Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-97M5-Q323-2FC2

Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2025-01-24 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/lima: fix a memleak in lima_heap_alloc

When lima_vm_map_bo fails, the resources need to be deallocated, or there will be memleaks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35829"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T14:15:19Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/lima: fix a memleak in lima_heap_alloc\n\nWhen lima_vm_map_bo fails, the resources need to be deallocated, or\nthere will be memleaks.",
  "id": "GHSA-97m5-q323-2fc2",
  "modified": "2025-01-24T00:31:46Z",
  "published": "2024-05-17T15:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35829"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/04ae3eb470e52a3c41babe85ff8cee195e4dcbea"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4ab14eccf5578af1dd5668a5f2d771df27683cab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/746606d37d662c70ae1379fc658ee9c65f06880f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e25c0ee5665e8a768b8e21445db1f86e9156eb7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ec6bb037e4a35fcbb5cd7bc78242d034ed893fcd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f2e80ac9344aebbff576453d5c0290b332e187ed"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f6d51a91b41704704e395de6839c667b0f810bbf"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-97VH-QVRH-CXXQ

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-16 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

EDAC/versalnet: Fix device_node leak in mc_probe()

of_parse_phandle() returns a device_node reference that must be released with of_node_put(). The original code never freed r5_core_node on any exit path, causing a memory leak.

Fix this by using the automatic cleanup attribute __free(device_node) which ensures of_node_put() is called when the variable goes out of scope.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46030"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:21Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/versalnet: Fix device_node leak in mc_probe()\n\nof_parse_phandle() returns a device_node reference that must be released with\nof_node_put(). The original code never freed r5_core_node on any exit path,\ncausing a memory leak.\n\nFix this by using the automatic cleanup attribute __free(device_node) which\nensures of_node_put() is called when the variable goes out of scope.",
  "id": "GHSA-97vh-qvrh-cxxq",
  "modified": "2026-06-16T18:32:28Z",
  "published": "2026-05-27T15:33:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46030"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/17e136993b2b5111d1ee1c57bbd188ae0bb0e128"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5c709b376460ff322580c41600e31c02f7cc0307"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b6e61356ad24987be40bf25369d22dd8dd00a513"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-98GV-6GMJ-CM6M

Vulnerability from github – Published: 2026-06-23 15:32 – Updated: 2026-06-23 15:32
VLAI
Details

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is processed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-56371"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-23T13:16:46Z",
    "severity": "LOW"
  },
  "details": "ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is processed.",
  "id": "GHSA-98gv-6gmj-cm6m",
  "modified": "2026-06-23T15:32:37Z",
  "published": "2026-06-23T15:32:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3q5f-gmjc-38r8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56371"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-txt-file-processing-via-texture-attribute"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-98JH-839R-XP86

Vulnerability from github – Published: 2023-11-17 06:31 – Updated: 2024-06-20 18:34
VLAI
Details

An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41102"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-17T06:15:34Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory.",
  "id": "GHSA-98jh-839r-xp86",
  "modified": "2024-06-20T18:34:07Z",
  "published": "2023-11-17T06:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41102"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openNDS/openNDS/commit/31dbf4aa069c5bb39a7926d86036ce3b04312b51"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openwrt/routing/commit/ad787a920ccb9dacf5b01d52bce36ac14a5ecd89"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openNDS/openNDS/releases/tag/v10.1.3"
    },
    {
      "type": "WEB",
      "url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-98VF-QM54-MRFM

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03
VLAI
Details

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-22041"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-01T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc.",
  "id": "GHSA-98vf-qm54-mrfm",
  "modified": "2022-05-24T19:03:40Z",
  "published": "2022-05-24T19:03:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22041"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "https://trac.ffmpeg.org/ticket/8296"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-98W9-RPHX-H82J

Vulnerability from github – Published: 2025-03-12 00:31 – Updated: 2025-03-12 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

usbnet: fix memory leak in error case

usbnet_write_cmd_async() mixed up which buffers need to be freed in which error case.

v2: add Fixes tag v3: fix uninitialized buf pointer

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49657"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:40Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: fix memory leak in error case\n\nusbnet_write_cmd_async() mixed up which buffers\nneed to be freed in which error case.\n\nv2: add Fixes tag\nv3: fix uninitialized buf pointer",
  "id": "GHSA-98w9-rphx-h82j",
  "modified": "2025-03-12T00:31:48Z",
  "published": "2025-03-12T00:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49657"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0085da9df3dced730027923a6b48f58e9016af91"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/04894ab34faf40ab72a8a5ab5b404bb0606bbbff"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3eed421ca5c809da93456f69203d164d5220be3d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5269209f54dd8dfd15f9383f3a3a1fe8370764f8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b55a21b764c1e182014630fa5486d717484ac58f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d5165e657987ff4ba0ace896d4376a3718a9fbc3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/db89582ff330556188da856e01382ccbf3a5e706"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e7b4f69946a38209b4a4f660bf0e4cbed94f9b4b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-98WX-FQ4R-JFM2

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-08-06 00:00
VLAI
Details

An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a denial of service. The highest threat from this vulnerability is to system availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20237"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-28T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ\u0027s src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a denial of service. The highest threat from this vulnerability is to system availability.",
  "id": "GHSA-98wx-fq4r-jfm2",
  "modified": "2022-08-06T00:00:47Z",
  "published": "2022-05-24T19:03:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20237"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921989"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-98XF-Q5M7-HGC7

Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-02-06 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx

when mlx5_cmd_exec failed in mlx5dr_cmd_create_reformat_ctx, the memory pointed by 'in' is not released, which will cause memory leak. Move memory release after mlx5_cmd_exec.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53546"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-04T16:15:49Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx\n\nwhen mlx5_cmd_exec failed in mlx5dr_cmd_create_reformat_ctx, the memory\npointed by \u0027in\u0027 is not released, which will cause memory leak. Move memory\nrelease after mlx5_cmd_exec.",
  "id": "GHSA-98xf-q5m7-hgc7",
  "modified": "2026-02-06T21:30:46Z",
  "published": "2025-10-04T18:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53546"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/00cecb0a8f9e7a21754d5ad85813ab6b47b3308f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/165159854757dbae0dfd1812b27051da35aa6223"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3169c3854397f3070a63b1b772db16dcb8cba7b4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5dd77585dd9d0e03dd1bceb95f0269a7eaf6b936"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/622d71d99124e69f7bf2e2b7a89f5f444a24d235"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/800d8c96bf997da5eb76ccf8d88795c4231c83fb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-994X-QFHH-4RM7

Vulnerability from github – Published: 2025-10-22 18:30 – Updated: 2025-10-22 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

powerpc/papr_scm: Fix leaking nvdimm_events_map elements

Right now 'char *' elements allocated for individual 'stat_id' in 'papr_scm_priv.nvdimm_events_map[]' during papr_scm_pmu_check_events(), get leaked in papr_scm_remove() and papr_scm_pmu_register(), papr_scm_pmu_check_events() error paths.

Also individual 'stat_id' arent NULL terminated 'char ' instead they are fixed 8-byte sized identifiers. However papr_scm_pmu_register() assumes it to be a NULL terminated 'char ' and at other places it assumes it to be a 'papr_scm_perf_stat.stat_id' sized string which is 8-byes in size.

Fix this by allocating the memory for papr_scm_priv.nvdimm_events_map to also include space for 'stat_id' entries. This is possible since number of available events/stat_ids are known upfront. This saves some memory and one extra level of indirection from 'nvdimm_events_map' to 'stat_id'. Also rest of the code can continue to call 'kfree(papr_scm_priv.nvdimm_events_map)' without needing to iterate over the array and free up individual elements.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49436"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:20Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/papr_scm: Fix leaking nvdimm_events_map elements\n\nRight now \u0027char *\u0027 elements allocated for individual \u0027stat_id\u0027 in\n\u0027papr_scm_priv.nvdimm_events_map[]\u0027 during papr_scm_pmu_check_events(), get\nleaked in papr_scm_remove() and papr_scm_pmu_register(),\npapr_scm_pmu_check_events() error paths.\n\nAlso individual \u0027stat_id\u0027 arent NULL terminated \u0027char *\u0027 instead they are fixed\n8-byte sized identifiers. However papr_scm_pmu_register() assumes it to be a\nNULL terminated \u0027char *\u0027 and at other places it assumes it to be a\n\u0027papr_scm_perf_stat.stat_id\u0027 sized string which is 8-byes in size.\n\nFix this by allocating the memory for papr_scm_priv.nvdimm_events_map to also\ninclude space for \u0027stat_id\u0027 entries. This is possible since number of available\nevents/stat_ids are known upfront. This saves some memory and one extra level of\nindirection from \u0027nvdimm_events_map\u0027 to \u0027stat_id\u0027. Also rest of the code\ncan continue to call \u0027kfree(papr_scm_priv.nvdimm_events_map)\u0027 without needing to\niterate over the array and free up individual elements.",
  "id": "GHSA-994x-qfhh-4rm7",
  "modified": "2025-10-22T18:30:31Z",
  "published": "2025-10-22T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49436"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0e0946e22f3665d27325d389ff45ade6e93f3678"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b073096df4dec70d0436321b7093bad27ae91f9e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-99R3-6MV3-4X8M

Vulnerability from github – Published: 2025-07-04 15:31 – Updated: 2025-11-18 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: Fix memory leak due to multiple rx_stats allocation

rx_stats for each arsta is allocated when adding a station. arsta->rx_stats will be freed when a station is removed.

Redundant allocations are occurring when the same station is added multiple times. This causes ath12k_mac_station_add() to be called multiple times, and rx_stats is allocated each time. As a result there is memory leaks.

Prevent multiple allocations of rx_stats when ath12k_mac_station_add() is called repeatedly by checking if rx_stats is already allocated before allocating again. Allocate arsta->rx_stats if arsta->rx_stats is NULL respectively.

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38199"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-04T14:15:27Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix memory leak due to multiple rx_stats allocation\n\nrx_stats for each arsta is allocated when adding a station.\narsta-\u003erx_stats will be freed when a station is removed.\n\nRedundant allocations are occurring when the same station is added\nmultiple times. This causes ath12k_mac_station_add() to be called\nmultiple times, and rx_stats is allocated each time. As a result there\nis memory leaks.\n\nPrevent multiple allocations of rx_stats when ath12k_mac_station_add()\nis called repeatedly by checking if rx_stats is already allocated\nbefore allocating again. Allocate arsta-\u003erx_stats if arsta-\u003erx_stats\nis NULL respectively.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3",
  "id": "GHSA-99r3-6mv3-4x8m",
  "modified": "2025-11-18T18:32:46Z",
  "published": "2025-07-04T15:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38199"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/232f962ae5fca98912a719e64b4964a5aec7c99b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c426497fa2055c8005196922e7d29c41d7e0948a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.