Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-868C-7V9P-GMXP

Vulnerability from github – Published: 2022-05-24 17:17 – Updated: 2023-08-16 18:30
VLAI
Details

A vulnerability in the Open Shortest Path First (OSPF) implementation in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to incorrect processing of certain OSPF packets. An attacker could exploit this vulnerability by sending a series of crafted OSPF packets to be processed by an affected device. A successful exploit could allow the attacker to continuously consume memory on an affected device and eventually cause it to reload, resulting in a denial of service (DoS) condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-3195"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-06T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the Open Shortest Path First (OSPF) implementation in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to incorrect processing of certain OSPF packets. An attacker could exploit this vulnerability by sending a series of crafted OSPF packets to be processed by an affected device. A successful exploit could allow the attacker to continuously consume memory on an affected device and eventually cause it to reload, resulting in a denial of service (DoS) condition.",
  "id": "GHSA-868c-7v9p-gmxp",
  "modified": "2023-08-16T18:30:18Z",
  "published": "2022-05-24T17:17:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3195"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-86QR-6525-5M7V

Vulnerability from github – Published: 2025-02-05 18:34 – Updated: 2025-02-05 18:34
VLAI
Details

When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21091"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-05T18:15:30Z",
    "severity": "HIGH"
  },
  "details": "When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization.\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated",
  "id": "GHSA-86qr-6525-5m7v",
  "modified": "2025-02-05T18:34:46Z",
  "published": "2025-02-05T18:34:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21091"
    },
    {
      "type": "WEB",
      "url": "https://my.f5.com/manage/s/article/K000140933"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-86R4-3X7H-8GH4

Vulnerability from github – Published: 2025-09-16 18:31 – Updated: 2025-12-02 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

floppy: Fix memory leak in do_floppy_init()

A memory leak was reported when floppy_alloc_disk() failed in do_floppy_init().

unreferenced object 0xffff888115ed25a0 (size 8): comm "modprobe", pid 727, jiffies 4295051278 (age 25.529s) hex dump (first 8 bytes): 00 ac 67 5b 81 88 ff ff ..g[.... backtrace: [<000000007f457abb>] __kmalloc_node+0x4c/0xc0 [<00000000a87bfa9e>] blk_mq_realloc_tag_set_tags.part.0+0x6f/0x180 [<000000006f02e8b1>] blk_mq_alloc_tag_set+0x573/0x1130 [<0000000066007fd7>] 0xffffffffc06b8b08 [<0000000081f5ac40>] do_one_initcall+0xd0/0x4f0 [<00000000e26d04ee>] do_init_module+0x1a4/0x680 [<000000001bb22407>] load_module+0x6249/0x7110 [<00000000ad31ac4d>] __do_sys_finit_module+0x140/0x200 [<000000007bddca46>] do_syscall_64+0x35/0x80 [<00000000b5afec39>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 unreferenced object 0xffff88810fc30540 (size 32): comm "modprobe", pid 727, jiffies 4295051278 (age 25.529s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000007f457abb>] __kmalloc_node+0x4c/0xc0 [<000000006b91eab4>] blk_mq_alloc_tag_set+0x393/0x1130 [<0000000066007fd7>] 0xffffffffc06b8b08 [<0000000081f5ac40>] do_one_initcall+0xd0/0x4f0 [<00000000e26d04ee>] do_init_module+0x1a4/0x680 [<000000001bb22407>] load_module+0x6249/0x7110 [<00000000ad31ac4d>] __do_sys_finit_module+0x140/0x200 [<000000007bddca46>] do_syscall_64+0x35/0x80 [<00000000b5afec39>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

If the floppy_alloc_disk() failed, disks of current drive will not be set, thus the lastest allocated set->tag cannot be freed in the error handling path. A simple call graph shown as below:

floppy_module_init() floppy_init() do_floppy_init() for (drive = 0; drive < N_DRIVE; drive++) blk_mq_alloc_tag_set() blk_mq_alloc_tag_set_tags() blk_mq_realloc_tag_set_tags() # set->tag allocated floppy_alloc_disk() blk_mq_alloc_disk() # error occurred, disks failed to allocated

   ->out_put_disk:
   for (drive = 0; drive < N_DRIVE; drive++)
     if (!disks[drive][0]) # the last disks is not set and loop break
       break;
     blk_mq_free_tag_set() # the latest allocated set->tag leaked

Fix this problem by free the set->tag of current drive before jump to error handling path.

[efremov: added stable list, changed title]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50342"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T17:15:33Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfloppy: Fix memory leak in do_floppy_init()\n\nA memory leak was reported when floppy_alloc_disk() failed in\ndo_floppy_init().\n\nunreferenced object 0xffff888115ed25a0 (size 8):\n  comm \"modprobe\", pid 727, jiffies 4295051278 (age 25.529s)\n  hex dump (first 8 bytes):\n    00 ac 67 5b 81 88 ff ff                          ..g[....\n  backtrace:\n    [\u003c000000007f457abb\u003e] __kmalloc_node+0x4c/0xc0\n    [\u003c00000000a87bfa9e\u003e] blk_mq_realloc_tag_set_tags.part.0+0x6f/0x180\n    [\u003c000000006f02e8b1\u003e] blk_mq_alloc_tag_set+0x573/0x1130\n    [\u003c0000000066007fd7\u003e] 0xffffffffc06b8b08\n    [\u003c0000000081f5ac40\u003e] do_one_initcall+0xd0/0x4f0\n    [\u003c00000000e26d04ee\u003e] do_init_module+0x1a4/0x680\n    [\u003c000000001bb22407\u003e] load_module+0x6249/0x7110\n    [\u003c00000000ad31ac4d\u003e] __do_sys_finit_module+0x140/0x200\n    [\u003c000000007bddca46\u003e] do_syscall_64+0x35/0x80\n    [\u003c00000000b5afec39\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\nunreferenced object 0xffff88810fc30540 (size 32):\n  comm \"modprobe\", pid 727, jiffies 4295051278 (age 25.529s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [\u003c000000007f457abb\u003e] __kmalloc_node+0x4c/0xc0\n    [\u003c000000006b91eab4\u003e] blk_mq_alloc_tag_set+0x393/0x1130\n    [\u003c0000000066007fd7\u003e] 0xffffffffc06b8b08\n    [\u003c0000000081f5ac40\u003e] do_one_initcall+0xd0/0x4f0\n    [\u003c00000000e26d04ee\u003e] do_init_module+0x1a4/0x680\n    [\u003c000000001bb22407\u003e] load_module+0x6249/0x7110\n    [\u003c00000000ad31ac4d\u003e] __do_sys_finit_module+0x140/0x200\n    [\u003c000000007bddca46\u003e] do_syscall_64+0x35/0x80\n    [\u003c00000000b5afec39\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nIf the floppy_alloc_disk() failed, disks of current drive will not be set,\nthus the lastest allocated set-\u003etag cannot be freed in the error handling\npath. A simple call graph shown as below:\n\n floppy_module_init()\n   floppy_init()\n     do_floppy_init()\n       for (drive = 0; drive \u003c N_DRIVE; drive++)\n         blk_mq_alloc_tag_set()\n           blk_mq_alloc_tag_set_tags()\n             blk_mq_realloc_tag_set_tags() # set-\u003etag allocated\n         floppy_alloc_disk()\n           blk_mq_alloc_disk() # error occurred, disks failed to allocated\n\n       -\u003eout_put_disk:\n       for (drive = 0; drive \u003c N_DRIVE; drive++)\n         if (!disks[drive][0]) # the last disks is not set and loop break\n           break;\n         blk_mq_free_tag_set() # the latest allocated set-\u003etag leaked\n\nFix this problem by free the set-\u003etag of current drive before jump to\nerror handling path.\n\n[efremov: added stable list, changed title]",
  "id": "GHSA-86r4-3x7h-8gh4",
  "modified": "2025-12-02T00:31:10Z",
  "published": "2025-09-16T18:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50342"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/55b3c66a0d441cd37154ae95e44d0b82ccfd580e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/75d8c8851a4da0190c2480e84315b5fd3d0356c5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f36d8c8651506aea5f09899f5356ece5d1384f50"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f8ace2e304c5dd8a7328db9cd2b8a4b1b98d83ec"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-86V6-W4RR-WRW5

Vulnerability from github – Published: 2024-05-01 06:31 – Updated: 2024-06-03 18:55
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: Fix memory leak in create_process failure

Fix memory leak due to a leaked mmget reference on an error handling code path that is triggered when attempting to create KFD processes while a GPU reset is in progress.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26986"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-01T06:15:16Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix memory leak in create_process failure\n\nFix memory leak due to a leaked mmget reference on an error handling\ncode path that is triggered when attempting to create KFD processes\nwhile a GPU reset is in progress.",
  "id": "GHSA-86v6-w4rr-wrw5",
  "modified": "2024-06-03T18:55:51Z",
  "published": "2024-05-01T06:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26986"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0dcd876411644da98a6b4d5a18d32ca94c15bdb5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/18921b205012568b45760753ad3146ddb9e2d4e2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aa02d43367a9adf8c85fb382fea4171fb266c8d0"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-874P-F6C3-782R

Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-11-03 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend()

If we fail to allocate memory for cb_data by kmalloc, the memory allocation for eve_data is never freed, add the missing kfree() in the error handling path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56546"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-27T14:15:34Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend()\n\nIf we fail to allocate memory for cb_data by kmalloc, the memory\nallocation for eve_data is never freed, add the missing kfree()\nin the error handling path.",
  "id": "GHSA-874p-f6c3-782r",
  "modified": "2025-11-03T21:31:50Z",
  "published": "2024-12-27T15:31:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56546"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/272168927f38bda46f6c1ed5f40de97689e7a5d2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/44ed4f90a97ff6f339e50ac01db71544e0990efc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/584d420771e1ad2bb74e19a19da8ae0fee0a6e1f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a3bda42394ff137eb2d3d3d20d2956a8c6e9237"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/882d7afaa4b82c20a7be7a3a039532a80ebacd23"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-87JJ-2MGC-93QW

Vulnerability from github – Published: 2024-10-21 12:30 – Updated: 2024-10-22 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

exfat: resolve memory leak from exfat_create_upcase_table()

If exfat_load_upcase_table reaches end and returns -EINVAL, allocated memory doesn't get freed and while exfat_load_default_upcase_table allocates more memory, leading to a memory leak.

Here's link to syzkaller crash report illustrating this issue: https://syzkaller.appspot.com/text?tag=CrashReport&x=1406c201980000

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47677"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T12:15:04Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: resolve memory leak from exfat_create_upcase_table()\n\nIf exfat_load_upcase_table reaches end and returns -EINVAL,\nallocated memory doesn\u0027t get freed and while\nexfat_load_default_upcase_table allocates more memory, leading to a\nmemory leak.\n\nHere\u0027s link to syzkaller crash report illustrating this issue:\nhttps://syzkaller.appspot.com/text?tag=CrashReport\u0026x=1406c201980000",
  "id": "GHSA-87jj-2mgc-93qw",
  "modified": "2024-10-22T18:32:09Z",
  "published": "2024-10-21T12:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47677"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/331ed2c739ce656a67865f6b3ee0a478349d78cb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c290fe508eee36df1640c3cb35dc8f89e073c8a8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f9835aec49670c46ebe2973032caaa1043b3d4da"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-882G-C5MC-4W4F

Vulnerability from github – Published: 2025-10-17 15:31 – Updated: 2025-10-17 15:31
VLAI
Details

radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-60359"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-17T14:15:46Z",
    "severity": "MODERATE"
  },
  "details": "radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new.",
  "id": "GHSA-882g-c5mc-4w4f",
  "modified": "2025-10-17T15:31:02Z",
  "published": "2025-10-17T15:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60359"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radareorg/radare2/pull/24215"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8895-6F7G-6Q4J

Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-12-03 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()

There is a memory leaks problem reported by kmemleak:

unreferenced object 0xffff888102007a00 (size 128): comm "ubirsvol", pid 32090, jiffies 4298464136 (age 2361.231s) hex dump (first 32 bytes): ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ backtrace: [] __kmalloc+0x4d/0x150 [] ubi_eba_create_table+0x76/0x170 [ubi] [] ubi_resize_volume+0x1be/0xbc0 [ubi] [] ubi_cdev_ioctl+0x701/0x1850 [ubi] [] __x64_sys_ioctl+0x11d/0x170 [] do_syscall_64+0x35/0x80 [] entry_SYSCALL_64_after_hwframe+0x46/0xb0

This is due to a mismatch between create and destroy interfaces, and in detail that "new_eba_tbl" created by ubi_eba_create_table() but destroyed by kfree(), while will causing "new_eba_tbl->entries" not freed.

Fix it by replacing kfree(new_eba_tbl) with ubi_eba_destroy_table(new_eba_tbl)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53271"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T08:15:35Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()\n\nThere is a memory leaks problem reported by kmemleak:\n\nunreferenced object 0xffff888102007a00 (size 128):\n  comm \"ubirsvol\", pid 32090, jiffies 4298464136 (age 2361.231s)\n  hex dump (first 32 bytes):\nff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................\nff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................\n  backtrace:\n[\u003cffffffff8176cecd\u003e] __kmalloc+0x4d/0x150\n[\u003cffffffffa02a9a36\u003e] ubi_eba_create_table+0x76/0x170 [ubi]\n[\u003cffffffffa029764e\u003e] ubi_resize_volume+0x1be/0xbc0 [ubi]\n[\u003cffffffffa02a3321\u003e] ubi_cdev_ioctl+0x701/0x1850 [ubi]\n[\u003cffffffff81975d2d\u003e] __x64_sys_ioctl+0x11d/0x170\n[\u003cffffffff83c142a5\u003e] do_syscall_64+0x35/0x80\n[\u003cffffffff83e0006a\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThis is due to a mismatch between create and destroy interfaces, and\nin detail that \"new_eba_tbl\" created by ubi_eba_create_table() but\ndestroyed by kfree(), while will causing \"new_eba_tbl-\u003eentries\" not\nfreed.\n\nFix it by replacing kfree(new_eba_tbl) with\nubi_eba_destroy_table(new_eba_tbl)",
  "id": "GHSA-8895-6f7g-6q4j",
  "modified": "2025-12-03T18:30:20Z",
  "published": "2025-09-16T15:32:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53271"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/07b60f7452d2fa731737552937cb81821919f874"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/09780a44093b53f9cbca76246af2e4ff0884e512"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1e591ea072df7211f64542a09482b5f81cb3ad27"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/26ec2d66aecab8ff997b912c20247fedba4f5740"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/27b760b81951d8d5e5c952a696af8574052b0709"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/31d60afe2cc2b712dbefcaab6b7d6a47036f844e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5c0c81a313492b83bd0c038b8839b0e04eb87563"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/95a72417dd13ebcdcb1bd0c5d4d15f7c5bfbb288"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-88MC-PCQG-4446

Vulnerability from github – Published: 2024-12-02 15:31 – Updated: 2024-12-11 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

virtio/vsock: Improve MSG_ZEROCOPY error handling

Add a missing kfree_skb() to prevent memory leaks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53117"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-02T14:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio/vsock: Improve MSG_ZEROCOPY error handling\n\nAdd a missing kfree_skb() to prevent memory leaks.",
  "id": "GHSA-88mc-pcqg-4446",
  "modified": "2024-12-11T21:31:57Z",
  "published": "2024-12-02T15:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53117"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/50061d7319e21165d04e3024354c1b43b6137821"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/60cf6206a1f513512f5d73fa4d3dbbcad2e7dcd6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-88PH-QQ7Q-P3QV

Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2022-05-13 01:17
VLAI
Details

A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-15377"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-05T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.",
  "id": "GHSA-88ph-qq7q-p3qv",
  "modified": "2022-05-13T01:17:46Z",
  "published": "2022-05-13T01:17:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15377"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.