Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-9CM2-WW33-PJPC

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2026-06-01 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix connections leak when tlink setup failed

If the tlink setup failed, lost to put the connections, then the module refcnt leak since the cifsd kthread not exit.

Also leak the fscache info, and for next mount with fsc, it will print the follow errors: CIFS: Cache volume key already in use (cifs,127.0.0.1:445,TEST)

Let's check the result of tlink setup, and do some cleanup.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49822"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T15:16:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix connections leak when tlink setup failed\n\nIf the tlink setup failed, lost to put the connections, then\nthe module refcnt leak since the cifsd kthread not exit.\n\nAlso leak the fscache info, and for next mount with fsc, it will\nprint the follow errors:\n  CIFS: Cache volume key already in use (cifs,127.0.0.1:445,TEST)\n\nLet\u0027s check the result of tlink setup, and do some cleanup.",
  "id": "GHSA-9cm2-ww33-pjpc",
  "modified": "2026-06-01T18:31:20Z",
  "published": "2025-05-01T15:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49822"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0a087842d10b5daa123ee5291e386cdd78413705"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1dcdf5f5b2137185cbdd5385f29949ab3da4f00c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/775d6625f96b26b90b9be9164b855ea2c471c0e5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a9059e338fc000c0b87d8cf29e93c74fd703212e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9F24-JQHM-JFCW

Vulnerability from github – Published: 2024-02-16 15:59 – Updated: 2024-04-19 09:30
VLAI
Summary
fetch(url) leads to a memory leak in undici
Details

Impact

Calling fetch(url) and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak.

Patches

Patched in v6.6.1

Workarounds

Make sure to always consume the incoming body.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.6.0"
      },
      "package": {
        "ecosystem": "npm",
        "name": "undici"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-24750"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-401"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-16T15:59:38Z",
    "nvd_published_at": "2024-02-16T22:15:07Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nCalling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. \n\n### Patches\n\nPatched in v6.6.1\n\n### Workarounds\n\nMake sure to always consume the incoming body.\n",
  "id": "GHSA-9f24-jqhm-jfcw",
  "modified": "2024-04-19T09:30:47Z",
  "published": "2024-02-16T15:59:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nodejs/undici/security/advisories/GHSA-9f24-jqhm-jfcw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24750"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nodejs/undici/commit/87a48113f1f68f60aa09abb07276d7c35467c663"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nodejs/undici"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nodejs/undici/releases/tag/v6.6.1"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240419-0006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "fetch(url) leads to a memory leak in undici"
}

GHSA-9F6G-J2JQ-6W3F

Vulnerability from github – Published: 2025-09-22 21:30 – Updated: 2026-05-12 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ppp: fix memory leak in pad_compress_skb

If alloc_skb() fails in pad_compress_skb(), it returns NULL without releasing the old skb. The caller does:

skb = pad_compress_skb(ppp, skb);
if (!skb)
    goto drop;

drop: kfree_skb(skb);

When pad_compress_skb() returns NULL, the reference to the old skb is lost and kfree_skb(skb) ends up doing nothing, leading to a memory leak.

Align pad_compress_skb() semantics with realloc(): only free the old skb if allocation and compression succeed. At the call site, use the new_skb variable so the original skb is not lost when pad_compress_skb() fails.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-39847"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-19T16:15:43Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix memory leak in pad_compress_skb\n\nIf alloc_skb() fails in pad_compress_skb(), it returns NULL without\nreleasing the old skb. The caller does:\n\n    skb = pad_compress_skb(ppp, skb);\n    if (!skb)\n        goto drop;\n\ndrop:\n    kfree_skb(skb);\n\nWhen pad_compress_skb() returns NULL, the reference to the old skb is\nlost and kfree_skb(skb) ends up doing nothing, leading to a memory leak.\n\nAlign pad_compress_skb() semantics with realloc(): only free the old\nskb if allocation and compression succeed.  At the call site, use the\nnew_skb variable so the original skb is not lost when pad_compress_skb()\nfails.",
  "id": "GHSA-9f6g-j2jq-6w3f",
  "modified": "2026-05-12T15:31:10Z",
  "published": "2025-09-22T21:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39847"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b21e9cd4559102da798bdcba453b64ecd7be7ee"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1d8b354eafb8876d8bdb1bef69c7d2438aacfbe8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/33a5bac5f14772730d2caf632ae97b6c2ee95044"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4844123fe0b853a4982c02666cb3fd863d701d50"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/631fc8ab5beb9e0ec8651fb9875b9a968e7b4ae4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/85c1c86a67e09143aa464e9bf09c397816772348"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/87a35a36742df328d0badf4fbc2e56061c15846c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9ca6a040f76c0b149293e430dabab446f3fc8ab7"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9F6P-VQ5Q-29RX

Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22
VLAI
Details

An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-6459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-16T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a.",
  "id": "GHSA-9f6p-vq5q-29rx",
  "modified": "2022-05-13T01:22:42Z",
  "published": "2022-05-13T01:22:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6459"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TeamSeri0us/pocs/tree/master/recutils"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9FX8-XCMG-3R33

Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-11 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup()

When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53412"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T14:15:44Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time.  To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once.",
  "id": "GHSA-9fx8-xcmg-3r33",
  "modified": "2025-12-11T15:30:30Z",
  "published": "2025-09-18T15:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53412"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/31de0b70ae5661a407e9d578bbc41de2d83ac25d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a91c99b1fe5c6f7e52fb932ad9e57ec7cfe913ec"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b0a2663ecbe8f65cd3bab2b34dd90156ceb0dbb8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f30c7046dfa2748520a8045bb43ed2fbca0373b5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9GF4-F4P2-2V66

Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-11 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()

When insert and remove the orangefs module, there are memory leaked as below:

unreferenced object 0xffff88816b0cc000 (size 2048): comm "insmod", pid 783, jiffies 4294813439 (age 65.512s) hex dump (first 32 bytes): 6e 6f 6e 65 0a 00 00 00 00 00 00 00 00 00 00 00 none............ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000031ab7788>] kmalloc_trace+0x27/0xa0 [<000000005b405fee>] orangefs_debugfs_init.cold+0xaf/0x17f [<00000000e5a0085b>] 0xffffffffa02780f9 [<000000004232d9f7>] do_one_initcall+0x87/0x2a0 [<0000000054f22384>] do_init_module+0xdf/0x320 [<000000003263bdea>] load_module+0x2f98/0x3330 [<0000000052cd4153>] __do_sys_finit_module+0x113/0x1b0 [<00000000250ae02b>] do_syscall_64+0x35/0x80 [<00000000f11c03c7>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

Use the golbal variable as the buffer rather than dynamic allocate to slove the problem.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50376"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T14:15:36Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()\n\nWhen insert and remove the orangefs module, there are memory leaked\nas below:\n\nunreferenced object 0xffff88816b0cc000 (size 2048):\n  comm \"insmod\", pid 783, jiffies 4294813439 (age 65.512s)\n  hex dump (first 32 bytes):\n    6e 6f 6e 65 0a 00 00 00 00 00 00 00 00 00 00 00  none............\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [\u003c0000000031ab7788\u003e] kmalloc_trace+0x27/0xa0\n    [\u003c000000005b405fee\u003e] orangefs_debugfs_init.cold+0xaf/0x17f\n    [\u003c00000000e5a0085b\u003e] 0xffffffffa02780f9\n    [\u003c000000004232d9f7\u003e] do_one_initcall+0x87/0x2a0\n    [\u003c0000000054f22384\u003e] do_init_module+0xdf/0x320\n    [\u003c000000003263bdea\u003e] load_module+0x2f98/0x3330\n    [\u003c0000000052cd4153\u003e] __do_sys_finit_module+0x113/0x1b0\n    [\u003c00000000250ae02b\u003e] do_syscall_64+0x35/0x80\n    [\u003c00000000f11c03c7\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nUse the golbal variable as the buffer rather than dynamic allocate to\nslove the problem.",
  "id": "GHSA-9gf4-f4p2-2v66",
  "modified": "2025-12-11T18:30:33Z",
  "published": "2025-09-18T15:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50376"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0cd303aad220fafa595e0ed593e99aa51b90412b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/31720a2b109b3080eb77e97b8f6f50a27b4ae599"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/786e5296f9e3b045d5ff9098514ce7b8ba1d890d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a076490b0211990ec6764328c22cb744dd782bd9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bdc2d33fa2324b1f5ab5b701cda45ee0b2384409"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c8853267289c55b1acbe4dc3641374887584834d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9GH7-75H2-RPFJ

Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22
VLAI
Details

An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp when called from the AP4_EsdsAtom class in Core/Ap4EsdsAtom.cpp, as demonstrated by mp42aac.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-6132"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-11T05:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp when called from the AP4_EsdsAtom class in Core/Ap4EsdsAtom.cpp, as demonstrated by mp42aac.",
  "id": "GHSA-9gh7-75h2-rpfj",
  "modified": "2022-05-13T01:22:35Z",
  "published": "2022-05-13T01:22:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6132"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/357"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9GJP-PJ3G-87PQ

Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 00:34
VLAI
Details

ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory and cause denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-56364"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-30T23:17:31Z",
    "severity": "LOW"
  },
  "details": "ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory and cause denial of service.",
  "id": "GHSA-9gjp-pj3g-87pq",
  "modified": "2026-07-01T00:34:14Z",
  "published": "2026-07-01T00:34:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp59-x883-77qv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56364"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/commit/a52c1b402be08ef8ae193f28ac5b2e120f2fa26f"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-loadopencldevicebenchmark-via-malformed-xml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-9GQR-9337-3JR8

Vulnerability from github – Published: 2025-07-03 09:30 – Updated: 2025-12-17 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net_sched: sch_sfq: fix a potential crash on gso_skb handling

SFQ has an assumption of always being able to queue at least one packet.

However, after the blamed commit, sch->q.len can be inflated by packets in sch->gso_skb, and an enqueue() on an empty SFQ qdisc can be followed by an immediate drop.

Fix sfq_drop() to properly clear q->tail in this situation.

ip netns add lb ip link add dev to-lb type veth peer name in-lb netns lb ethtool -K to-lb tso off # force qdisc to requeue gso_skb ip netns exec lb ethtool -K in-lb gro on # enable NAPI ip link set dev to-lb up ip -netns lb link set dev in-lb up ip addr add dev to-lb 192.168.20.1/24 ip -netns lb addr add dev in-lb 192.168.20.2/24 tc qdisc replace dev to-lb root sfq limit 100

ip netns exec lb netserver

netperf -H 192.168.20.2 -l 100 & netperf -H 192.168.20.2 -l 100 & netperf -H 192.168.20.2 -l 100 & netperf -H 192.168.20.2 -l 100 &

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38115"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-03T09:15:25Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: fix a potential crash on gso_skb handling\n\nSFQ has an assumption of always being able to queue at least one packet.\n\nHowever, after the blamed commit, sch-\u003eq.len can be inflated by packets\nin sch-\u003egso_skb, and an enqueue() on an empty SFQ qdisc can be followed\nby an immediate drop.\n\nFix sfq_drop() to properly clear q-\u003etail in this situation.\n\n\nip netns add lb\nip link add dev to-lb type veth peer name in-lb netns lb\nethtool -K to-lb tso off                 # force qdisc to requeue gso_skb\nip netns exec lb ethtool -K in-lb gro on # enable NAPI\nip link set dev to-lb up\nip -netns lb link set dev in-lb up\nip addr add dev to-lb 192.168.20.1/24\nip -netns lb addr add dev in-lb 192.168.20.2/24\ntc qdisc replace dev to-lb root sfq limit 100\n\nip netns exec lb netserver\n\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026",
  "id": "GHSA-9gqr-9337-3jr8",
  "modified": "2025-12-17T18:31:31Z",
  "published": "2025-07-03T09:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38115"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5814a7fc3abb41f63f2d44c9d3ff9d4e62965b72"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/82448d4dcd8406dec688632a405fdcf7f170ec69"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/82ffbe7776d0ac084031f114167712269bf3d832"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9c19498bdd7cb9d854bd3c54260f71cf7408495e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b44f791f27b14c9eb6b907fbe51f2ba8bec32085"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b4e9bab6011b9559b7c157b16b91ae46d4d8c533"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c337efb20d6d9f9bbb4746f6b119917af5c886dc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d1bc80da75c789f2f6830df89d91fb2f7a509943"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9HGH-V7V7-5F66

Vulnerability from github – Published: 2022-02-25 00:01 – Updated: 2025-11-03 21:30
VLAI
Details

In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-24599"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-24T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn\u0027t use zero bytes to truncate the data.",
  "id": "GHSA-9hgh-v7v7-5f66",
  "modified": "2025-11-03T21:30:38Z",
  "published": "2022-02-25T00:01:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24599"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mpruett/audiofile/issues/60"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4JXZ6QAMA3TSRY6GUZRY3WTHR7P5TPH"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTETOUJNRR75REYJZTBGF6TAJZYTMXUY"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZPG27YKICLIWUFOPVUOAFAZGOX4BNHY"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.