CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-C2GF-V879-257J
Vulnerability from github – Published: 2026-06-11 13:28 – Updated: 2026-07-10 12:31Impact
The DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the appropriate decompression codec (gzip, deflate, zstd) and forwards decompressed chunks to a wrapped listener. Each decompressed chunk is a pooled ByteBuf handed to an anonymous ChannelInboundHandlerAdapter tail handler, which becomes the sole owner responsible for releasing it.
A remote peer could send frames that would result in the flow-controller throwing and so trigger a resource leak which at the end might take down the whole JVM due OOME.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.134.Final"
},
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty-codec-http2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.135.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.2.14.Final"
},
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty-codec-http2"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0.Alpha1"
},
{
"fixed": "4.2.15.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48043"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-401",
"CWE-772"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-11T13:28:46Z",
"nvd_published_at": "2026-06-12T16:16:30Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nThe `DelegatingDecompressorFrameListener` class orchestrates HTTP/2 decompression by embedding a per-stream `EmbeddedChannel` that runs the appropriate decompression codec (gzip, deflate, zstd) and forwards decompressed chunks to a wrapped listener. Each decompressed chunk is a pooled `ByteBuf` handed to an anonymous `ChannelInboundHandlerAdapter` tail handler, which becomes the sole owner responsible for releasing it.\n\nA remote peer could send frames that would result in the flow-controller throwing and so trigger a resource leak which at the end might take down the whole JVM due OOME.",
"id": "GHSA-c2gf-v879-257j",
"modified": "2026-07-10T12:31:39Z",
"published": "2026-06-11T13:28:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/netty/netty/security/advisories/GHSA-c2gf-v879-257j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48043"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26017"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26018"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26586"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37390"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-48043"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488442"
},
{
"type": "PACKAGE",
"url": "https://github.com/netty/netty"
},
{
"type": "WEB",
"url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
},
{
"type": "WEB",
"url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48043.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion"
}
GHSA-C2J9-M677-3M66
Vulnerability from github – Published: 2022-03-19 00:01 – Updated: 2022-03-26 00:00Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.
{
"affected": [],
"aliases": [
"CVE-2022-0742"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-18T12:15:00Z",
"severity": "HIGH"
},
"details": "Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.",
"id": "GHSA-c2j9-m677-3m66",
"modified": "2022-03-26T00:00:49Z",
"published": "2022-03-19T00:01:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0742"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2d3916f3189172d5c69d33065c3c21119fe539fc"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220425-0001"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2022/03/15/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C2P4-PRC5-V3MC
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-10 21:30In the Linux kernel, the following vulnerability has been resolved:
cxl/region: Fix cxl_region leak, cleanup targets at region delete
When a region is deleted any targets that have been previously assigned to that region hold references to it. Trigger those references to drop by detaching all targets at unregister_region() time.
Otherwise that region object will leak as userspace has lost the ability to detach targets once region sysfs is torn down.
{
"affected": [],
"aliases": [
"CVE-2022-49893"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T15:16:14Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix cxl_region leak, cleanup targets at region delete\n\nWhen a region is deleted any targets that have been previously assigned\nto that region hold references to it. Trigger those references to\ndrop by detaching all targets at unregister_region() time.\n\nOtherwise that region object will leak as userspace has lost the ability\nto detach targets once region sysfs is torn down.",
"id": "GHSA-c2p4-prc5-v3mc",
"modified": "2025-11-10T21:30:29Z",
"published": "2025-05-01T15:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49893"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0d9e734018d70cecf79e2e4c6082167160a0f13f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/45d9fb4b758b9d602ee7776eb6754b0349946aad"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C2PC-4WW4-M54P
Vulnerability from github – Published: 2025-03-27 18:31 – Updated: 2025-04-14 21:32In the Linux kernel, the following vulnerability has been resolved:
dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init
If the function sdma_load_context() fails, the sdma_desc will be freed, but the allocated desc->bd is forgot to be freed.
We already met the sdma_load_context() failure case and the log as below: [ 450.699064] imx-sdma 30bd0000.dma-controller: Timeout waiting for CH0 ready ...
In this case, the desc->bd will not be freed without this change.
{
"affected": [],
"aliases": [
"CVE-2022-49746"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-27T17:15:39Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init\n\nIf the function sdma_load_context() fails, the sdma_desc will be\nfreed, but the allocated desc-\u003ebd is forgot to be freed.\n\nWe already met the sdma_load_context() failure case and the log as\nbelow:\n[ 450.699064] imx-sdma 30bd0000.dma-controller: Timeout waiting for CH0 ready\n...\n\nIn this case, the desc-\u003ebd will not be freed without this change.",
"id": "GHSA-c2pc-4ww4-m54p",
"modified": "2025-04-14T21:32:23Z",
"published": "2025-03-27T18:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49746"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1417f59ac0b02130ee56c0c50794b9b257be3d17"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/43acd767bd90c5d4172ce7fee5d9007a9a08dea9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/80ee99e52936b2c04cc37b17a14b2ae2f9d282ac"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bd0050b7ffa87c7b260d563646af612f4112a778"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ce4745a6b8016fae74c95dcd457d4ceef7d98af1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dbe634ce824329d8f14079c3e9f8f11670894bec"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C2R2-MGHM-QQ3M
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
{
"affected": [],
"aliases": [
"CVE-2021-1598"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-08T19:15:00Z",
"severity": "MODERATE"
},
"details": "Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",
"id": "GHSA-c2r2-mghm-qq3m",
"modified": "2022-05-24T19:07:10Z",
"published": "2022-05-24T19:07:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1598"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-mem-wGqundTq"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-C2RV-8J84-953P
Vulnerability from github – Published: 2024-11-07 12:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
net: systemport: fix potential memory leak in bcm_sysport_xmit()
The bcm_sysport_xmit() returns NETDEV_TX_OK without freeing skb in case of dma_map_single() fails, add dev_kfree_skb() to fix it.
{
"affected": [],
"aliases": [
"CVE-2024-50171"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-07T10:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: systemport: fix potential memory leak in bcm_sysport_xmit()\n\nThe bcm_sysport_xmit() returns NETDEV_TX_OK without freeing skb\nin case of dma_map_single() fails, add dev_kfree_skb() to fix it.",
"id": "GHSA-c2rv-8j84-953p",
"modified": "2025-11-04T00:31:57Z",
"published": "2024-11-07T12:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50171"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/31701ef0c4547973991ff63596c927f841dfd133"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b70478b984af3c9d0279c121df5ff94e2533dbd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/533d2f30aef272dade17870a509521c3afc38a03"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5febfc545389805ce83d37f9f4317055b26dd7d7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7d5030a819c3589cf9948b1eee397b626ec590f5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8e81ce7d0166a2249deb6d5e42f28a8b8c9ea72f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b6321146773dcbbc372a54dbada67e0b50e0a25c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c401ed1c709948e57945485088413e1bb5e94bd1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C2VF-6G7V-8M6C
Vulnerability from github – Published: 2025-07-10 18:31 – Updated: 2025-11-05 00:31Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server.
This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63.
Users are recommended to upgrade to version 2.4.64, which fixes the issue.
{
"affected": [],
"aliases": [
"CVE-2025-53020"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-10T17:15:48Z",
"severity": "HIGH"
},
"details": "Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server.\n\nThis issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63.\n\nUsers are recommended to upgrade to version 2.4.64, which fixes the issue.",
"id": "GHSA-c2vf-6g7v-8m6c",
"modified": "2025-11-05T00:31:20Z",
"published": "2025-07-10T18:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53020"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/10/10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C38F-WX89-P2XG
Vulnerability from github – Published: 2026-05-12 22:25 – Updated: 2026-06-08 23:53Summary
When ujson.dump() writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload.
Code that uses ujson.dumps() rather than ujson.dump() or only JSON load/decode methods is unaffected.
Details
Vulnerability Location:
- src/ujson/python/objToJSON.c:913 - objToJSONFile() function start
- src/ujson/python/objToJSON.c:931 - Error return on write failure
- src/ujson/python/objToJSON.c:942 - Early return without cleanup
Root Cause:
The objToJSONFile() function allocates a Python string object via ujson_dumps_internal(), calls the file's write() method, and returns early if write() raises an exception—but never calls Py_DECREF(string) on the early exit path.
PoC
import gc, tracemalloc, ujson
class BadFile:
def write(self, s):
raise RuntimeError("boom")
obj = {"x": "A" * 200000}
def run():
try:
ujson.dump(obj, BadFile())
except RuntimeError:
pass
run()
tracemalloc.start()
gc.collect()
base = tracemalloc.get_traced_memory()[0]
for i in range(5):
run()
gc.collect()
cur = tracemalloc.get_traced_memory()[0]
print(i, cur - base)
Impact
Any application that serializes data through ujson.dump() to an attacker-influenced file-like object that can fail can be driven into linear memory growth. An attacker can quickly use up all the memory of say a web server that sends JSON responses using ujson.dump() by repeatedly making requests then closing the connection mid response.
Remediation
The missing dec-refs were added in 82af1d0ac01d09aa40c887b460d44b9d9f4bccd9. We recommend upgrading to UltraJSON 5.12.1.
Workarounds
Replacing ujson.dump(obj, file) with file.write(ujson.dumps(obj)) is equivalent (contrary to popular misconception, there are no streaming benefits to using ujson.dump()) and will avoid the memory leak.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.12.0"
},
"package": {
"ecosystem": "PyPI",
"name": "ujson"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.12.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44660"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-12T22:25:11Z",
"nvd_published_at": "2026-05-27T21:16:17Z",
"severity": "HIGH"
},
"details": "### Summary\n\nWhen `ujson.dump()` writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload.\n\nCode that uses `ujson.dumps()` rather than `ujson.dump()` or only JSON load/decode methods is unaffected.\n\n### Details\n\n**Vulnerability Location:**\n- `src/ujson/python/objToJSON.c:913` - `objToJSONFile()` function start\n- `src/ujson/python/objToJSON.c:931` - Error return on write failure\n- `src/ujson/python/objToJSON.c:942` - Early return without cleanup\n \n**Root Cause:**\n\nThe `objToJSONFile()` function allocates a Python string object via `ujson_dumps_internal()`, calls the file\u0027s `write()` method, and returns early if `write()` raises an exception\u2014but never calls `Py_DECREF(string)` on the early exit path.\n\n### PoC\n```python\nimport gc, tracemalloc, ujson\n\nclass BadFile:\n def write(self, s):\n raise RuntimeError(\"boom\")\n\nobj = {\"x\": \"A\" * 200000}\n\ndef run():\n try:\n ujson.dump(obj, BadFile())\n except RuntimeError:\n pass\n\nrun()\ntracemalloc.start()\ngc.collect()\nbase = tracemalloc.get_traced_memory()[0]\n\nfor i in range(5):\n run()\n gc.collect()\n cur = tracemalloc.get_traced_memory()[0]\n print(i, cur - base)\n```\n\n### Impact\n\nAny application that serializes data through `ujson.dump()` to an attacker-influenced file-like object that can fail can be driven into linear memory growth. An attacker can quickly use up all the memory of say a web server that sends JSON responses using `ujson.dump()` by repeatedly making requests then closing the connection mid response.\n\n### Remediation\n\nThe missing dec-refs were added in 82af1d0ac01d09aa40c887b460d44b9d9f4bccd9. We recommend upgrading to [UltraJSON 5.12.1](https://github.com/ultrajson/ultrajson/releases/tag/5.12.1).\n\n### Workarounds\n\nReplacing `ujson.dump(obj, file)` with `file.write(ujson.dumps(obj))` is equivalent (contrary to popular misconception, there are no streaming benefits to using `ujson.dump()`) and will avoid the memory leak.",
"id": "GHSA-c38f-wx89-p2xg",
"modified": "2026-06-08T23:53:55Z",
"published": "2026-05-12T22:25:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ultrajson/ultrajson/security/advisories/GHSA-c38f-wx89-p2xg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44660"
},
{
"type": "WEB",
"url": "https://github.com/ultrajson/ultrajson/commit/82af1d0ac01d09aa40c887b460d44b9d9f4bccd9"
},
{
"type": "PACKAGE",
"url": "https://github.com/ultrajson/ultrajson"
},
{
"type": "WEB",
"url": "https://github.com/ultrajson/ultrajson/releases/tag/5.12.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "UltraJSON has a Memory Leak in ujson.dump() on Write Failure"
}
GHSA-C3CM-22V6-7J92
Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-11 21:31In the Linux kernel, the following vulnerability has been resolved:
net: hinic: fix the issue of CMDQ memory leaks
When hinic_set_cmdq_depth() fails in hinic_init_cmdqs(), the cmdq memory is not released correctly. Fix it.
{
"affected": [],
"aliases": [
"CVE-2022-50387"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T14:15:37Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hinic: fix the issue of CMDQ memory leaks\n\nWhen hinic_set_cmdq_depth() fails in hinic_init_cmdqs(), the cmdq memory is\nnot released correctly. Fix it.",
"id": "GHSA-c3cm-22v6-7j92",
"modified": "2025-12-11T21:31:26Z",
"published": "2025-09-18T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50387"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/363cc87767f6ddcfb9158ad2e2afa2f8d5c4b94e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6016d96a6adf66d61655d85da02e1a4c1deccbd6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6603843c80b16957f5d7d14d897faf13cef2b8b9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9145d512ddff76df88832b29575488199df544a1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C44C-V227-HV3Q
Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2024-10-25 21:31In the Linux kernel, the following vulnerability has been resolved:
octeontx2-pf: Fix potential memory leak in otx2_init_tc()
In otx2_init_tc(), if rhashtable_init() failed, it does not free tc->tc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap().
{
"affected": [],
"aliases": [
"CVE-2022-48968"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T20:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix potential memory leak in otx2_init_tc()\n\nIn otx2_init_tc(), if rhashtable_init() failed, it does not free\ntc-\u003etc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap().",
"id": "GHSA-c44c-v227-hv3q",
"modified": "2024-10-25T21:31:27Z",
"published": "2024-10-21T21:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48968"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/db5ec358cf4ef0ab382ee733d05f018e8bef9462"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eefd8953a74822cb72006632b9ee9dd95f92c146"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fbf33f5ac76f2cdb47ad9763f620026d5cfa57ce"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.