Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-2J9F-HMX4-CVGR

Vulnerability from github – Published: 2024-09-04 21:30 – Updated: 2024-09-06 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

idpf: fix memory leaks and crashes while performing a soft reset

The second tagged commit introduced a UAF, as it removed restoring q_vector->vport pointers after reinitializating the structures. This is due to that all queue allocation functions are performed here with the new temporary vport structure and those functions rewrite the backpointers to the vport. Then, this new struct is freed and the pointers start leading to nowhere.

But generally speaking, the current logic is very fragile. It claims to be more reliable when the system is low on memory, but in fact, it consumes two times more memory as at the moment of running this function, there are two vports allocated with their queues and vectors. Moreover, it claims to prevent the driver from running into "bad state", but in fact, any error during the rebuild leaves the old vport in the partially allocated state. Finally, if the interface is down when the function is called, it always allocates a new queue set, but when the user decides to enable the interface later on, vport_open() allocates them once again, IOW there's a clear memory leak here.

Just don't allocate a new queue set when performing a reset, that solves crashes and memory leaks. Readd the old queue number and reopen the interface on rollback - that solves limbo states when the device is left disabled and/or without HW queues enabled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-44964"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-04T19:15:30Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leaks and crashes while performing a soft reset\n\nThe second tagged commit introduced a UAF, as it removed restoring\nq_vector-\u003evport pointers after reinitializating the structures.\nThis is due to that all queue allocation functions are performed here\nwith the new temporary vport structure and those functions rewrite\nthe backpointers to the vport. Then, this new struct is freed and\nthe pointers start leading to nowhere.\n\nBut generally speaking, the current logic is very fragile. It claims\nto be more reliable when the system is low on memory, but in fact, it\nconsumes two times more memory as at the moment of running this\nfunction, there are two vports allocated with their queues and vectors.\nMoreover, it claims to prevent the driver from running into \"bad state\",\nbut in fact, any error during the rebuild leaves the old vport in the\npartially allocated state.\nFinally, if the interface is down when the function is called, it always\nallocates a new queue set, but when the user decides to enable the\ninterface later on, vport_open() allocates them once again, IOW there\u0027s\na clear memory leak here.\n\nJust don\u0027t allocate a new queue set when performing a reset, that solves\ncrashes and memory leaks. Readd the old queue number and reopen the\ninterface on rollback - that solves limbo states when the device is left\ndisabled and/or without HW queues enabled.",
  "id": "GHSA-2j9f-hmx4-cvgr",
  "modified": "2024-09-06T18:31:29Z",
  "published": "2024-09-04T21:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44964"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6b289f8d91537ec1e4f9c7b38b31b90d93b1419b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f01032a2ca099ec8d619aaa916c3762aa62495df"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2JPC-GRXP-P4W8

Vulnerability from github – Published: 2022-07-21 00:00 – Updated: 2022-07-30 00:00
VLAI
Details

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos platforms, the Kernel Routing Table (KRT) queue can get stuck due to a memory leak triggered by interface flaps or route churn leading to RIB and PFEs getting out of sync. The memory leak causes RTNEXTHOP/route and next-hop memory pressure issue and the KRT queue will eventually get stuck with the error- 'ENOMEM -- Cannot allocate memory'. The out-of-sync state between RIB and FIB can be seen with the "show route" and "show route forwarding-table" command. This issue will lead to failures for adding new routes. The KRT queue status can be checked using the CLI command "show krt queue": user@host > show krt state High-priority add queue: 1 queued ADD nhtype Router index 0 (31212) error 'ENOMEM -- Cannot allocate memory' kqp '0x8ad5e40' The following messages will be observed in /var/log/messages, which indicate high memory for routes/nexthops: host rpd[16279]: RPD_RT_HWM_NOTICE: New RIB highwatermark for routes: 266 [2022-03-04 05:06:07] host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host kernel: rts_veto_net_delayed_unref_limit: Route/nexthop memory is severe pressure. User Application to perform recovery actions. O p 8 err 12, rtsm_id 0:-1, msg type 10, veto simulation: 0. host kernel: rts_veto_net_delayed_unref_limit: Memory usage of M_RTNEXTHOP type = (806321208) Max size possible for M_RTNEXTHOP type = (689432176) Current delayed unref = (0), Max delayed unref on this platform = (120000) Current delayed weight unref = (0) Max delayed weight unref on this platform = (400000) curproc = rpd. This issue affects: Juniper Networks Junos OS 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2-S1, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; This issue does not affect Juniper Networks Junos OS versions prior to 21.2R1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22209"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-20T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos platforms, the Kernel Routing Table (KRT) queue can get stuck due to a memory leak triggered by interface flaps or route churn leading to RIB and PFEs getting out of sync. The memory leak causes RTNEXTHOP/route and next-hop memory pressure issue and the KRT queue will eventually get stuck with the error- \u0027ENOMEM -- Cannot allocate memory\u0027. The out-of-sync state between RIB and FIB can be seen with the \"show route\" and \"show route forwarding-table\" command. This issue will lead to failures for adding new routes. The KRT queue status can be checked using the CLI command \"show krt queue\": user@host \u003e show krt state High-priority add queue: 1 queued ADD nhtype Router index 0 (31212) error \u0027ENOMEM -- Cannot allocate memory\u0027 kqp \u00270x8ad5e40\u0027 The following messages will be observed in /var/log/messages, which indicate high memory for routes/nexthops: host rpd[16279]: RPD_RT_HWM_NOTICE: New RIB highwatermark for routes: 266 [2022-03-04 05:06:07] host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host kernel: rts_veto_net_delayed_unref_limit: Route/nexthop memory is severe pressure. User Application to perform recovery actions. O p 8 err 12, rtsm_id 0:-1, msg type 10, veto simulation: 0. host kernel: rts_veto_net_delayed_unref_limit: Memory usage of M_RTNEXTHOP type = (806321208) Max size possible for M_RTNEXTHOP type = (689432176) Current delayed unref = (0), Max delayed unref on this platform = (120000) Current delayed weight unref = (0) Max delayed weight unref on this platform = (400000) curproc = rpd. This issue affects: Juniper Networks Junos OS 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2-S1, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; This issue does not affect Juniper Networks Junos OS versions prior to 21.2R1.",
  "id": "GHSA-2jpc-grxp-p4w8",
  "modified": "2022-07-30T00:00:16Z",
  "published": "2022-07-21T00:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22209"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA69713"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2JXW-CWMM-P22X

Vulnerability from github – Published: 2025-09-18 18:30 – Updated: 2025-12-11 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: fw: fix memory leak in debugfs

Fix a memory leak that occurs when reading the fw_info file all the way, since we return NULL indicating no more data, but don't free the status tracking object.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53422"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T16:15:46Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: fw: fix memory leak in debugfs\n\nFix a memory leak that occurs when reading the fw_info\nfile all the way, since we return NULL indicating no\nmore data, but don\u0027t free the status tracking object.",
  "id": "GHSA-2jxw-cwmm-p22x",
  "modified": "2025-12-11T15:30:30Z",
  "published": "2025-09-18T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53422"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/37f64bc8e001f216566d17ef9fd5608c762ebcd4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3d90d2f4a018fe8cfd65068bc6350b6222be4852"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/89496d6cff297c88fe0286a440c380ceb172da2b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b830ba20b43be52eae7d4087b61a0079dec56820"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e302e9ca14a86a80eadfb24a34d8675aadaf3ef3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fe17124282da055cb2e53f0131521459b5c7866c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2M3M-X4CJ-RQRM

Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-11 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup()

When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53407"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T14:15:44Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time.  To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once.",
  "id": "GHSA-2m3m-x4cj-rqrm",
  "modified": "2025-12-11T15:30:30Z",
  "published": "2025-09-18T15:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53407"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/67c931a3f2f061bf457995fd21fff114325e0c30"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7a6952fa0366d4408eb8695af1a0578c39ec718a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8da78a60f3323ce7aac589d49fb82f71a04bc835"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b14d188d0d0b86e2180525aefd570dbb6ebd6aa9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2M87-9X7M-6V4Q

Vulnerability from github – Published: 2022-05-02 03:16 – Updated: 2022-05-02 03:16
VLAI
Details

Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-0581"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-03-23T14:19:00Z",
    "severity": "MODERATE"
  },
  "details": "Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.",
  "id": "GHSA-2m87-9x7m-6v4q",
  "modified": "2022-05-02T03:16:42Z",
  "published": "2022-05-02T03:16:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0581"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2009:0339"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2009:0377"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2009-0581"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487509"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49328"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10023"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://scary.beasts.org/security/CESA-2009-003.html"
    },
    {
      "type": "WEB",
      "url": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34367"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34382"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34400"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34408"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34418"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34442"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34450"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34454"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34463"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34632"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34675"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34782"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200904-19.xml"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.487438"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1745"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1769"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
    },
    {
      "type": "WEB",
      "url": "http://www.ocert.org/advisories/ocert-2009-003.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0339.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/502018/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/502031/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34185"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021870"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-744-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0775"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-2MFF-F6QM-822Q

Vulnerability from github – Published: 2024-02-12 03:30 – Updated: 2024-02-26 21:31
VLAI
Details

A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-25740"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-12T03:15:32Z",
    "severity": "MODERATE"
  },
  "details": "A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj-\u003ename is not released.",
  "id": "GHSA-2mff-f6qm-822q",
  "modified": "2024-02-26T21:31:35Z",
  "published": "2024-02-12T03:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25740"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/lkml/0171b6cc-95ee-3538-913b-65a391a446b3%40huawei.com/T"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2MM9-P89H-XJ5V

Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-02-06 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtw88: delete timer and free skb queue when unloading

Fix possible crash and memory leak on driver unload by deleting TX purge timer and freeing C2H queue in 'rtw_core_deinit()', shrink critical section in the latter by freeing COEX queue out of TX report lock scope.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53574"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-04T16:15:53Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: delete timer and free skb queue when unloading\n\nFix possible crash and memory leak on driver unload by deleting\nTX purge timer and freeing C2H queue in \u0027rtw_core_deinit()\u0027,\nshrink critical section in the latter by freeing COEX queue\nout of TX report lock scope.",
  "id": "GHSA-2mm9-p89h-xj5v",
  "modified": "2026-02-06T15:30:58Z",
  "published": "2025-10-04T18:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53574"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4128b00a6006870e117ab1841e58f369e9284ecb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/634fcbcaa4062db39aeb5ac6ed1bc1feb8dd5216"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2MRP-H89G-G693

Vulnerability from github – Published: 2024-07-29 15:30 – Updated: 2025-02-03 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

misc: fastrpc: Fix memory leak in audio daemon attach operation

Audio PD daemon send the name as part of the init IOCTL call. This name needs to be copied to kernel for which memory is allocated. This memory is never freed which might result in memory leak. Free the memory when it is not needed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41025"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-29T15:15:11Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix memory leak in audio daemon attach operation\n\nAudio PD daemon send the name as part of the init IOCTL call. This\nname needs to be copied to kernel for which memory is allocated.\nThis memory is never freed which might result in memory leak. Free\nthe memory when it is not needed.",
  "id": "GHSA-2mrp-h89g-g693",
  "modified": "2025-02-03T18:30:38Z",
  "published": "2024-07-29T15:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41025"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8b8b82dcf393ceaca8c88939338fd4c30b5b11b2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ad0bd973a033003ca578c42a760d1dc77aeea15e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dbf4c31c9b039fd9734da156036492a2a7f78f64"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2MRX-Q835-W93G

Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-05-24 19:20
VLAI
Details

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34598"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-10T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active",
  "id": "GHSA-2mrx-q835-w93g",
  "modified": "2022-05-24T19:20:19Z",
  "published": "2022-05-24T19:20:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34598"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en/advisories/VDE-2021-046"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2MXH-QRPV-MFVX

Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-21 18:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mctp: i2c: fix skb memory leak in receive path

When 'midev->allow_rx' is false, the newly allocated skb isn't consumed by netif_rx(), it needs to free the skb directly.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43457"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-08T15:16:58Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmctp: i2c: fix skb memory leak in receive path\n\nWhen \u0027midev-\u003eallow_rx\u0027 is false, the newly allocated skb isn\u0027t consumed\nby netif_rx(), it needs to free the skb directly.",
  "id": "GHSA-2mxh-qrpv-mfvx",
  "modified": "2026-05-21T18:33:06Z",
  "published": "2026-05-08T15:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43457"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0fb2adbdd5c03e8c9ebcdc48afd414b2724c85eb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1b1be322342a6b0085bf6ee52235e5ac9834ec25"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1ec54187e1aa40a4cfa2b265e9a311179f24b98d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9f81be2ab9d8e4744871bfb3e868ef413413829f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d7900a43b0a314a645ca0a2adf45928dbc7001f4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e3f5e0f22cfc2371e7471c9fd5b4da78f9df7c69"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.