CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-2QP4-WWRV-GF4C
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.
{
"affected": [],
"aliases": [
"CVE-2020-22037"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-01T20:15:00Z",
"severity": "MODERATE"
},
"details": "A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.",
"id": "GHSA-2qp4-wwrv-gf4c",
"modified": "2022-05-24T19:03:40Z",
"published": "2022-05-24T19:03:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html"
},
{
"type": "WEB",
"url": "https://trac.ffmpeg.org/ticket/8281"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4990"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4998"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-2R2X-3JH4-CHHV
Vulnerability from github – Published: 2024-05-22 09:31 – Updated: 2025-11-03 18:31In the Linux kernel, the following vulnerability has been resolved:
ptp: Fix possible memory leak in ptp_clock_register()
I got memory leak as follows when doing fault injection test:
unreferenced object 0xffff88800906c618 (size 8): comm "i2c-idt82p33931", pid 4421, jiffies 4294948083 (age 13.188s) hex dump (first 8 bytes): 70 74 70 30 00 00 00 00 ptp0.... backtrace: [<00000000312ed458>] __kmalloc_track_caller+0x19f/0x3a0 [<0000000079f6e2ff>] kvasprintf+0xb5/0x150 [<0000000026aae54f>] kvasprintf_const+0x60/0x190 [<00000000f323a5f7>] kobject_set_name_vargs+0x56/0x150 [<000000004e35abdd>] dev_set_name+0xc0/0x100 [<00000000f20cfe25>] ptp_clock_register+0x9f4/0xd30 [ptp] [<000000008bb9f0de>] idt82p33_probe.cold+0x8b6/0x1561 [ptp_idt82p33]
When posix_clock_register() returns an error, the name allocated in dev_set_name() will be leaked, the put_device() should be used to give up the device reference, then the name will be freed in kobject_cleanup() and other memory will be freed in ptp_clock_release().
{
"affected": [],
"aliases": [
"CVE-2021-47455"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-22T07:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: Fix possible memory leak in ptp_clock_register()\n\nI got memory leak as follows when doing fault injection test:\n\nunreferenced object 0xffff88800906c618 (size 8):\n comm \"i2c-idt82p33931\", pid 4421, jiffies 4294948083 (age 13.188s)\n hex dump (first 8 bytes):\n 70 74 70 30 00 00 00 00 ptp0....\n backtrace:\n [\u003c00000000312ed458\u003e] __kmalloc_track_caller+0x19f/0x3a0\n [\u003c0000000079f6e2ff\u003e] kvasprintf+0xb5/0x150\n [\u003c0000000026aae54f\u003e] kvasprintf_const+0x60/0x190\n [\u003c00000000f323a5f7\u003e] kobject_set_name_vargs+0x56/0x150\n [\u003c000000004e35abdd\u003e] dev_set_name+0xc0/0x100\n [\u003c00000000f20cfe25\u003e] ptp_clock_register+0x9f4/0xd30 [ptp]\n [\u003c000000008bb9f0de\u003e] idt82p33_probe.cold+0x8b6/0x1561 [ptp_idt82p33]\n\nWhen posix_clock_register() returns an error, the name allocated\nin dev_set_name() will be leaked, the put_device() should be used\nto give up the device reference, then the name will be freed in\nkobject_cleanup() and other memory will be freed in ptp_clock_release().",
"id": "GHSA-2r2x-3jh4-chhv",
"modified": "2025-11-03T18:31:14Z",
"published": "2024-05-22T09:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47455"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4225fea1cb28370086e17e82c0f69bec2779dca0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/95c0a0c5ec8839f8f21672be786e87a100319ca8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f1c96d8085588e1b997a96214b409ac3be20b524"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2R3R-854P-XJFR
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
{
"affected": [],
"aliases": [
"CVE-2010-2249"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-06-30T18:30:00Z",
"severity": "MODERATE"
},
"details": "Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.",
"id": "GHSA-2r3r-854p-xjfr",
"modified": "2022-05-13T01:23:34Z",
"published": "2022-05-13T01:23:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2249"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2010:0534"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2010-2249"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=608644"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59816"
},
{
"type": "WEB",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20"
},
{
"type": "WEB",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"type": "WEB",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40302"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40336"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40472"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40547"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/41574"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42314"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42317"
},
{
"type": "WEB",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.613061"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4435"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4456"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4457"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4554"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4566"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2010/dsa-2072"
},
{
"type": "WEB",
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/41174"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1024723"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-960-1"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1612"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1637"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1755"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1837"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1846"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1877"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/2491"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/3045"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/3046"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2RCM-PHC9-3945
Vulnerability from github – Published: 2018-10-10 16:10 – Updated: 2024-10-21 21:06It was discovered that pyOpenSSL incorrectly handled memory when performing operations on a PKCS #12 store. A remote attacker could possibly use this issue to cause pyOpenSSL to consume resources, resulting in a denial of service.
This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection that would cause the calling application to reload certificates from a PKCS #12 store. This vulnerability appears to have been fixed in 17.5.0.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pyopenssl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-1000808"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-404"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T20:52:58Z",
"nvd_published_at": "2018-10-08T15:29:00Z",
"severity": "HIGH"
},
"details": "It was discovered that pyOpenSSL incorrectly handled memory when performing operations on a PKCS #12 store. A remote attacker could possibly use this issue to cause pyOpenSSL to consume resources, resulting in a denial of service.\n\nThis attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection that would cause the calling application to reload certificates from a PKCS #12 store. This vulnerability appears to have been fixed in 17.5.0.",
"id": "GHSA-2rcm-phc9-3945",
"modified": "2024-10-21T21:06:54Z",
"published": "2018-10-10T16:10:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000808"
},
{
"type": "WEB",
"url": "https://github.com/pyca/pyopenssl/pull/723"
},
{
"type": "WEB",
"url": "https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0085"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-2rcm-phc9-3945"
},
{
"type": "PACKAGE",
"url": "https://github.com/pyca/pyopenssl"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-24.yaml"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3813-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Pyopenssl Incorrect Memory Management"
}
GHSA-2VGM-JH3H-JPGG
Vulnerability from github – Published: 2026-05-01 15:30 – Updated: 2026-05-08 18:31In the Linux kernel, the following vulnerability has been resolved:
iio: gyro: mpu3050: Fix irq resource leak
The interrupt handler is setup but only a few lines down if iio_trigger_register() fails the function returns without properly releasing the handler.
Add cleanup goto to resolve resource leak.
Detected by Smatch: drivers/iio/gyro/mpu3050-core.c:1128 mpu3050_trigger_probe() warn: 'irq' from request_threaded_irq() not released on lines: 1124.
{
"affected": [],
"aliases": [
"CVE-2026-31762"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-01T15:16:39Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: gyro: mpu3050: Fix irq resource leak\n\nThe interrupt handler is setup but only a few lines down if\niio_trigger_register() fails the function returns without properly\nreleasing the handler.\n\nAdd cleanup goto to resolve resource leak.\n\nDetected by Smatch:\ndrivers/iio/gyro/mpu3050-core.c:1128 mpu3050_trigger_probe() warn:\n\u0027irq\u0027 from request_threaded_irq() not released on lines: 1124.",
"id": "GHSA-2vgm-jh3h-jpgg",
"modified": "2026-05-08T18:31:26Z",
"published": "2026-05-01T15:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31762"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3a8e68d65a443de05061818823037931674740e0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4216db1043a3be72ef9c2b7b9f393d7fa72496e6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/658d9deb45d5032baf388ac51991d1e789157334"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/889253494ec73d60bd47c0518f8fe3a748520d5b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8f237c408f3007d7d9667623ffb41a9e9d661ee9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b52fd1644ad2c4e96bbec97543a966d7ad8f21ea"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/beb23092571e627190f23da4bb8548065cacd89c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e66215fc1878357d5c980066e650f542330524af"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2VH6-G7PQ-9FGV
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-11 03:30In the Linux kernel, the following vulnerability has been resolved:
pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace
The hdr variable is allocated on the stack and only hdr.version and hdr.flags are initialized explicitly. Because the struct papr_hvpipe_hdr contains reserved padding bytes (reserved[3] and reserved2[40]), these could leak the uninitialized bytes to userspace after copy_to_user().
This patch fixes that by initializing the whole struct to 0.
{
"affected": [],
"aliases": [
"CVE-2026-46182"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:33Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\npseries/papr-hvpipe: Prevent kernel stack memory leak to userspace\n\nThe hdr variable is allocated on the stack and only hdr.version and\nhdr.flags are initialized explicitly. Because the struct papr_hvpipe_hdr\ncontains reserved padding bytes (reserved[3] and reserved2[40]), these\ncould leak the uninitialized bytes to userspace after copy_to_user().\n\nThis patch fixes that by initializing the whole struct to 0.",
"id": "GHSA-2vh6-g7pq-9fgv",
"modified": "2026-06-11T03:30:23Z",
"published": "2026-05-28T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46182"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0479b6e9f999cc1cbad7d9f09f574fc387e605d5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cefeed44296261173a806bef988b26bc565da4be"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f88f8e4485b437e0a2f96a7ff1f88aa22d925659"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2VJF-7VMH-8JPP
Vulnerability from github – Published: 2026-06-26 21:32 – Updated: 2026-07-06 21:30In the Linux kernel, the following vulnerability has been resolved:
power: supply: max77705: Free allocated workqueue and fix removal order
Use devm interface for allocating workqueue to fix two bugs at the same time:
-
Driver leaks the memory on remove(), because the workqueue is not destroyed.
-
Driver allocates workqueue and then registers interrupt handlers with devm interface. This means that probe error paths will not use a reversed order, but first destroy the workqueue and then, via devm release handlers, free the interrupt.
The interrupt handler schedules work on this exact workqueue, thus if interrupt is hit in this short time window - after destroying workqueue, but before devm() frees the interrupt - the schedulled work will lead to use of freed memory.
Change is not equivalent in the workqueue itself: use non-legacy API which does not set (__WQ_LEGACY | WQ_MEM_RECLAIM). The workqueue is used to update power supply (power_supply_changed()) status, thus there is no point to run it for memory reclaim. Note that dev_name() is not directly used in second argument to prevent possible unlikely parsing any "%" character in device name as format.
{
"affected": [],
"aliases": [
"CVE-2026-53308"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-26T20:17:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: max77705: Free allocated workqueue and fix removal order\n\nUse devm interface for allocating workqueue to fix two bugs at the same\ntime:\n\n1. Driver leaks the memory on remove(), because the workqueue is not\n destroyed.\n\n2. Driver allocates workqueue and then registers interrupt handlers\n with devm interface. This means that probe error paths will not use a\n reversed order, but first destroy the workqueue and then, via devm\n release handlers, free the interrupt.\n\n The interrupt handler schedules work on this exact workqueue, thus if\n interrupt is hit in this short time window - after destroying\n workqueue, but before devm() frees the interrupt - the schedulled\n work will lead to use of freed memory.\n\nChange is not equivalent in the workqueue itself: use non-legacy API\nwhich does not set (__WQ_LEGACY | WQ_MEM_RECLAIM). The workqueue is\nused to update power supply (power_supply_changed()) status, thus there\nis no point to run it for memory reclaim. Note that dev_name() is not\ndirectly used in second argument to prevent possible unlikely parsing\nany \"%\" character in device name as format.",
"id": "GHSA-2vjf-7vmh-8jpp",
"modified": "2026-07-06T21:30:26Z",
"published": "2026-06-26T21:32:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53308"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1e668baadefb16e81269dbfebf3ffc2672e3a3bb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b98e4e57e34d099a8f846fa54749654082975ea0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2VP4-6VG4-QH8R
Vulnerability from github – Published: 2025-03-17 18:31 – Updated: 2025-03-17 18:31In the Linux kernel, the following vulnerability has been resolved:
thermal/core: Fix memory leak in __thermal_cooling_device_register()
I got memory leak as follows when doing fault injection test:
unreferenced object 0xffff888010080000 (size 264312): comm "182", pid 102533, jiffies 4296434960 (age 10.100s) hex dump (first 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ff ff ff ff ff ff ff ff 40 7f 1f b9 ff ff ff ff ........@....... backtrace: [<0000000038b2f4fc>] kmalloc_order_trace+0x1d/0x110 mm/slab_common.c:969 [<00000000ebcb8da5>] __kmalloc+0x373/0x420 include/linux/slab.h:510 [<0000000084137f13>] thermal_cooling_device_setup_sysfs+0x15d/0x2d0 include/linux/slab.h:586 [<00000000352b8755>] __thermal_cooling_device_register+0x332/0xa60 drivers/thermal/thermal_core.c:927 [<00000000fb9f331b>] devm_thermal_of_cooling_device_register+0x6b/0xf0 drivers/thermal/thermal_core.c:1041 [<000000009b8012d2>] max6650_probe.cold+0x557/0x6aa drivers/hwmon/max6650.c:211 [<00000000da0b7e04>] i2c_device_probe+0x472/0xac0 drivers/i2c/i2c-core-base.c:561
If device_register() fails, thermal_cooling_device_destroy_sysfs() need be called to free the memory allocated in thermal_cooling_device_setup_sysfs().
{
"affected": [],
"aliases": [
"CVE-2022-49468"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:23Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/core: Fix memory leak in __thermal_cooling_device_register()\n\nI got memory leak as follows when doing fault injection test:\n\nunreferenced object 0xffff888010080000 (size 264312):\n comm \"182\", pid 102533, jiffies 4296434960 (age 10.100s)\n hex dump (first 32 bytes):\n 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\n ff ff ff ff ff ff ff ff 40 7f 1f b9 ff ff ff ff ........@.......\n backtrace:\n [\u003c0000000038b2f4fc\u003e] kmalloc_order_trace+0x1d/0x110 mm/slab_common.c:969\n [\u003c00000000ebcb8da5\u003e] __kmalloc+0x373/0x420 include/linux/slab.h:510\n [\u003c0000000084137f13\u003e] thermal_cooling_device_setup_sysfs+0x15d/0x2d0 include/linux/slab.h:586\n [\u003c00000000352b8755\u003e] __thermal_cooling_device_register+0x332/0xa60 drivers/thermal/thermal_core.c:927\n [\u003c00000000fb9f331b\u003e] devm_thermal_of_cooling_device_register+0x6b/0xf0 drivers/thermal/thermal_core.c:1041\n [\u003c000000009b8012d2\u003e] max6650_probe.cold+0x557/0x6aa drivers/hwmon/max6650.c:211\n [\u003c00000000da0b7e04\u003e] i2c_device_probe+0x472/0xac0 drivers/i2c/i2c-core-base.c:561\n\nIf device_register() fails, thermal_cooling_device_destroy_sysfs() need be called\nto free the memory allocated in thermal_cooling_device_setup_sysfs().",
"id": "GHSA-2vp4-6vg4-qh8r",
"modified": "2025-03-17T18:31:50Z",
"published": "2025-03-17T18:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49468"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/18530bedd221160823f63ccc20dd55c7a03edbcf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/21ccc58b671aea924f2481cf5c1cf0ebbfd3552d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3802171f0b5b8b831f4ade5c827547cb323a5bb2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/98a160e898c0f4a979af9de3ab48b4b1d42d1dbb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9abdf0c0184230f0cb5c6685aabf33dda89aa9fb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2W45-V2HV-RXP2
Vulnerability from github – Published: 2024-08-21 00:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
net: usb: qmi_wwan: fix memory leak for not ip packets
Free the unused skb when not ip packets arrive.
{
"affected": [],
"aliases": [
"CVE-2024-43861"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-20T22:15:04Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive.",
"id": "GHSA-2w45-v2hv-rxp2",
"modified": "2025-11-04T00:31:17Z",
"published": "2024-08-21T00:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43861"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/37c093449704017870604994ba9b813cdb9475a4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3c90a69533b5bba73401ef884d033ea49ee99662"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7ab107544b777c3bd7feb9fe447367d8edd5b202"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c4251a3deccad852b27e60625f31fba6cc14372f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c6c5b91424fafc0f83852d961c10c7e43a001882"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/da518cc9b64df391795d9952aed551e0f782e446"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e87f52225e04a7001bf55bbd7a330fa4252327b5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f2c353227de14b0289298ffc3ba92058c4768384"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2WC2-77R7-4PM8
Vulnerability from github – Published: 2022-12-23 18:30 – Updated: 2025-04-15 15:30An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak.
{
"affected": [],
"aliases": [
"CVE-2022-47941"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-23T16:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak.",
"id": "GHSA-2wc2-77r7-4pm8",
"modified": "2025-04-15T15:30:40Z",
"published": "2022-12-23T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47941"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/aa7253c2393f6dcd6a1468b0792f6da76edad917"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa7253c2393f6dcd6a1468b0792f6da76edad917"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1687"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/12/23/10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.