CWE-459
AllowedIncomplete Cleanup
Abstraction: Base · Status: Draft
The product does not properly "clean up" and remove temporary or supporting resources after they have been used.
223 vulnerabilities reference this CWE, most recent first.
GHSA-FPQF-CXVG-RF89
Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2025-04-02 15:30In the Linux kernel, the following vulnerability has been resolved:
mm: zswap: fix missing folio cleanup in writeback race path
In zswap_writeback_entry(), after we get a folio from __read_swap_cache_async(), we grab the tree lock again to check that the swap entry was not invalidated and recycled. If it was, we delete the folio we just added to the swap cache and exit.
However, __read_swap_cache_async() returns the folio locked when it is newly allocated, which is always true for this path, and the folio is ref'd. Make sure to unlock and put the folio before returning.
This was discovered by code inspection, probably because this path handles a race condition that should not happen often, and the bug would not crash the system, it will only strand the folio indefinitely.
{
"affected": [],
"aliases": [
"CVE-2024-26832"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T10:15:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: fix missing folio cleanup in writeback race path\n\nIn zswap_writeback_entry(), after we get a folio from\n__read_swap_cache_async(), we grab the tree lock again to check that the\nswap entry was not invalidated and recycled. If it was, we delete the\nfolio we just added to the swap cache and exit.\n\nHowever, __read_swap_cache_async() returns the folio locked when it is\nnewly allocated, which is always true for this path, and the folio is\nref\u0027d. Make sure to unlock and put the folio before returning.\n\nThis was discovered by code inspection, probably because this path handles\na race condition that should not happen often, and the bug would not crash\nthe system, it will only strand the folio indefinitely.",
"id": "GHSA-fpqf-cxvg-rf89",
"modified": "2025-04-02T15:30:50Z",
"published": "2024-04-17T12:32:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26832"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/14f1992430ef9e647b02aa8ca12c5bcb9a1dffea"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6156277d1b26cb3fdb6fcbf0686ab78268571644"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e2891c763aa2cff74dd6b5e978411ccf0cf94abe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e3b63e966cac0bf78aaa1efede1827a252815a1d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FQ3F-GW4F-4697
Vulnerability from github – Published: 2025-01-28 06:30 – Updated: 2025-01-28 06:30NVIDIA vGPU software contains a vulnerability in the host driver, where it can allow a guest to cause an interrupt storm on the host, which may lead to denial of service.
{
"affected": [],
"aliases": [
"CVE-2024-53881"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-28T04:15:10Z",
"severity": "MODERATE"
},
"details": "NVIDIA vGPU software contains a vulnerability in the host driver, where it can allow a guest to cause an interrupt storm on the host, which may lead to denial of service.",
"id": "GHSA-fq3f-gw4f-4697",
"modified": "2025-01-28T06:30:40Z",
"published": "2025-01-28T06:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53881"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5614"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FXX6-99PG-X743
Vulnerability from github – Published: 2024-03-25 09:32 – Updated: 2025-03-13 21:31In the Linux kernel, the following vulnerability has been resolved:
net/smc: remove device from smcd_dev_list after failed device_add()
If the device_add() for a smcd_dev fails, there's no cleanup step that rolls back the earlier list_add(). The device subsequently gets freed, and we end up with a corrupted list.
Add some error handling that removes the device from the list.
{
"affected": [],
"aliases": [
"CVE-2021-47143"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-25T09:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: remove device from smcd_dev_list after failed device_add()\n\nIf the device_add() for a smcd_dev fails, there\u0027s no cleanup step that\nrolls back the earlier list_add(). The device subsequently gets freed,\nand we end up with a corrupted list.\n\nAdd some error handling that removes the device from the list.",
"id": "GHSA-fxx6-99pg-x743",
"modified": "2025-03-13T21:31:01Z",
"published": "2024-03-25T09:32:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47143"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/40588782f1016c655ae1d302892f61d35af96842"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/444d7be9532dcfda8e0385226c862fd7e986f607"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8b2cdc004d21a7255f219706dca64411108f7897"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G323-FR93-4J3C
Vulnerability from github – Published: 2022-05-04 00:00 – Updated: 2022-06-17 00:05The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "openssl-src"
},
"ranges": [
{
"events": [
{
"introduced": "300.0.0"
},
{
"fixed": "300.0.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-1473"
],
"database_specific": {
"cwe_ids": [
"CWE-404",
"CWE-459"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-17T00:05:28Z",
"nvd_published_at": "2022-05-03T16:15:00Z",
"severity": "HIGH"
},
"details": "The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).",
"id": "GHSA-g323-fr93-4j3c",
"modified": "2022-06-17T00:05:28Z",
"published": "2022-05-04T00:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1473"
},
{
"type": "WEB",
"url": "https://github.com/github/advisory-database/issues/405"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2022-0025.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-02"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220602-0009"
},
{
"type": "WEB",
"url": "https://www.openssl.org/news/secadv/20220503.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Resource leakage when decoding certificates and keys"
}
GHSA-G6W5-439M-JHWV
Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2024-04-25 20:28User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "flarum/flarum"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.0-beta.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-11514"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-25T20:28:54Z",
"nvd_published_at": "2019-04-25T03:29:00Z",
"severity": "HIGH"
},
"details": "`User/Command/ConfirmEmailHandler.php` in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens.",
"id": "GHSA-g6w5-439m-jhwv",
"modified": "2024-04-25T20:28:54Z",
"published": "2022-05-24T16:44:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11514"
},
{
"type": "WEB",
"url": "https://github.com/flarum/core/commit/66607a56749339d50620b049701ad4d6a4dafbd7"
},
{
"type": "WEB",
"url": "https://discuss.flarum.org/d/17745-flarum-0-1-0-beta-8-released"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Flarum mishandles invalidation of user email tokens"
}
GHSA-G8PJ-R55Q-5C2V
Vulnerability from github – Published: 2023-10-10 18:31 – Updated: 2026-06-12 19:50Incomplete Cleanup vulnerability in Apache Tomcat.
When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.0-M12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M1"
},
{
"fixed": "10.1.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0-M1"
},
{
"fixed": "9.0.81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"fixed": "8.5.94"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M1"
},
{
"fixed": "10.1.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0-M1"
},
{
"fixed": "9.0.81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"fixed": "8.5.94"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.0-M12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.0-M12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M1"
},
{
"fixed": "10.1.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0-M1"
},
{
"fixed": "9.0.81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"fixed": "8.5.94"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-util"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.0-M12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-util"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M1"
},
{
"fixed": "10.1.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-util"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0-M1"
},
{
"fixed": "9.0.81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-util"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"fixed": "8.5.94"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-42795"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-10T22:30:05Z",
"nvd_published_at": "2023-10-10T18:15:18Z",
"severity": "MODERATE"
},
"details": "Incomplete Cleanup vulnerability in Apache Tomcat.\n\nWhen recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"id": "GHSA-g8pj-r55q-5c2v",
"modified": "2026-06-12T19:50:46Z",
"published": "2023-10-10T18:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/30f8063d7a9b4c43ae4722f5e382a76af1d7a6bf"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/44d05d75d696ca10ce251e4e370511e38f20ae75"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/9375d67106f8df9eb9d7b360b2bef052fe67d3d4"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/d6db22e411307c97ddf78315c15d5889356eca38"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231103-0007"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Tomcat Incomplete Cleanup vulnerability"
}
GHSA-G9F3-8379-V2HF
Vulnerability from github – Published: 2026-06-13 00:34 – Updated: 2026-06-13 00:34Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content.
{
"affected": [],
"aliases": [
"CVE-2026-53867"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-12T22:16:56Z",
"severity": "MODERATE"
},
"details": "Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content.",
"id": "GHSA-g9f3-8379-v2hf",
"modified": "2026-06-13T00:34:33Z",
"published": "2026-06-13T00:34:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Cap-go/capgo/security/advisories/GHSA-8p92-wcp2-c9j4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53867"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/capgo-orphaned-file-retention-via-profile-image-replacement"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GFFW-PPMC-P7R6
Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2022-05-13 01:19Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.
{
"affected": [],
"aliases": [
"CVE-2018-18281"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-30T18:29:00Z",
"severity": "HIGH"
},
"details": "Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.",
"id": "GHSA-gffw-ppmc-p7r6",
"modified": "2022-05-13T01:19:33Z",
"published": "2022-05-13T01:19:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18281"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3880-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3880-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3871-5"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3871-4"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3871-3"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3871-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3835-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3832-1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb66ae030829605d61fbef1909ce310e29f78821"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.135"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.16"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.78"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1695"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0179"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0103"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0100"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0036"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0831"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/150001/Linux-mremap-TLB-Flush-Too-Late.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2018/10/29/5"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105761"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106503"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GJ4J-4QW6-9RP8
Vulnerability from github – Published: 2024-05-20 12:30 – Updated: 2025-09-23 18:30In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix mlx5e_priv_init() cleanup flow
When mlx5e_priv_init() fails, the cleanup flow calls mlx5e_selq_cleanup which
calls mlx5e_selq_apply() that assures that the priv->state_lock is held using
lockdep_is_held().
Acquire the state_lock in mlx5e_selq_cleanup().
Kernel log:
WARNING: suspicious RCU usage 6.8.0-rc3_net_next_841a9b5 #1 Not tainted
drivers/net/ethernet/mellanox/mlx5/core/en/selq.c:124 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1 2 locks held by systemd-modules/293: #0: ffffffffa05067b0 (devices_rwsem){++++}-{3:3}, at: ib_register_client+0x109/0x1b0 [ib_core] #1: ffff8881096c65c0 (&device->client_data_rwsem){++++}-{3:3}, at: add_client_context+0x104/0x1c0 [ib_core]
stack backtrace: CPU: 4 PID: 293 Comm: systemd-modules Not tainted 6.8.0-rc3_net_next_841a9b5 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Call Trace: dump_stack_lvl+0x8a/0xa0 lockdep_rcu_suspicious+0x154/0x1a0 mlx5e_selq_apply+0x94/0xa0 [mlx5_core] mlx5e_selq_cleanup+0x3a/0x60 [mlx5_core] mlx5e_priv_init+0x2be/0x2f0 [mlx5_core] mlx5_rdma_setup_rn+0x7c/0x1a0 [mlx5_core] rdma_init_netdev+0x4e/0x80 [ib_core] ? mlx5_rdma_netdev_free+0x70/0x70 [mlx5_core] ipoib_intf_init+0x64/0x550 [ib_ipoib] ipoib_intf_alloc+0x4e/0xc0 [ib_ipoib] ipoib_add_one+0xb0/0x360 [ib_ipoib] add_client_context+0x112/0x1c0 [ib_core] ib_register_client+0x166/0x1b0 [ib_core] ? 0xffffffffa0573000 ipoib_init_module+0xeb/0x1a0 [ib_ipoib] do_one_initcall+0x61/0x250 do_init_module+0x8a/0x270 init_module_from_file+0x8b/0xd0 idempotent_init_module+0x17d/0x230 __x64_sys_finit_module+0x61/0xb0 do_syscall_64+0x71/0x140 entry_SYSCALL_64_after_hwframe+0x46/0x4e
{
"affected": [],
"aliases": [
"CVE-2024-35959"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-20T10:15:11Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix mlx5e_priv_init() cleanup flow\n\nWhen mlx5e_priv_init() fails, the cleanup flow calls mlx5e_selq_cleanup which\ncalls mlx5e_selq_apply() that assures that the `priv-\u003estate_lock` is held using\nlockdep_is_held().\n\nAcquire the state_lock in mlx5e_selq_cleanup().\n\nKernel log:\n=============================\nWARNING: suspicious RCU usage\n6.8.0-rc3_net_next_841a9b5 #1 Not tainted\n-----------------------------\ndrivers/net/ethernet/mellanox/mlx5/core/en/selq.c:124 suspicious rcu_dereference_protected() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n2 locks held by systemd-modules/293:\n #0: ffffffffa05067b0 (devices_rwsem){++++}-{3:3}, at: ib_register_client+0x109/0x1b0 [ib_core]\n #1: ffff8881096c65c0 (\u0026device-\u003eclient_data_rwsem){++++}-{3:3}, at: add_client_context+0x104/0x1c0 [ib_core]\n\nstack backtrace:\nCPU: 4 PID: 293 Comm: systemd-modules Not tainted 6.8.0-rc3_net_next_841a9b5 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8a/0xa0\n lockdep_rcu_suspicious+0x154/0x1a0\n mlx5e_selq_apply+0x94/0xa0 [mlx5_core]\n mlx5e_selq_cleanup+0x3a/0x60 [mlx5_core]\n mlx5e_priv_init+0x2be/0x2f0 [mlx5_core]\n mlx5_rdma_setup_rn+0x7c/0x1a0 [mlx5_core]\n rdma_init_netdev+0x4e/0x80 [ib_core]\n ? mlx5_rdma_netdev_free+0x70/0x70 [mlx5_core]\n ipoib_intf_init+0x64/0x550 [ib_ipoib]\n ipoib_intf_alloc+0x4e/0xc0 [ib_ipoib]\n ipoib_add_one+0xb0/0x360 [ib_ipoib]\n add_client_context+0x112/0x1c0 [ib_core]\n ib_register_client+0x166/0x1b0 [ib_core]\n ? 0xffffffffa0573000\n ipoib_init_module+0xeb/0x1a0 [ib_ipoib]\n do_one_initcall+0x61/0x250\n do_init_module+0x8a/0x270\n init_module_from_file+0x8b/0xd0\n idempotent_init_module+0x17d/0x230\n __x64_sys_finit_module+0x61/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\n \u003c/TASK\u003e",
"id": "GHSA-gj4j-4qw6-9rp8",
"modified": "2025-09-23T18:30:19Z",
"published": "2024-05-20T12:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35959"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6bd77865fda662913dcb5722a66a773840370aa7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ad26f26abd353113dea4e8d5ebadccdab9b61e76"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ecb829459a841198e142f72fadab56424ae96519"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f9ac93b6f3de34aa0bb983b9be4f69ca50fc70f3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GW3C-JRPR-59HG
Vulnerability from github – Published: 2022-11-01 19:00 – Updated: 2022-11-03 19:00Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is committed after this situation, nodes without a valid parent can be made permanent in the data base.
{
"affected": [],
"aliases": [
"CVE-2022-42310"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-01T13:15:00Z",
"severity": "MODERATE"
},
"details": "Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is committed after this situation, nodes without a valid parent can be made permanent in the data base.",
"id": "GHSA-gw3c-jrpr-59hg",
"modified": "2022-11-03T19:00:27Z",
"published": "2022-11-01T19:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42310"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202402-07"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5272"
},
{
"type": "WEB",
"url": "https://xenbits.xenproject.org/xsa/advisory-415.txt"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/5"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-415.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Temporary files and other supporting resources should be deleted/released immediately after they are no longer needed.
No CAPEC attack patterns related to this CWE.