CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-WPVW-HHW9-P3QJ
Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-16 21:30In the Linux kernel, the following vulnerability has been resolved:
ARC: mm: fix leakage of memory allocated for PTE
Since commit d9820ff ("ARC: mm: switch pgtable_t back to struct page *") a memory leakage problem occurs. Memory allocated for page table entries not released during process termination. This issue can be reproduced by a small program that allocates a large amount of memory. After several runs, you'll see that the amount of free memory has reduced and will continue to reduce after each run. All ARC CPUs are effected by this issue. The issue was introduced since the kernel stable release v5.15-rc1.
As described in commit d9820ff after switch pgtable_t back to struct page *, a pointer to "struct page" and appropriate functions are used to allocate and free a memory page for PTEs, but the pmd_pgtable macro hasn't changed and returns the direct virtual address from the PMD (PGD) entry. Than this address used as a parameter in the __pte_free() and as a result this function couldn't release memory page allocated for PTEs.
Fix this issue by changing the pmd_pgtable macro and returning pointer to struct page.
{
"affected": [],
"aliases": [
"CVE-2022-50446"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T12:15:37Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nARC: mm: fix leakage of memory allocated for PTE\n\nSince commit d9820ff (\"ARC: mm: switch pgtable_t back to struct page *\")\na memory leakage problem occurs. Memory allocated for page table entries\nnot released during process termination. This issue can be reproduced by\na small program that allocates a large amount of memory. After several\nruns, you\u0027ll see that the amount of free memory has reduced and will\ncontinue to reduce after each run. All ARC CPUs are effected by this\nissue. The issue was introduced since the kernel stable release v5.15-rc1.\n\nAs described in commit d9820ff after switch pgtable_t back to struct\npage *, a pointer to \"struct page\" and appropriate functions are used to\nallocate and free a memory page for PTEs, but the pmd_pgtable macro hasn\u0027t\nchanged and returns the direct virtual address from the PMD (PGD) entry.\nThan this address used as a parameter in the __pte_free() and as a result\nthis function couldn\u0027t release memory page allocated for PTEs.\n\nFix this issue by changing the pmd_pgtable macro and returning pointer to\nstruct page.",
"id": "GHSA-wpvw-hhw9-p3qj",
"modified": "2026-01-16T21:30:28Z",
"published": "2025-10-01T12:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50446"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/14009ada5712649589ab4ad0441b811780ea8773"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4fd9df10cb7a9289fbd22d669f9f98164d95a1ce"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d83a69966e8b6ae9dd447f3ac704c0223bceb7f7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WQ62-9P2F-CFR9
Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-01-23 18:31In the Linux kernel, the following vulnerability has been resolved:
rtc: class: Fix potential memleak in devm_rtc_allocate_device()
devm_rtc_allocate_device() will alloc a rtc_device first, and then run dev_set_name(). If dev_set_name() failed, the rtc_device will memleak. Move devm_add_action_or_reset() in front of dev_set_name() to prevent memleak.
unreferenced object 0xffff888110a53000 (size 2048): comm "python3", pid 470, jiffies 4296078308 (age 58.882s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 08 30 a5 10 81 88 ff ff .........0...... 08 30 a5 10 81 88 ff ff 00 00 00 00 00 00 00 00 .0.............. backtrace: [<000000004aac0364>] kmalloc_trace+0x21/0x110 [<000000000ff02202>] devm_rtc_allocate_device+0xd4/0x400 [<000000001bdf5639>] devm_rtc_device_register+0x1a/0x80 [<00000000351bf81c>] rx4581_probe+0xdd/0x110 [rtc_rx4581] [<00000000f0eba0ae>] spi_probe+0xde/0x130 [<00000000bff89ee8>] really_probe+0x175/0x3f0 [<00000000128e8d84>] __driver_probe_device+0xe6/0x170 [<00000000ee5bf913>] device_driver_attach+0x32/0x80 [<00000000f3f28f92>] bind_store+0x10b/0x1a0 [<000000009ff812d8>] drv_attr_store+0x49/0x70 [<000000008139c323>] sysfs_kf_write+0x8d/0xb0 [<00000000b6146e01>] kernfs_fop_write_iter+0x214/0x2d0 [<00000000ecbe3895>] vfs_write+0x61a/0x7d0 [<00000000aa2196ea>] ksys_write+0xc8/0x190 [<0000000046a600f5>] do_syscall_64+0x37/0x90 [<00000000541a336f>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
{
"affected": [],
"aliases": [
"CVE-2022-50477"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-04T16:15:44Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: class: Fix potential memleak in devm_rtc_allocate_device()\n\ndevm_rtc_allocate_device() will alloc a rtc_device first, and then run\ndev_set_name(). If dev_set_name() failed, the rtc_device will memleak.\nMove devm_add_action_or_reset() in front of dev_set_name() to prevent\nmemleak.\n\nunreferenced object 0xffff888110a53000 (size 2048):\n comm \"python3\", pid 470, jiffies 4296078308 (age 58.882s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 08 30 a5 10 81 88 ff ff .........0......\n 08 30 a5 10 81 88 ff ff 00 00 00 00 00 00 00 00 .0..............\n backtrace:\n [\u003c000000004aac0364\u003e] kmalloc_trace+0x21/0x110\n [\u003c000000000ff02202\u003e] devm_rtc_allocate_device+0xd4/0x400\n [\u003c000000001bdf5639\u003e] devm_rtc_device_register+0x1a/0x80\n [\u003c00000000351bf81c\u003e] rx4581_probe+0xdd/0x110 [rtc_rx4581]\n [\u003c00000000f0eba0ae\u003e] spi_probe+0xde/0x130\n [\u003c00000000bff89ee8\u003e] really_probe+0x175/0x3f0\n [\u003c00000000128e8d84\u003e] __driver_probe_device+0xe6/0x170\n [\u003c00000000ee5bf913\u003e] device_driver_attach+0x32/0x80\n [\u003c00000000f3f28f92\u003e] bind_store+0x10b/0x1a0\n [\u003c000000009ff812d8\u003e] drv_attr_store+0x49/0x70\n [\u003c000000008139c323\u003e] sysfs_kf_write+0x8d/0xb0\n [\u003c00000000b6146e01\u003e] kernfs_fop_write_iter+0x214/0x2d0\n [\u003c00000000ecbe3895\u003e] vfs_write+0x61a/0x7d0\n [\u003c00000000aa2196ea\u003e] ksys_write+0xc8/0x190\n [\u003c0000000046a600f5\u003e] do_syscall_64+0x37/0x90\n [\u003c00000000541a336f\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"id": "GHSA-wq62-9p2f-cfr9",
"modified": "2026-01-23T18:31:23Z",
"published": "2025-10-04T18:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50477"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0bcfc8fd3e596994f527b46730579428b3a4fa5f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/59457a0f079eae19aaf322b3cc1c8ba66f55c5f3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/60da73808298ff2cfa9f165d55eb3d7aa7078601"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WQ78-4W69-8M35
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-11 21:31In the Linux kernel, the following vulnerability has been resolved:
media: iris: gen2: Add sanity check for session stop
In iris_kill_session, inst->state is set to IRIS_INST_ERROR and session_close is executed, which will kfree(inst_hfi_gen2->packet). If stop_streaming is called afterward, it will cause a crash.
Add a NULL check for inst_hfi_gen2->packet before sendling STOP packet to firmware to fix that.
{
"affected": [],
"aliases": [
"CVE-2026-43217"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T12:16:41Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: iris: gen2: Add sanity check for session stop\n\nIn iris_kill_session, inst-\u003estate is set to IRIS_INST_ERROR and\nsession_close is executed, which will kfree(inst_hfi_gen2-\u003epacket).\nIf stop_streaming is called afterward, it will cause a crash.\n\nAdd a NULL check for inst_hfi_gen2-\u003epacket before sendling STOP packet\nto firmware to fix that.",
"id": "GHSA-wq78-4w69-8m35",
"modified": "2026-05-11T21:31:31Z",
"published": "2026-05-06T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43217"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/72846441c5f6396de9face04e77fa3d28e9915b6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/75992ba43072674fd4767df62a1fe2048565cc60"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9aa8d63d09cfc44d879427cc5ba308012ca4ab8e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WQR7-3RHV-2C6R
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-03 15:30In the Linux kernel, the following vulnerability has been resolved:
rethook: fix a potential memleak in rethook_alloc()
In rethook_alloc(), the variable rh is not freed or passed out if handler is NULL, which could lead to a memleak, fix it.
[Masami: Add "rethook:" tag to the title.]
Acke-by: Masami Hiramatsu (Google) mhiramat@kernel.org
{
"affected": [],
"aliases": [
"CVE-2022-49795"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T15:16:02Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrethook: fix a potential memleak in rethook_alloc()\n\nIn rethook_alloc(), the variable rh is not freed or passed out\nif handler is NULL, which could lead to a memleak, fix it.\n\n[Masami: Add \"rethook:\" tag to the title.]\n\nAcke-by: Masami Hiramatsu (Google) \u003cmhiramat@kernel.org\u003e",
"id": "GHSA-wqr7-3rhv-2c6r",
"modified": "2025-11-03T15:30:27Z",
"published": "2025-05-01T15:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49795"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0a1ebe35cb3b7aa1f4b26b37e2a0b9ae68dc4ffb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cbc5d1f9a8cc40ba2bc6779b36d2ea1f65bc027c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WQRM-FG5Q-J57M
Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2024-10-25 15:31In the Linux kernel, the following vulnerability has been resolved:
can: can327: can327_feed_frame_to_netdev(): fix potential skb leak when netdev is down
In can327_feed_frame_to_netdev(), it did not free the skb when netdev is down, and all callers of can327_feed_frame_to_netdev() did not free allocated skb too. That would trigger skb leak.
Fix it by adding kfree_skb() in can327_feed_frame_to_netdev() when netdev is down. Not tested, just compiled.
{
"affected": [],
"aliases": [
"CVE-2022-49008"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T20:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: can327: can327_feed_frame_to_netdev(): fix potential skb leak when netdev is down\n\nIn can327_feed_frame_to_netdev(), it did not free the skb when netdev\nis down, and all callers of can327_feed_frame_to_netdev() did not free\nallocated skb too. That would trigger skb leak.\n\nFix it by adding kfree_skb() in can327_feed_frame_to_netdev() when netdev\nis down. Not tested, just compiled.",
"id": "GHSA-wqrm-fg5q-j57m",
"modified": "2024-10-25T15:31:26Z",
"published": "2024-10-21T21:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49008"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/797b1d9fc0e1f4351e4ad49b078c1a3cdc0d4a08"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8fa452cfafed521aaf5a18c71003fe24b1ee6141"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WQVF-M58C-H7RW
Vulnerability from github – Published: 2025-03-04 21:30 – Updated: 2025-03-04 21:30On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.
{
"affected": [],
"aliases": [
"CVE-2024-9135"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-04T21:15:12Z",
"severity": "MODERATE"
},
"details": "On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.",
"id": "GHSA-wqvf-m58c-h7rw",
"modified": "2025-03-04T21:30:58Z",
"published": "2025-03-04T21:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9135"
},
{
"type": "WEB",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21092-security-advisory-0110"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-WR5G-85MP-25C9
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-30 21:30In the Linux kernel, the following vulnerability has been resolved:
net: ipv4: fix memory leak in netlbl_cipsov4_add_std
Reported by syzkaller: BUG: memory leak unreferenced object 0xffff888105df7000 (size 64): comm "syz-executor842", pid 360, jiffies 4294824824 (age 22.546s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000e67ed558>] kmalloc include/linux/slab.h:590 [inline] [<00000000e67ed558>] kzalloc include/linux/slab.h:720 [inline] [<00000000e67ed558>] netlbl_cipsov4_add_std net/netlabel/netlabel_cipso_v4.c:145 [inline] [<00000000e67ed558>] netlbl_cipsov4_add+0x390/0x2340 net/netlabel/netlabel_cipso_v4.c:416 [<0000000006040154>] genl_family_rcv_msg_doit.isra.0+0x20e/0x320 net/netlink/genetlink.c:739 [<00000000204d7a1c>] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] [<00000000204d7a1c>] genl_rcv_msg+0x2bf/0x4f0 net/netlink/genetlink.c:800 [<00000000c0d6a995>] netlink_rcv_skb+0x134/0x3d0 net/netlink/af_netlink.c:2504 [<00000000d78b9d2c>] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811 [<000000009733081b>] netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline] [<000000009733081b>] netlink_unicast+0x4a0/0x6a0 net/netlink/af_netlink.c:1340 [<00000000d5fd43b8>] netlink_sendmsg+0x789/0xc70 net/netlink/af_netlink.c:1929 [<000000000a2d1e40>] sock_sendmsg_nosec net/socket.c:654 [inline] [<000000000a2d1e40>] sock_sendmsg+0x139/0x170 net/socket.c:674 [<00000000321d1969>] _syssendmsg+0x658/0x7d0 net/socket.c:2350 [<00000000964e16bc>] _sys_sendmsg+0xf8/0x170 net/socket.c:2404 [<000000001615e288>] __sys_sendmsg+0xd3/0x190 net/socket.c:2433 [<000000004ee8b6a5>] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:47 [<00000000171c7cee>] entry_SYSCALL_64_after_hwframe+0x44/0xae
The memory of doi_def->map.std pointing is allocated in netlbl_cipsov4_add_std, but no place has freed it. It should be freed in cipso_v4_doi_free which frees the cipso DOI resource.
{
"affected": [],
"aliases": [
"CVE-2021-47250"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:13Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv4: fix memory leak in netlbl_cipsov4_add_std\n\nReported by syzkaller:\nBUG: memory leak\nunreferenced object 0xffff888105df7000 (size 64):\ncomm \"syz-executor842\", pid 360, jiffies 4294824824 (age 22.546s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace:\n[\u003c00000000e67ed558\u003e] kmalloc include/linux/slab.h:590 [inline]\n[\u003c00000000e67ed558\u003e] kzalloc include/linux/slab.h:720 [inline]\n[\u003c00000000e67ed558\u003e] netlbl_cipsov4_add_std net/netlabel/netlabel_cipso_v4.c:145 [inline]\n[\u003c00000000e67ed558\u003e] netlbl_cipsov4_add+0x390/0x2340 net/netlabel/netlabel_cipso_v4.c:416\n[\u003c0000000006040154\u003e] genl_family_rcv_msg_doit.isra.0+0x20e/0x320 net/netlink/genetlink.c:739\n[\u003c00000000204d7a1c\u003e] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n[\u003c00000000204d7a1c\u003e] genl_rcv_msg+0x2bf/0x4f0 net/netlink/genetlink.c:800\n[\u003c00000000c0d6a995\u003e] netlink_rcv_skb+0x134/0x3d0 net/netlink/af_netlink.c:2504\n[\u003c00000000d78b9d2c\u003e] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811\n[\u003c000000009733081b\u003e] netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]\n[\u003c000000009733081b\u003e] netlink_unicast+0x4a0/0x6a0 net/netlink/af_netlink.c:1340\n[\u003c00000000d5fd43b8\u003e] netlink_sendmsg+0x789/0xc70 net/netlink/af_netlink.c:1929\n[\u003c000000000a2d1e40\u003e] sock_sendmsg_nosec net/socket.c:654 [inline]\n[\u003c000000000a2d1e40\u003e] sock_sendmsg+0x139/0x170 net/socket.c:674\n[\u003c00000000321d1969\u003e] ____sys_sendmsg+0x658/0x7d0 net/socket.c:2350\n[\u003c00000000964e16bc\u003e] ___sys_sendmsg+0xf8/0x170 net/socket.c:2404\n[\u003c000000001615e288\u003e] __sys_sendmsg+0xd3/0x190 net/socket.c:2433\n[\u003c000000004ee8b6a5\u003e] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:47\n[\u003c00000000171c7cee\u003e] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe memory of doi_def-\u003emap.std pointing is allocated in\nnetlbl_cipsov4_add_std, but no place has freed it. It should be\nfreed in cipso_v4_doi_free which frees the cipso DOI resource.",
"id": "GHSA-wr5g-85mp-25c9",
"modified": "2024-12-30T21:30:46Z",
"published": "2024-05-21T15:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47250"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/086e92b1d68c6338535f715aad173f8cf4bfbc8c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0ffb460be3abac86f884a8c548bb02724ec370f4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/212166510582631994be4f4b3fe15e10a03c1dd4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/398a24447eb60f060c8994221cb5ae6caf355fa1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5340858147e3dc60913fb3dd0cbb758ec4a26e66"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6dcea66d3bb519b426282588f38e884e07893c1f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d612c3f3fae221e7ea736d196581c2217304bbbc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/deeeb65c6ee404f2d1fb80b38b2730645c0f4663"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WR7H-5WM3-P3H4
Vulnerability from github – Published: 2022-07-29 00:00 – Updated: 2022-08-05 00:00SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c.
{
"affected": [],
"aliases": [
"CVE-2022-34568"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-28T22:15:00Z",
"severity": "HIGH"
},
"details": "SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c.",
"id": "GHSA-wr7h-5wm3-p3h4",
"modified": "2022-08-05T00:00:26Z",
"published": "2022-07-29T00:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34568"
},
{
"type": "WEB",
"url": "https://github.com/libsdl-org/SDL-1.2/issues/863"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-17"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WR8G-5RGR-H9P9
Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-12-02 21:31In the Linux kernel, the following vulnerability has been resolved:
clk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe
Use devm_of_iomap() instead of of_iomap() to automatically handle the unused ioremap region. If any error occurs, regions allocated by kzalloc() will leak, but using devm_kzalloc() instead will automatically free the memory using devm_kfree().
Also, fix error handling of hws by adding unregister_hws label, which unregisters remaining hws when iomap failed.
{
"affected": [],
"aliases": [
"CVE-2023-53264"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-16T08:15:35Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe\n\nUse devm_of_iomap() instead of of_iomap() to automatically\nhandle the unused ioremap region. If any error occurs, regions allocated by\nkzalloc() will leak, but using devm_kzalloc() instead will automatically\nfree the memory using devm_kfree().\n\nAlso, fix error handling of hws by adding unregister_hws label, which\nunregisters remaining hws when iomap failed.",
"id": "GHSA-wr8g-5rgr-h9p9",
"modified": "2025-12-02T21:31:26Z",
"published": "2025-09-16T15:32:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53264"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/02e54db221bb001b32f839e0149ee8d890ab9aa1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0fbdfd2542252e4c02e8158a06b7c0c9cfd40f99"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1839032251a66f2ae5a043c495532830a55d28c4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1b280598ab3bd8a2dc8b96a12530d5b1ee7a8f4a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WV38-QG96-RHR3
Vulnerability from github – Published: 2025-09-23 15:31 – Updated: 2025-09-23 15:31In the Linux kernel, the following vulnerability has been resolved:
memstick/mspro_block: fix handling of read-only devices
Use set_disk_ro to propagate the read-only state to the block layer instead of checking for it in ->open and leaking a reference in case of a read-only device.
{
"affected": [],
"aliases": [
"CVE-2022-49178"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:54Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemstick/mspro_block: fix handling of read-only devices\n\nUse set_disk_ro to propagate the read-only state to the block layer\ninstead of checking for it in -\u003eopen and leaking a reference in case\nof a read-only device.",
"id": "GHSA-wv38-qg96-rhr3",
"modified": "2025-09-23T15:31:08Z",
"published": "2025-09-23T15:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49178"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/057b53c4f87690d626203acef8b63d52a9bf2f43"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6a0725b9d78ff6efdc95a37e4f05072e79c63918"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6dab421bfe06a59bf8f212a72e34673e8acf2018"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.