Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-8Q26-HF33-VM3W

Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22
VLAI
Details

SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC4 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-6492"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-21T16:01:00Z",
    "severity": "MODERATE"
  },
  "details": "SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC4 is called. This kernel pointer can be leaked if the kernel pool becomes a \"big\" pool.",
  "id": "GHSA-8q26-hf33-vm3w",
  "modified": "2022-05-13T01:22:42Z",
  "published": "2022-05-13T01:22:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6492"
    },
    {
      "type": "WEB",
      "url": "https://downwithup.github.io/CVEPosts.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8Q6P-CHGP-9J92

Vulnerability from github – Published: 2025-02-10 18:30 – Updated: 2025-02-10 18:30
VLAI
Details

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1150"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-10T17:15:18Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I\u0027m not going to commit some of the leak fixes I\u0027ve been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"",
  "id": "GHSA-8q6p-chgp-9j92",
  "modified": "2025-02-10T18:30:48Z",
  "published": "2025-02-10T18:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1150"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/attachment.cgi?id=15887"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32576"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.295054"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.295054"
    },
    {
      "type": "WEB",
      "url": "https://www.gnu.org"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8R78-C2F2-82QM

Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2024-11-04 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

xen-netfront: Add missing skb_mark_for_recycle

Notice that skb_mark_for_recycle() is introduced later than fixes tag in commit 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling").

It is believed that fixes tag were missing a call to page_pool_release_page() between v5.9 to v5.14, after which is should have used skb_mark_for_recycle(). Since v6.6 the call page_pool_release_page() were removed (in commit 535b9c61bdef ("net: page_pool: hide page_pool_release_page()") and remaining callers converted (in commit 6bfef2ec0172 ("Merge branch 'net-page_pool-remove-page_pool_release_page'")).

This leak became visible in v6.8 via commit dba1b8a7ab68 ("mm/page_pool: catch page_pool memory leaks").

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27393"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T15:12:26Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen-netfront: Add missing skb_mark_for_recycle\n\nNotice that skb_mark_for_recycle() is introduced later than fixes tag in\ncommit 6a5bcd84e886 (\"page_pool: Allow drivers to hint on SKB recycling\").\n\nIt is believed that fixes tag were missing a call to page_pool_release_page()\nbetween v5.9 to v5.14, after which is should have used skb_mark_for_recycle().\nSince v6.6 the call page_pool_release_page() were removed (in\ncommit 535b9c61bdef (\"net: page_pool: hide page_pool_release_page()\")\nand remaining callers converted (in commit 6bfef2ec0172 (\"Merge branch\n\u0027net-page_pool-remove-page_pool_release_page\u0027\")).\n\nThis leak became visible in v6.8 via commit dba1b8a7ab68 (\"mm/page_pool: catch\npage_pool memory leaks\").",
  "id": "GHSA-8r78-c2f2-82qm",
  "modified": "2024-11-04T21:30:26Z",
  "published": "2024-05-14T15:32:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27393"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/037965402a010898d34f4e35327d22c0a95cd51f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/27aa3e4b3088426b7e34584274ad45b5afaf7629"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4143b9479caa29bb2380f3620dcbe16ea84eb3b1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7c1250796b6c262b505a46192f4716b8c6a6a8c6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c8b7b2f158d9d4fb89cd2f68244af154f7549bb4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/05/08/4"
    },
    {
      "type": "WEB",
      "url": "http://xenbits.xen.org/xsa/advisory-457.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8R7C-3CM2-3H8F

Vulnerability from github – Published: 2022-02-10 00:33 – Updated: 2024-11-13 22:49
VLAI
Summary
Memory leak in Tensorflow
Details

Impact

If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize:

Status s = params_.create_kernel(n->properties(), &item->kernel);
if (!s.ok()) {
  item->kernel = nullptr;
  s = AttachDef(s, *n);
  return s;           
}                     

Here, we set item->kernel to nullptr but it is a simple OpKernel* pointer so the memory that was previously allocated to it would leak.

Patches

We have patched the issue in GitHub commit c79ccba517dbb1a0ccb9b01ee3bd2a63748b60dd. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.7.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.7.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.7.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2022-23578"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-04T20:15:02Z",
    "nvd_published_at": "2022-02-04T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nIf a graph node is invalid, TensorFlow can leak memory in the [implementation of `ImmutableExecutorState::Initialize`](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/common_runtime/immutable_executor_state.cc#L84-L262):\n\n```cc\nStatus s = params_.create_kernel(n-\u003eproperties(), \u0026item-\u003ekernel);\nif (!s.ok()) {\n  item-\u003ekernel = nullptr;\n  s = AttachDef(s, *n);\n  return s;           \n}                     \n```\n\nHere, we set `item-\u003ekernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak.\n\n### Patches\nWe have patched the issue in GitHub commit [c79ccba517dbb1a0ccb9b01ee3bd2a63748b60dd](https://github.com/tensorflow/tensorflow/commit/c79ccba517dbb1a0ccb9b01ee3bd2a63748b60dd).\nThe fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\n### For more information \nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.",
  "id": "GHSA-8r7c-3cm2-3h8f",
  "modified": "2024-11-13T22:49:23Z",
  "published": "2022-02-10T00:33:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8r7c-3cm2-3h8f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23578"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/c79ccba517dbb1a0ccb9b01ee3bd2a63748b60dd"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-87.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-142.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/common_runtime/immutable_executor_state.cc#L84-L262"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Memory leak in Tensorflow"
}

GHSA-8RFM-2PFJ-5PQ2

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03
VLAI
Details

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-22051"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-02T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c.",
  "id": "GHSA-8rfm-2pfj-5pq2",
  "modified": "2022-05-24T19:03:51Z",
  "published": "2022-05-24T19:03:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22051"
    },
    {
      "type": "WEB",
      "url": "https://trac.ffmpeg.org/ticket/8313"
    },
    {
      "type": "WEB",
      "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=673fce6d40d9a594fb7a0ea17d296b7d3d9ea856"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-8RJJ-J4HJ-JC98

Vulnerability from github – Published: 2024-07-16 15:30 – Updated: 2024-07-23 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr

This node pointer is returned by of_find_compatible_node() with refcount incremented. Calling of_node_put() to aovid the refcount leak.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48859"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-16T13:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr\n\nThis node pointer is returned by of_find_compatible_node() with\nrefcount incremented. Calling of_node_put() to aovid the refcount leak.",
  "id": "GHSA-8rjj-j4hj-jc98",
  "modified": "2024-07-23T15:31:08Z",
  "published": "2024-07-16T15:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48859"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4cc66bf17220ff9631f9fa99b02a872e0ad5a08b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b7c2fd1d126329340639adfb8dd2938fe4b65df7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c9ffa3e2bc451816ce0295e40063514fabf2bd36"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8RJR-8H65-297V

Vulnerability from github – Published: 2024-03-25 12:30 – Updated: 2024-05-16 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

misc/uss720: fix memory leak in uss720_probe

uss720_probe forgets to decrease the refcount of usbdev in uss720_probe. Fix this by decreasing the refcount of usbdev by usb_put_dev.

BUG: memory leak unreferenced object 0xffff888101113800 (size 2048): comm "kworker/0:1", pid 7, jiffies 4294956777 (age 28.870s) hex dump (first 32 bytes): ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1........... 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ................ backtrace: [] kmalloc include/linux/slab.h:554 [inline] [] kzalloc include/linux/slab.h:684 [inline] [] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582 [] hub_port_connect drivers/usb/core/hub.c:5129 [inline] [] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline] [] port_event drivers/usb/core/hub.c:5509 [inline] [] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591 [] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275 [] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421 [] kthread+0x178/0x1b0 kernel/kthread.c:292 [] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47173"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-25T10:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc/uss720: fix memory leak in uss720_probe\n\nuss720_probe forgets to decrease the refcount of usbdev in uss720_probe.\nFix this by decreasing the refcount of usbdev by usb_put_dev.\n\nBUG: memory leak\nunreferenced object 0xffff888101113800 (size 2048):\n  comm \"kworker/0:1\", pid 7, jiffies 4294956777 (age 28.870s)\n  hex dump (first 32 bytes):\n    ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00  ....1...........\n    00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00  ................\n  backtrace:\n    [\u003cffffffff82b8e822\u003e] kmalloc include/linux/slab.h:554 [inline]\n    [\u003cffffffff82b8e822\u003e] kzalloc include/linux/slab.h:684 [inline]\n    [\u003cffffffff82b8e822\u003e] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582\n    [\u003cffffffff82b98441\u003e] hub_port_connect drivers/usb/core/hub.c:5129 [inline]\n    [\u003cffffffff82b98441\u003e] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]\n    [\u003cffffffff82b98441\u003e] port_event drivers/usb/core/hub.c:5509 [inline]\n    [\u003cffffffff82b98441\u003e] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591\n    [\u003cffffffff81259229\u003e] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275\n    [\u003cffffffff81259b19\u003e] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421\n    [\u003cffffffff81261228\u003e] kthread+0x178/0x1b0 kernel/kthread.c:292\n    [\u003cffffffff8100227f\u003e] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294",
  "id": "GHSA-8rjr-8h65-297v",
  "modified": "2024-05-16T21:31:56Z",
  "published": "2024-03-25T12:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47173"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/36b5ff1db1a4ef4fdbc2bae364344279f033ad88"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/386918878ce4cd676e4607233866e03c9399a46a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5394ae9d8c7961dd93807fdf1b12a1dde96b0a55"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5f46b2410db2c8f26b8bb91b40deebf4ec184391"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7889c70e6173ef358f3cd7578db127a489035a42"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a3c3face38cb49932c62adcc1289914f1c742096"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bcb30cc8f8befcbdbcf7a016e4dfd4747c54a364"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dcb4b8ad6a448532d8b681b5d1a7036210b622de"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8RXQ-4Q2F-M8FJ

Vulnerability from github – Published: 2025-03-18 21:32 – Updated: 2025-03-18 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Call dc_stream_release for remove link enc assignment

[Why] A porting error resulted in the stream assignment for the link being retained without being released - a memory leak.

[How] Fix the porting error by adding back the dc_stream_release() intended as part of the original patch.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:00Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Call dc_stream_release for remove link enc assignment\n\n[Why]\nA porting error resulted in the stream assignment for the link\nbeing retained without being released - a memory leak.\n\n[How]\nFix the porting error by adding back the dc_stream_release() intended\nas part of the original patch.",
  "id": "GHSA-8rxq-4q2f-m8fj",
  "modified": "2025-03-18T21:32:00Z",
  "published": "2025-03-18T21:32:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49233"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a28b7b6a0c827ce672edcdb5b2b5916b0beebe03"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f2bde8349c35d01d7c50456ea06a5c7d5e0e5ed0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8V22-4PX4-6C2P

Vulnerability from github – Published: 2025-03-14 00:30 – Updated: 2026-06-01 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix memory leak

[why] Resource release is needed on the error handling path to prevent memory leak.

[how] Fix this by adding kfree on the error handling path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49135"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:50Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix memory leak\n\n[why]\nResource release is needed on the error handling path\nto prevent memory leak.\n\n[how]\nFix this by adding kfree on the error handling path.",
  "id": "GHSA-8v22-4px4-6c2p",
  "modified": "2026-06-01T18:31:19Z",
  "published": "2025-03-14T00:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49135"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3ce1497add6d17b48cc9df65095bd20202d93994"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5076315aaddd640bde896ec8d79423ed8ec83a59"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5d5c6dba2b43e28845d7d7ed32a36802329a5f52"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7e10369c72db7a0e2f77b2e306aadc07aef6b07a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9d0bef3cc22cf250278ed45b829f062a00af9e27"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8V6J-V3R3-P944

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-07 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()

test_gen_synth_cmd() only free buf in fail path, hence buf will leak when there is no failure. Add kfree(buf) to prevent the memleak. The same reason and solution in test_empty_synth_event().

unreferenced object 0xffff8881127de000 (size 2048): comm "modprobe", pid 247, jiffies 4294972316 (age 78.756s) hex dump (first 32 bytes): 20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20 gen_synth_test 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f pid_t next_pid_ backtrace: [<000000004254801a>] kmalloc_trace+0x26/0x100 [<0000000039eb1cf5>] 0xffffffffa00083cd [<000000000e8c3bc8>] 0xffffffffa00086ba [<00000000c293d1ea>] do_one_initcall+0xdb/0x480 [<00000000aa189e6d>] do_init_module+0x1cf/0x680 [<00000000d513222b>] load_module+0x6a50/0x70a0 [<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0 [<00000000b36c4c0f>] do_syscall_64+0x3f/0x90 [<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd unreferenced object 0xffff8881127df000 (size 2048): comm "modprobe", pid 247, jiffies 4294972324 (age 78.728s) hex dump (first 32 bytes): 20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73 empty_synth_tes 74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 t pid_t next_pi backtrace: [<000000004254801a>] kmalloc_trace+0x26/0x100 [<00000000d4db9a3d>] 0xffffffffa0008071 [<00000000c31354a5>] 0xffffffffa00086ce [<00000000c293d1ea>] do_one_initcall+0xdb/0x480 [<00000000aa189e6d>] do_init_module+0x1cf/0x680 [<00000000d513222b>] load_module+0x6a50/0x70a0 [<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0 [<00000000b36c4c0f>] do_syscall_64+0x3f/0x90 [<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49800"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T15:16:03Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()\n\ntest_gen_synth_cmd() only free buf in fail path, hence buf will leak\nwhen there is no failure. Add kfree(buf) to prevent the memleak. The\nsame reason and solution in test_empty_synth_event().\n\nunreferenced object 0xffff8881127de000 (size 2048):\n  comm \"modprobe\", pid 247, jiffies 4294972316 (age 78.756s)\n  hex dump (first 32 bytes):\n    20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20   gen_synth_test\n    20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f   pid_t next_pid_\n  backtrace:\n    [\u003c000000004254801a\u003e] kmalloc_trace+0x26/0x100\n    [\u003c0000000039eb1cf5\u003e] 0xffffffffa00083cd\n    [\u003c000000000e8c3bc8\u003e] 0xffffffffa00086ba\n    [\u003c00000000c293d1ea\u003e] do_one_initcall+0xdb/0x480\n    [\u003c00000000aa189e6d\u003e] do_init_module+0x1cf/0x680\n    [\u003c00000000d513222b\u003e] load_module+0x6a50/0x70a0\n    [\u003c000000001fd4d529\u003e] __do_sys_finit_module+0x12f/0x1c0\n    [\u003c00000000b36c4c0f\u003e] do_syscall_64+0x3f/0x90\n    [\u003c00000000bbf20cf3\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd\nunreferenced object 0xffff8881127df000 (size 2048):\n  comm \"modprobe\", pid 247, jiffies 4294972324 (age 78.728s)\n  hex dump (first 32 bytes):\n    20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73   empty_synth_tes\n    74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69  t  pid_t next_pi\n  backtrace:\n    [\u003c000000004254801a\u003e] kmalloc_trace+0x26/0x100\n    [\u003c00000000d4db9a3d\u003e] 0xffffffffa0008071\n    [\u003c00000000c31354a5\u003e] 0xffffffffa00086ce\n    [\u003c00000000c293d1ea\u003e] do_one_initcall+0xdb/0x480\n    [\u003c00000000aa189e6d\u003e] do_init_module+0x1cf/0x680\n    [\u003c00000000d513222b\u003e] load_module+0x6a50/0x70a0\n    [\u003c000000001fd4d529\u003e] __do_sys_finit_module+0x12f/0x1c0\n    [\u003c00000000b36c4c0f\u003e] do_syscall_64+0x3f/0x90\n    [\u003c00000000bbf20cf3\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
  "id": "GHSA-8v6j-v3r3-p944",
  "modified": "2025-11-07T21:31:19Z",
  "published": "2025-05-01T15:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49800"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/07ba4f0603aba288580866394f2916dfe55823a2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0e5baaa181a052d968701bb9c5b1d55847f00942"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/65ba7e7c241122ef0a9e61d1920f2ae9689aa796"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a4527fef9afe5c903c718d0cd24609fe9c754250"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.