CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-8GQP-W9H7-VRXP
Vulnerability from github – Published: 2024-11-19 18:31 – Updated: 2024-11-27 21:32In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Fix possible exec queue leak in exec IOCTL
In a couple of places after an exec queue is looked up the exec IOCTL returns on input errors without dropping the exec queue ref. Fix this ensuring the exec queue ref is dropped on input error.
(cherry picked from commit 07064a200b40ac2195cb6b7b779897d9377e5e6f)
{
"affected": [],
"aliases": [
"CVE-2024-53087"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-19T18:15:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix possible exec queue leak in exec IOCTL\n\nIn a couple of places after an exec queue is looked up the exec IOCTL\nreturns on input errors without dropping the exec queue ref. Fix this\nensuring the exec queue ref is dropped on input error.\n\n(cherry picked from commit 07064a200b40ac2195cb6b7b779897d9377e5e6f)",
"id": "GHSA-8gqp-w9h7-vrxp",
"modified": "2024-11-27T21:32:44Z",
"published": "2024-11-19T18:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53087"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2f92b77a8ce043fbda2664d9be4b66bdc57f67b7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/af797b831d8975cb4610f396dcb7f03f4b9908e7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8GW4-3W27-23G9
Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-23 21:30In the Linux kernel, the following vulnerability has been resolved:
gpu: host1x: Fix memory leak of device names
The device names allocated by dev_set_name() need be freed before module unloading, but they can not be freed because the kobject's refcount which was set in device_initialize() has not be decreased to 0.
As comment of device_add() says, if it fails, use only put_device() drop the refcount, then the name will be freed in kobejct_cleanup().
device_del() and put_device() can be replaced with device_unregister(), so call it to unregister the added successfully devices, and just call put_device() to the not added device.
Add a release() function to device to avoid null release() function WARNING in device_release(), it's empty, because the context devices are freed together in host1x_memory_context_list_free().
{
"affected": [],
"aliases": [
"CVE-2023-53514"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T12:15:55Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpu: host1x: Fix memory leak of device names\n\nThe device names allocated by dev_set_name() need be freed\nbefore module unloading, but they can not be freed because\nthe kobject\u0027s refcount which was set in device_initialize()\nhas not be decreased to 0.\n\nAs comment of device_add() says, if it fails, use only\nput_device() drop the refcount, then the name will be\nfreed in kobejct_cleanup().\n\ndevice_del() and put_device() can be replaced with\ndevice_unregister(), so call it to unregister the added\nsuccessfully devices, and just call put_device() to the\nnot added device.\n\nAdd a release() function to device to avoid null release()\nfunction WARNING in device_release(), it\u0027s empty, because\nthe context devices are freed together in\nhost1x_memory_context_list_free().",
"id": "GHSA-8gw4-3w27-23g9",
"modified": "2026-01-23T21:30:36Z",
"published": "2025-10-01T12:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53514"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3ab0f5ddb761270b11d8c90b8550a59666cfc9bb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/55879dad0f3ae8468444b42f785ad79eac05fe5b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/958c6cbc32996c375af42db96ceba021a1959899"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dba1aeaaf3d0e2f996cb0a5609e5e85ecf405a5c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8GW4-R28F-7G55
Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations.
{
"affected": [],
"aliases": [
"CVE-2016-9914"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-29T22:59:00Z",
"severity": "MODERATE"
},
"details": "Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations.",
"id": "GHSA-8gw4-r28f-7g55",
"modified": "2022-05-13T01:13:38Z",
"published": "2022-05-13T01:13:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9914"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=702dbcc274e2ca43be20ba64c758c0ca57dab91d"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=702dbcc274e2ca43be20ba64c758c0ca57dab91d"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/12/06/11"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/7"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94729"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8GWC-C833-GWMC
Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-11 21:31In the Linux kernel, the following vulnerability has been resolved:
net: sched: fix memory leak in tcindex_set_parms
Syzkaller reports a memory leak as follows:
BUG: memory leak unreferenced object 0xffff88810c287f00 (size 256): comm "syz-executor105", pid 3600, jiffies 4294943292 (age 12.990s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kmalloc_trace+0x20/0x90 mm/slab_common.c:1046 [] kmalloc include/linux/slab.h:576 [inline] [] kmalloc_array include/linux/slab.h:627 [inline] [] kcalloc include/linux/slab.h:659 [inline] [] tcf_exts_init include/net/pkt_cls.h:250 [inline] [] tcindex_set_parms+0xa7/0xbe0 net/sched/cls_tcindex.c:342 [] tcindex_change+0xdf/0x120 net/sched/cls_tcindex.c:553 [] tc_new_tfilter+0x4f2/0x1100 net/sched/cls_api.c:2147 [] rtnetlink_rcv_msg+0x4dc/0x5d0 net/core/rtnetlink.c:6082 [] netlink_rcv_skb+0x87/0x1d0 net/netlink/af_netlink.c:2540 [] netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] [] netlink_unicast+0x397/0x4c0 net/netlink/af_netlink.c:1345 [] netlink_sendmsg+0x396/0x710 net/netlink/af_netlink.c:1921 [] sock_sendmsg_nosec net/socket.c:714 [inline] [] sock_sendmsg+0x56/0x80 net/socket.c:734 [] _syssendmsg+0x178/0x410 net/socket.c:2482 [] _sys_sendmsg+0xa8/0x110 net/socket.c:2536 [] __sys_sendmmsg+0x105/0x330 net/socket.c:2622 [] __do_sys_sendmmsg net/socket.c:2651 [inline] [] __se_sys_sendmmsg net/socket.c:2648 [inline] [] __x64_sys_sendmmsg+0x24/0x30 net/socket.c:2648 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd ====================================
Kernel uses tcindex_change() to change an existing filter properties.
Yet the problem is that, during the process of changing,
if old_r is retrieved from p->perfect, then
kernel uses tcindex_alloc_perfect_hash() to newly
allocate filter results, uses tcindex_filter_result_init()
to clear the old filter result, without destroying
its tcf_exts structure, which triggers the above memory leak.
To be more specific, there are only two source for the old_r,
according to the tcindex_lookup(). old_r is retrieved from
p->perfect, or old_r is retrieved from p->h.
-
If
old_ris retrieved fromp->perfect, kernel uses tcindex_alloc_perfect_hash() to newly allocate the filter results. Thenris assigned withcp->perfect + handle, which is newly allocated. So conditionold_r && old_r != ris true in this situation, and kernel uses tcindex_filter_result_init() to clear the old filter result, without destroying its tcf_exts structure -
If
old_ris retrieved fromp->h, thenp->perfectis NULL according to the tcindex_lookup(). Considering thatcp->his directly copied fromp->handp->perfectis NULL,ris assigned withtcindex_lookup(cp, handle), whose value should be the same asold_r, so conditionold_r && old_r != ris false in this situation, kernel ignores using tcindex_filter_result_init() to clear the old filter result.
So only when old_r is retrieved from p->perfect does kernel use
tcindex_filter_result_init() to clear the old filter result, which
triggers the above memory leak.
Considering that there already exists a tc_filter_wq workqueue to destroy the old tcindex_d ---truncated---
{
"affected": [],
"aliases": [
"CVE-2022-50396"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T14:15:38Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix memory leak in tcindex_set_parms\n\nSyzkaller reports a memory leak as follows:\n====================================\nBUG: memory leak\nunreferenced object 0xffff88810c287f00 (size 256):\n comm \"syz-executor105\", pid 3600, jiffies 4294943292 (age 12.990s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003cffffffff814cf9f0\u003e] kmalloc_trace+0x20/0x90 mm/slab_common.c:1046\n [\u003cffffffff839c9e07\u003e] kmalloc include/linux/slab.h:576 [inline]\n [\u003cffffffff839c9e07\u003e] kmalloc_array include/linux/slab.h:627 [inline]\n [\u003cffffffff839c9e07\u003e] kcalloc include/linux/slab.h:659 [inline]\n [\u003cffffffff839c9e07\u003e] tcf_exts_init include/net/pkt_cls.h:250 [inline]\n [\u003cffffffff839c9e07\u003e] tcindex_set_parms+0xa7/0xbe0 net/sched/cls_tcindex.c:342\n [\u003cffffffff839caa1f\u003e] tcindex_change+0xdf/0x120 net/sched/cls_tcindex.c:553\n [\u003cffffffff8394db62\u003e] tc_new_tfilter+0x4f2/0x1100 net/sched/cls_api.c:2147\n [\u003cffffffff8389e91c\u003e] rtnetlink_rcv_msg+0x4dc/0x5d0 net/core/rtnetlink.c:6082\n [\u003cffffffff839eba67\u003e] netlink_rcv_skb+0x87/0x1d0 net/netlink/af_netlink.c:2540\n [\u003cffffffff839eab87\u003e] netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n [\u003cffffffff839eab87\u003e] netlink_unicast+0x397/0x4c0 net/netlink/af_netlink.c:1345\n [\u003cffffffff839eb046\u003e] netlink_sendmsg+0x396/0x710 net/netlink/af_netlink.c:1921\n [\u003cffffffff8383e796\u003e] sock_sendmsg_nosec net/socket.c:714 [inline]\n [\u003cffffffff8383e796\u003e] sock_sendmsg+0x56/0x80 net/socket.c:734\n [\u003cffffffff8383eb08\u003e] ____sys_sendmsg+0x178/0x410 net/socket.c:2482\n [\u003cffffffff83843678\u003e] ___sys_sendmsg+0xa8/0x110 net/socket.c:2536\n [\u003cffffffff838439c5\u003e] __sys_sendmmsg+0x105/0x330 net/socket.c:2622\n [\u003cffffffff83843c14\u003e] __do_sys_sendmmsg net/socket.c:2651 [inline]\n [\u003cffffffff83843c14\u003e] __se_sys_sendmmsg net/socket.c:2648 [inline]\n [\u003cffffffff83843c14\u003e] __x64_sys_sendmmsg+0x24/0x30 net/socket.c:2648\n [\u003cffffffff84605fd5\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n [\u003cffffffff84605fd5\u003e] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n [\u003cffffffff84800087\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n====================================\n\nKernel uses tcindex_change() to change an existing\nfilter properties.\n\nYet the problem is that, during the process of changing,\nif `old_r` is retrieved from `p-\u003eperfect`, then\nkernel uses tcindex_alloc_perfect_hash() to newly\nallocate filter results, uses tcindex_filter_result_init()\nto clear the old filter result, without destroying\nits tcf_exts structure, which triggers the above memory leak.\n\nTo be more specific, there are only two source for the `old_r`,\naccording to the tcindex_lookup(). `old_r` is retrieved from\n`p-\u003eperfect`, or `old_r` is retrieved from `p-\u003eh`.\n\n * If `old_r` is retrieved from `p-\u003eperfect`, kernel uses\ntcindex_alloc_perfect_hash() to newly allocate the\nfilter results. Then `r` is assigned with `cp-\u003eperfect + handle`,\nwhich is newly allocated. So condition `old_r \u0026\u0026 old_r != r` is\ntrue in this situation, and kernel uses tcindex_filter_result_init()\nto clear the old filter result, without destroying\nits tcf_exts structure\n\n * If `old_r` is retrieved from `p-\u003eh`, then `p-\u003eperfect` is NULL\naccording to the tcindex_lookup(). Considering that `cp-\u003eh`\nis directly copied from `p-\u003eh` and `p-\u003eperfect` is NULL,\n`r` is assigned with `tcindex_lookup(cp, handle)`, whose value\nshould be the same as `old_r`, so condition `old_r \u0026\u0026 old_r != r`\nis false in this situation, kernel ignores using\ntcindex_filter_result_init() to clear the old filter result.\n\nSo only when `old_r` is retrieved from `p-\u003eperfect` does kernel use\ntcindex_filter_result_init() to clear the old filter result, which\ntriggers the above memory leak.\n\nConsidering that there already exists a tc_filter_wq workqueue\nto destroy the old tcindex_d\n---truncated---",
"id": "GHSA-8gwc-c833-gwmc",
"modified": "2025-12-11T21:31:26Z",
"published": "2025-09-18T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50396"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/01d0d2b8b4e3cf2110baba9371c0c3d04ad5c77b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/372ae77cf11d11fb118cbe2d37def9dd5f826abd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/399ab7fe0fa0d846881685fd4e57e9a8ef7559f7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3abebc503a5148072052c229c6b04b329a420ecd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/53af9c793f644d5841d84d8e0ad83bd7ab47f3e0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/55ac68b53f1cea1926ee2313afc5d66b91daad71"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6c55953e232ea668731091d111066521f3b7719b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7a6fb69bbcb21e9ce13bdf18c008c268874f0480"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7c183dc0af472dec33d2c0786a5e356baa8cad19"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b314f6c3512108d7a656c5caf07c82d1bbbdc0f1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c4de6057e7c6654983acb63d939d26ac0d7bbf39"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/facc4405e8b7407e03216207b1d1d640127de0c8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8GX9-2MGX-HM7J
Vulnerability from github – Published: 2025-07-25 15:30 – Updated: 2025-12-23 21:30In the Linux kernel, the following vulnerability has been resolved:
drm/msm: Fix another leak in the submit error path
put_unused_fd() doesn't free the installed file, if we've already done fd_install(). So we need to also free the sync_file.
Patchwork: https://patchwork.freedesktop.org/patch/653583/
{
"affected": [],
"aliases": [
"CVE-2025-38409"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-25T14:15:32Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix another leak in the submit error path\n\nput_unused_fd() doesn\u0027t free the installed file, if we\u0027ve already done\nfd_install(). So we need to also free the sync_file.\n\nPatchwork: https://patchwork.freedesktop.org/patch/653583/",
"id": "GHSA-8gx9-2mgx-hm7j",
"modified": "2025-12-23T21:30:21Z",
"published": "2025-07-25T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38409"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/00b3401f692082ddf6342500d1be25560bba46d4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/30d3819b0b9173e31b84d662a592af8bad351427"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3f6ce8433a9035b0aa810e1f5b708e9dc1c367b0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c40ad1c04d306f7fde26337fdcf8a5979657d93f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f681c2aa8676a890eacc84044717ab0fd26e058f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8HC6-8J6C-V3P8
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-07 21:31In the Linux kernel, the following vulnerability has been resolved:
Input: i8042 - fix leaking of platform device on module removal
Avoid resetting the module-wide i8042_platform_device pointer in i8042_probe() or i8042_remove(), so that the device can be properly destroyed by i8042_exit() on module unload.
{
"affected": [],
"aliases": [
"CVE-2022-49777"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T15:16:00Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: i8042 - fix leaking of platform device on module removal\n\nAvoid resetting the module-wide i8042_platform_device pointer in\ni8042_probe() or i8042_remove(), so that the device can be properly\ndestroyed by i8042_exit() on module unload.",
"id": "GHSA-8hc6-8j6c-v3p8",
"modified": "2025-11-07T21:31:16Z",
"published": "2025-05-01T15:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49777"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3f25add5ecf88de0f8ff2b27b6c0731a1f1b38ed"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4f348b60c79671eee33c1389efe89109c93047da"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/81cd7e8489278d28794e7b272950c3e00c344e44"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/81df118e79b2136b5c016394f67a051dc508b7b6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a32cd7feb0127bf629a82686b6e2c128139a86e5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d5f7f6e63fed9c2ed09725d90059a28907e197e3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8HG9-RCGR-QWWM
Vulnerability from github – Published: 2025-03-12 18:32 – Updated: 2025-07-19 03:30Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an attacker to cause a denial of service via the UnixMemoryAlloc function.
{
"affected": [],
"aliases": [
"CVE-2025-25566"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-12T16:15:22Z",
"severity": "MODERATE"
},
"details": "Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an attacker to cause a denial of service via the UnixMemoryAlloc function.",
"id": "GHSA-8hg9-rcgr-qwwm",
"modified": "2025-07-19T03:30:19Z",
"published": "2025-03-12T18:32:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25566"
},
{
"type": "WEB",
"url": "https://filecenter.softether-upload.com/d/250715_001_79538/CVE-2025-25566.pdf"
},
{
"type": "WEB",
"url": "https://lzydry.github.io/CVE-2025-25566"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-8HH9-X5XQ-JQ2W
Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13.c in lwm2mserver in the LWM2M server mishandles invalid options, leading to a memory leak. Processing of a single crafted packet leads to leaking (wasting) 24 bytes of memory. This can lead to termination of the LWM2M server after exhausting all available memory.
{
"affected": [],
"aliases": [
"CVE-2019-9004"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-22T15:29:00Z",
"severity": "HIGH"
},
"details": "In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13.c in lwm2mserver in the LWM2M server mishandles invalid options, leading to a memory leak. Processing of a single crafted packet leads to leaking (wasting) 24 bytes of memory. This can lead to termination of the LWM2M server after exhausting all available memory.",
"id": "GHSA-8hh9-x5xq-jq2w",
"modified": "2022-05-13T01:22:57Z",
"published": "2022-05-13T01:22:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9004"
},
{
"type": "WEB",
"url": "https://github.com/eclipse/wakaama/issues/425"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8HM3-862X-X4P7
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-14 18:31In the Linux kernel, the following vulnerability has been resolved:
bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem
The vmemmap pages is marked by kmemleak when allocated from memblock. Remove it from kmemleak when freeing the page. Otherwise, when we reuse the page, kmemleak may report such an error and then stop working.
kmemleak: Cannot insert 0xffff98fb6eab3d40 into the object search tree (overlaps existing) kmemleak: Kernel memory leak detector disabled kmemleak: Object 0xffff98fb6be00000 (size 335544320): kmemleak: comm "swapper", pid 0, jiffies 4294892296 kmemleak: min_count = 0 kmemleak: count = 0 kmemleak: flags = 0x1 kmemleak: checksum = 0 kmemleak: backtrace:
{
"affected": [],
"aliases": [
"CVE-2022-49994"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbootmem: remove the vmemmap pages from kmemleak in put_page_bootmem\n\nThe vmemmap pages is marked by kmemleak when allocated from memblock. \nRemove it from kmemleak when freeing the page. Otherwise, when we reuse\nthe page, kmemleak may report such an error and then stop working.\n\n kmemleak: Cannot insert 0xffff98fb6eab3d40 into the object search tree (overlaps existing)\n kmemleak: Kernel memory leak detector disabled\n kmemleak: Object 0xffff98fb6be00000 (size 335544320):\n kmemleak: comm \"swapper\", pid 0, jiffies 4294892296\n kmemleak: min_count = 0\n kmemleak: count = 0\n kmemleak: flags = 0x1\n kmemleak: checksum = 0\n kmemleak: backtrace:",
"id": "GHSA-8hm3-862x-x4p7",
"modified": "2025-11-14T18:31:23Z",
"published": "2025-06-18T12:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49994"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/16a12ee619e39e8112f61b603255c16b73b6264b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9ae15c4ba2be1e5a62503b6d873e84beb5fcbb5a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dd0ff4d12dd284c334f7e9b07f8f335af856ac78"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8J6F-39HH-F4V6
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2023-05-22 21:30A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device.
{
"affected": [],
"aliases": [
"CVE-2021-34740"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-23T03:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device.",
"id": "GHSA-8j6f-39hh-f4v6",
"modified": "2023-05-22T21:30:23Z",
"published": "2022-05-24T19:15:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34740"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.