 2025-04-10 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/huge_memory: drop beyond-EOF folios with the right number of refs

When an after-split folio is large and needs to be dropped due to EOF, folio_put_refs(folio, folio_nr_pages(folio)) should be used to drop all page cache refs. Otherwise, the folio will not be freed, causing memory leak.

This leak would happen on a filesystem with blocksize > page_size and a truncate is performed, where the blocksize makes folios split to >0 order ones, causing truncated folios not being freed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-22000"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-03T08:15:15Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: drop beyond-EOF folios with the right number of refs\n\nWhen an after-split folio is large and needs to be dropped due to EOF,\nfolio_put_refs(folio, folio_nr_pages(folio)) should be used to drop all\npage cache refs.  Otherwise, the folio will not be freed, causing memory\nleak.\n\nThis leak would happen on a filesystem with blocksize \u003e page_size and a\ntruncate is performed, where the blocksize makes folios split to \u003e0 order\nones, causing truncated folios not being freed.",
  "id": "GHSA-84gc-cf68-frm5",
  "modified": "2025-04-10T18:32:01Z",
  "published": "2025-04-03T09:32:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22000"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/14efb4793519d73fb2902bb0ece319b886e4b4b9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/86368616a9ce51f6b41efa251b6e066893851d67"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/92ad820a1f2d95d5a8d6c2bd3f391bbb068a5f9e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-84HW-WWW5-5V7P

Vulnerability from github – Published: 2024-04-03 18:30 – Updated: 2025-01-14 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

devlink: fix possible use-after-free and memory leaks in devlink_init()

The pernet operations structure for the subsystem must be registered before registering the generic netlink family.

Make an unregister in case of unsuccessful registration.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26734"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-03T17:15:51Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevlink: fix possible use-after-free and memory leaks in devlink_init()\n\nThe pernet operations structure for the subsystem must be registered\nbefore registering the generic netlink family.\n\nMake an unregister in case of unsuccessful registration.",
  "id": "GHSA-84hw-www5-5v7p",
  "modified": "2025-01-14T18:31:49Z",
  "published": "2024-04-03T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26734"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/919092bd5482b7070ae66d1daef73b600738f3a2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/def689fc26b9a9622d2e2cb0c4933dd3b1c8071c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e91d3561e28d7665f4f837880501dc8755f635a9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-84J2-855V-3F6Q

Vulnerability from github – Published: 2024-12-29 12:30 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()

When information such as info->screen_base is not ready, calling sh7760fb_free_mem() does not release memory correctly. Call dma_free_coherent() instead.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56746"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-29T12:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()\n\nWhen information such as info-\u003escreen_base is not ready, calling\nsh7760fb_free_mem() does not release memory correctly. Call\ndma_free_coherent() instead.",
  "id": "GHSA-84j2-855v-3f6q",
  "modified": "2025-11-03T21:32:02Z",
  "published": "2024-12-29T12:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56746"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d3fb3b3e9d66f7b6346e3b90bc0ff48683539ce"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/29216bb390e36daeebef66abaa02d9751330252b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3dd9df8e5f34c6fc4217a7498c1fb3c352d4afc2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/40f4326ed05a3b3537556ff2a844958b9e779a98"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bad37309c8b8bf1cfc893750df0951a804009ca0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d10cd53e5a7fb3b7c6f83d4d9a5ea1d97a3ed9a5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d48cbfa90dce506030151915fa3346d67f964af4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f4fbd70e15fafe36a7583954ce189aaf5536aeec"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f89d17ae2ac42931be2a0153fecbf8533280c927"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-84PR-VGRV-386J

Vulnerability from github – Published: 2026-04-03 18:31 – Updated: 2026-06-01 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure

ieee80211_tx_prepare_skb() has three error paths, but only two of them free the skb. The first error path (ieee80211_tx_prepare() returning TX_DROP) does not free it, while invoke_tx_handlers() failure and the fragmentation check both do.

Add kfree_skb() to the first error path so all three are consistent, and remove the now-redundant frees in callers (ath9k, mt76, mac80211_hwsim) to avoid double-free.

Document the skb ownership guarantee in the function's kdoc.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23444"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-03T16:16:28Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure\n\nieee80211_tx_prepare_skb() has three error paths, but only two of them\nfree the skb. The first error path (ieee80211_tx_prepare() returning\nTX_DROP) does not free it, while invoke_tx_handlers() failure and the\nfragmentation check both do.\n\nAdd kfree_skb() to the first error path so all three are consistent,\nand remove the now-redundant frees in callers (ath9k, mt76,\nmac80211_hwsim) to avoid double-free.\n\nDocument the skb ownership guarantee in the function\u0027s kdoc.",
  "id": "GHSA-84pr-vgrv-386j",
  "modified": "2026-06-01T18:31:23Z",
  "published": "2026-04-03T18:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23444"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/06e769dddcbeb3baf2ce346273b53dd61fdbecf4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3b4d27acafaeab478fd24f79ad6e593a892828b9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/50f1b690b4868923fbd242298def2fb88662f108"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5ef8ca1c164786da24169af155c1ca1ff1353cf8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/905ef207d5ed99ca64adfe39fba9ac46e434327a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9a779d1f480e83720b5384adf165604e7ee226bd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d5ad6ab61cbd89afdb60881f6274f74328af3ee9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f77b51bcee7be2bb686b5f7a2d4a1921e4bdb9f4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-84R8-H488-8MWC

Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-02-06 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

spi: qup: Don't skip cleanup in remove's error path

Returning early in a platform driver's remove callback is wrong. In this case the dma resources are not released in the error path. this is never retried later and so this is a permanent leak. To fix this, only skip hardware disabling if waking the device fails.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53567"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-04T16:15:52Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: qup: Don\u0027t skip cleanup in remove\u0027s error path\n\nReturning early in a platform driver\u0027s remove callback is wrong. In this\ncase the dma resources are not released in the error path. this is never\nretried later and so this is a permanent leak. To fix this, only skip\nhardware disabling if waking the device fails.",
  "id": "GHSA-84r8-h488-8mwc",
  "modified": "2026-02-06T15:30:58Z",
  "published": "2025-10-04T18:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53567"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2d0f63077f481f11a07f20eab1c1f4367dfaef32"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/49c17fccae36505550c9121891722fff337f148a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/55ecdcd12bc176b86fecbcb125ac814ac8fe857a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/61f49171a43ab1f80c73c5c88c508770c461e0f2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8632384337038b97910c2f7bb5a3f377aa68d001"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bc88243bbe6140d289bb32b4ee4607ba5ce1124a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f345d4d71e87d878437417ffbb9a7d4e16d235eb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fd53f41bd86daa39b454fd4637a908ff2123547f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-84X4-GJV7-HM5J

Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2024-10-24 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()

As comment of pci_get_domain_bus_and_slot() says, it returns a pci device with refcount increment, when finish using it, the caller must decrement the reference count by calling pci_dev_put(). So call it after using to avoid refcount leak.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49011"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T20:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()\n\nAs comment of pci_get_domain_bus_and_slot() says, it returns\na pci device with refcount increment, when finish using it,\nthe caller must decrement the reference count by calling\npci_dev_put(). So call it after using to avoid refcount leak.",
  "id": "GHSA-84x4-gjv7-hm5j",
  "modified": "2024-10-24T21:31:02Z",
  "published": "2024-10-21T21:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49011"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0dd1da5a15eeecb2fe4cf131b3216fb455af783c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2f74cffc7c85f770b1b1833dccb03b8cde3be102"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6e035d5a2a6b907cfce9a80c5f442c2e459cd34e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7dec14537c5906b8bf40fd6fd6d9c3850f8df11d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bb75a0d1223d43f97089841aecb28a9b4de687a9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c40db1e5f316792b557d2be37e447c20d9ac4635"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ea5844f946b1ec5c0b7c115cd7684f34fd48021b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f598da27acbeee414679cacd14294db3e273e3d2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-857R-XMRG-GJ95

Vulnerability from github – Published: 2024-05-01 15:30 – Updated: 2025-09-18 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

virtio: packed: fix unmap leak for indirect desc table

When use_dma_api and premapped are true, then the do_unmap is false.

Because the do_unmap is false, vring_unmap_extra_packed is not called by detach_buf_packed.

if (unlikely(vq->do_unmap)) { curr = id; for (i = 0; i < state->num; i++) { vring_unmap_extra_packed(vq, &vq->packed.desc_extra[curr]); curr = vq->packed.desc_extra[curr].next; } }

So the indirect desc table is not unmapped. This causes the unmap leak.

So here, we check vq->use_dma_api instead. Synchronously, dma info is updated based on use_dma_api judgment

This bug does not occur, because no driver use the premapped with indirect.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27066"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-01T13:15:50Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: packed: fix unmap leak for indirect desc table\n\nWhen use_dma_api and premapped are true, then the do_unmap is false.\n\nBecause the do_unmap is false, vring_unmap_extra_packed is not called by\ndetach_buf_packed.\n\n  if (unlikely(vq-\u003edo_unmap)) {\n                curr = id;\n                for (i = 0; i \u003c state-\u003enum; i++) {\n                        vring_unmap_extra_packed(vq,\n                                                 \u0026vq-\u003epacked.desc_extra[curr]);\n                        curr = vq-\u003epacked.desc_extra[curr].next;\n                }\n  }\n\nSo the indirect desc table is not unmapped. This causes the unmap leak.\n\nSo here, we check vq-\u003euse_dma_api instead. Synchronously, dma info is\nupdated based on use_dma_api judgment\n\nThis bug does not occur, because no driver use the premapped with\nindirect.",
  "id": "GHSA-857r-xmrg-gj95",
  "modified": "2025-09-18T18:30:21Z",
  "published": "2024-05-01T15:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27066"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/51bacd9d29bf98c3ebc65e4a0477bb86306b4140"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/75450ff8c6fe8755bf5b139b238eaf9739cfd64e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d5c0ed17fea60cca9bc3bf1278b49ba79242bbcd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e142169aca5546ae6619c39a575cda8105362100"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-85J4-7FM7-86X3

Vulnerability from github – Published: 2026-02-04 18:30 – Updated: 2026-03-18 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak

Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak").

In esd_usb_open(), the URBs for USB-in transfers are allocated, added to the dev->rx_submitted anchor and submitted. In the complete callback esd_usb_read_bulk_callback(), the URBs are processed and resubmitted. In esd_usb_close() the URBs are freed by calling usb_kill_anchored_urbs(&dev->rx_submitted).

However, this does not take into account that the USB framework unanchors the URB before the complete function is called. This means that once an in-URB has been completed, it is no longer anchored and is ultimately not released in esd_usb_close().

Fix the memory leak by anchoring the URB in the esd_usb_read_bulk_callback() to the dev->rx_submitted anchor.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23075"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-04T17:16:18Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak\n\nFix similar memory leak as in commit 7352e1d5932a (\"can: gs_usb:\ngs_usb_receive_bulk_callback(): fix URB memory leak\").\n\nIn esd_usb_open(), the URBs for USB-in transfers are allocated, added to\nthe dev-\u003erx_submitted anchor and submitted. In the complete callback\nesd_usb_read_bulk_callback(), the URBs are processed and resubmitted. In\nesd_usb_close() the URBs are freed by calling\nusb_kill_anchored_urbs(\u0026dev-\u003erx_submitted).\n\nHowever, this does not take into account that the USB framework unanchors\nthe URB before the complete function is called. This means that once an\nin-URB has been completed, it is no longer anchored and is ultimately not\nreleased in esd_usb_close().\n\nFix the memory leak by anchoring the URB in the\nesd_usb_read_bulk_callback() to the dev-\u003erx_submitted anchor.",
  "id": "GHSA-85j4-7fm7-86x3",
  "modified": "2026-03-18T18:31:11Z",
  "published": "2026-02-04T18:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23075"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a4391bdc6c8357242f62f22069c865b792406b3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/92d26ce07ac3b7a850dc68c8d73d487b39c39b33"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/93b34d4ba7266030801a509c088ac77c0d7a12e9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9d1807b442fc3286b204f8e59981b10e743533ce"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a9503ae43256e80db5cba9d449b238607164c51d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/adec5e1f9c99fe079ec4c92cca3f1109a3e257c3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dc934d96673992af8568664c1b58e13eb164010d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-863V-GCWH-WP4V

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-25 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

soc: mediatek: svs: Fix memory leak in svs_enable_debug_write()

In svs_enable_debug_write(), the buf allocated by memdup_user_nul() is leaked if kstrtoint() fails.

Fix this by using __free(kfree) to automatically free buf, eliminating the need for explicit kfree() calls and preventing leaks.

[Angelo: Added missing cleanup.h inclusion]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45881"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:01Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: mediatek: svs: Fix memory leak in svs_enable_debug_write()\n\nIn svs_enable_debug_write(), the buf allocated by memdup_user_nul()\nis leaked if kstrtoint() fails.\n\nFix this by using __free(kfree) to automatically free buf, eliminating\nthe need for explicit kfree() calls and preventing leaks.\n\n[Angelo: Added missing cleanup.h inclusion]",
  "id": "GHSA-863v-gcwh-wp4v",
  "modified": "2026-06-25T21:31:19Z",
  "published": "2026-05-27T15:33:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45881"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/06195456c4e4de3826c4ca60eca941c472f991d0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f6498077faa9cd89bb787bcc57063494a6f0601"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/47a3e372f7d68776adb749a27c0ec9058ff1b4fd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6259094ee806fb813ca95894c65fb80e2ec98bf1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6bb10466e0884b4a68d4a1f3f4bb87eeb471c18a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a58c97828911c0b6e25d6b556789da974003efda"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-866G-H3VJ-MMQR

Vulnerability from github – Published: 2025-03-18 21:31 – Updated: 2025-03-18 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

gpu: host1x: Fix a memory leak in 'host1x_remove()'

Add a missing 'host1x_channel_list_free()' call in the remove function, as already done in the error handling path of the probe function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47648"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T06:37:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpu: host1x: Fix a memory leak in \u0027host1x_remove()\u0027\n\nAdd a missing \u0027host1x_channel_list_free()\u0027 call in the remove function,\nas already done in the error handling path of the probe function.",
  "id": "GHSA-866g-h3vj-mmqr",
  "modified": "2025-03-18T21:31:58Z",
  "published": "2025-03-18T21:31:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47648"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/025c6643a81564f066d8381b9e2f4603e0f8438f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5124a344983e1b9670dae7add0e4d00d589aabcd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6bb107332db28a0e9256c2d36a0902b85307612c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c06577a80485511b894cb688e881ef0bc2d1d296"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fe1ce680560d4f0049ffa0c687de17567421c1ec"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.