Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-2WJW-PC5M-J29Q

Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2026-06-08 15:32
VLAI
Details

In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-32032"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-21T04:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.",
  "id": "GHSA-2wjw-pc5m-j29q",
  "modified": "2026-06-08T15:32:40Z",
  "published": "2022-05-24T19:02:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32032"
    },
    {
      "type": "WEB",
      "url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=7e2e523a1c4e9ac7b9cc4fd551831f7639ed5ff9"
    },
    {
      "type": "WEB",
      "url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/crypto_multi_part_ops_abort_fail.rst"
    },
    {
      "type": "WEB",
      "url": "https://www.trustedfirmware.org"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2WR3-6FFM-MQ44

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-03 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new()

Inject fault while probing module, if device_register() fails, but the refcount of kobject is not decreased to 0, the name allocated in dev_set_name() is leaked. Fix this by calling put_device(), so that name can be freed in callback function kobject_cleanup().

unreferenced object 0xffff88810152ad20 (size 8): comm "modprobe", pid 252, jiffies 4294849206 (age 22.713s) hex dump (first 8 bytes): 68 77 73 69 6d 30 00 ff hwsim0.. backtrace: [<000000009c3504ed>] __kmalloc_node_track_caller+0x44/0x1b0 [<00000000c0228a5e>] kvasprintf+0xb5/0x140 [<00000000cff8c21f>] kvasprintf_const+0x55/0x180 [<0000000055a1e073>] kobject_set_name_vargs+0x56/0x150 [<000000000a80b139>] dev_set_name+0xab/0xe0

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50331"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:45Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new()\n\nInject fault while probing module, if device_register() fails,\nbut the refcount of kobject is not decreased to 0, the name\nallocated in dev_set_name() is leaked. Fix this by calling\nput_device(), so that name can be freed in callback function\nkobject_cleanup().\n\nunreferenced object 0xffff88810152ad20 (size 8):\n  comm \"modprobe\", pid 252, jiffies 4294849206 (age 22.713s)\n  hex dump (first 8 bytes):\n    68 77 73 69 6d 30 00 ff                          hwsim0..\n  backtrace:\n    [\u003c000000009c3504ed\u003e] __kmalloc_node_track_caller+0x44/0x1b0\n    [\u003c00000000c0228a5e\u003e] kvasprintf+0xb5/0x140\n    [\u003c00000000cff8c21f\u003e] kvasprintf_const+0x55/0x180\n    [\u003c0000000055a1e073\u003e] kobject_set_name_vargs+0x56/0x150\n    [\u003c000000000a80b139\u003e] dev_set_name+0xab/0xe0",
  "id": "GHSA-2wr3-6ffm-mq44",
  "modified": "2025-12-03T21:30:59Z",
  "published": "2025-09-15T15:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50331"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/258ad2fe5ede773625adfda88b173f4123e59f45"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/50c31fa952309536c6e4461ff815ddccc8dff9d5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d87973314aba6de80a49f4271dd9be4ddc08e729"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2X5R-JFHX-632P

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-11-26 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mmc: vub300: fix return value check of mmc_add_host()

mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path.

So fix this by checking the return value and goto error path which will call mmc_free_host(), besides, the timer added before mmc_add_host() needs be del.

And this patch fixes another missing call mmc_free_host() if usb_control_msg() fails.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50251"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T14:15:35Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: vub300: fix return value check of mmc_add_host()\n\nmmc_add_host() may return error, if we ignore its return value, the memory\nthat allocated in mmc_alloc_host() will be leaked and it will lead a kernel\ncrash because of deleting not added device in the remove path.\n\nSo fix this by checking the return value and goto error path which will call\nmmc_free_host(), besides, the timer added before mmc_add_host() needs be del.\n\nAnd this patch fixes another missing call mmc_free_host() if usb_control_msg()\nfails.",
  "id": "GHSA-2x5r-jfhx-632p",
  "modified": "2025-11-26T18:31:02Z",
  "published": "2025-09-15T15:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50251"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0613ad2401f88bdeae5594c30afe318e93b14676"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2044b2ea77945f372ef161d1bbf814e471767ff2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/25f05d762ca5e1c685002a53dd44f68e78ca3feb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3049a3b927a40d89d4582ff1033cd7953be773c7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3b29f8769d32016b2d89183db4d80c7a71b7e35e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/41ed46bdbd2878cd6567abe0974a445f8b1b8ec8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a46e681151bbdacdf6b89ee8c4e5bad0555142bb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/afc898019e7bf18c5eb7a0ac19852fcb1b341b3c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c9e85979b59cb86f0a15defa8199d740e2b36b90"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2X7M-GF85-3745

Vulnerability from github – Published: 2024-03-13 17:14 – Updated: 2024-03-13 17:14
VLAI
Summary
Remote Denial of Service Vulnerability in Microsoft QUIC
Details

Impact

The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service.

Patches

The following patch was made:

  • Fix Memory Leak from Multiple Decodes of TP - https://github.com/microsoft/msquic/commit/5d070d661c45979946615289e92bb6b822efe9e9

Workarounds

Beyond upgrading to the patched versions, there is no other workaround.

MSRC CVE Info

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.Native.Quic.MsQuic.OpenSSL"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.Native.Quic.MsQuic.Schannel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.Native.Quic.MsQuic.Schannel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.Native.Quic.MsQuic.Schannel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.Native.Quic.MsQuic.OpenSSL"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.Native.Quic.MsQuic.OpenSSL"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-13T17:14:43Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\nThe MsQuic server will continue to leak memory until no more is available, resulting in a denial of service.\n\n### Patches\nThe following patch was made:\n\n - Fix Memory Leak from Multiple Decodes of TP - https://github.com/microsoft/msquic/commit/5d070d661c45979946615289e92bb6b822efe9e9\n\n### Workarounds\nBeyond upgrading to the patched versions, there is no other workaround.\n\n### MSRC CVE Info\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190",
  "id": "GHSA-2x7m-gf85-3745",
  "modified": "2024-03-13T17:14:43Z",
  "published": "2024-03-13T17:14:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/msquic/security/advisories/GHSA-2x7m-gf85-3745"
    },
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/msquic/commit/5d070d661c45979946615289e92bb6b822efe9e9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/msquic/commit/933f7b79949bc588945672396d70b661143bb8f0"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/microsoft/msquic"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Remote Denial of Service Vulnerability in Microsoft QUIC"
}

GHSA-2XF2-3HGG-M6F8

Vulnerability from github – Published: 2025-03-10 21:31 – Updated: 2025-03-10 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails

In mce_threshold_create_device(), if threshold_create_bank() fails, the previously allocated threshold banks array @bp will be leaked because the call to mce_threshold_remove_device() will not free it.

This happens because mce_threshold_remove_device() fetches the pointer through the threshold_banks per-CPU variable but bp is written there only after the bank creation is successful, and not before, when threshold_create_bank() fails.

Add a helper which unwinds all the bank creation work previously done and pass into it the previously allocated threshold banks array for freeing.

[ bp: Massage. ]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49549"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:30Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/MCE/AMD: Fix memory leak when threshold_create_bank() fails\n\nIn mce_threshold_create_device(), if threshold_create_bank() fails, the\npreviously allocated threshold banks array @bp will be leaked because\nthe call to mce_threshold_remove_device() will not free it.\n\nThis happens because mce_threshold_remove_device() fetches the pointer\nthrough the threshold_banks per-CPU variable but bp is written there\nonly after the bank creation is successful, and not before, when\nthreshold_create_bank() fails.\n\nAdd a helper which unwinds all the bank creation work previously done\nand pass into it the previously allocated threshold banks array for\nfreeing.\n\n  [ bp: Massage. ]",
  "id": "GHSA-2xf2-3hgg-m6f8",
  "modified": "2025-03-10T21:31:09Z",
  "published": "2025-03-10T21:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49549"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/396b8e7ab2a99ddac57d3522b3da5e58cb608d37"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9708f1956eeb70c86943e0bc62fa3b0101b59616"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b4acb8e7f1594607bc9017ef0aacb40b24a003d6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cc0dd4456f9573bf8af9b4d8754433918e809e1e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e5f28623ceb103e13fc3d7bd45edf9818b227fd0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2XJ6-HWHM-5M6G

Vulnerability from github – Published: 2026-07-10 00:31 – Updated: 2026-07-10 00:31
VLAI
Details

A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series devices allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).When sFlow is configured in a Virtual Chassis (VC) scenario with EX4100 Series or EX4400 Series devices, multicast traffic which is received on one VC member and sent out on another member leads to a memory leak and ultimately an FPC crash and restart.

The leak can be monitored by watching the continuous increase of the buffer values in the output of:

user@host> show chassis fpc This issue affects Junos OS on EX4100 Series and EX4400:

  • all versions before 23.2R2-S7,
  • 23.4 versions before 23.4R2-S7,
  • 24.2 versions before 24.2R2-S4,
  • 24.4 versions before 24.4R2.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-57027"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-09T22:17:08Z",
    "severity": "HIGH"
  },
  "details": "A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series devices allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).When sFlow is configured in a Virtual Chassis (VC) scenario with EX4100 Series or EX4400 Series devices, multicast traffic which is received on one VC member and sent out on another member leads to a memory leak and ultimately an FPC crash and restart.\n\nThe leak can be monitored by watching the continuous increase of the buffer values in the output of:\n\nuser@host\u003e show chassis fpc \nThis issue affects Junos OS on\u00a0EX4100 Series and EX4400:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S7,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2.",
  "id": "GHSA-2xj6-hwhm-5m6g",
  "modified": "2026-07-10T00:31:26Z",
  "published": "2026-07-10T00:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57027"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA110087"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2XMC-F6QC-H4H9

Vulnerability from github – Published: 2026-06-24 09:30 – Updated: 2026-07-08 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

tap: fix stack info leak in tap_ioctl() SIOCGIFHWADDR

In the SIOCGIFHWADDR path, tap_ioctl() copies 16 bytes of an uninitialised on-stack struct sockaddr_storage to userspace via ifr_hwaddr, but netif_get_mac_address() only writes sa_family and dev->addr_len (6 for Ethernet) bytes, leaving sa_data[6..13] uninitialised.

Those 8 trailing bytes leak kernel stack contents; SIOCGIFHWADDR on a macvtap chardev returns kernel .text and direct-map pointers, defeating KASLR.

Initialise ss at declaration.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-52937"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-24T08:16:23Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntap: fix stack info leak in tap_ioctl() SIOCGIFHWADDR\n\nIn the SIOCGIFHWADDR path, tap_ioctl() copies 16 bytes of an\nuninitialised on-stack struct sockaddr_storage to userspace via\nifr_hwaddr, but netif_get_mac_address() only writes sa_family and\ndev-\u003eaddr_len (6 for Ethernet) bytes, leaving sa_data[6..13] uninitialised.\n\nThose 8 trailing bytes leak kernel stack contents; SIOCGIFHWADDR on a\nmacvtap chardev returns kernel .text and direct-map pointers, defeating\nKASLR.\n\nInitialise ss at declaration.",
  "id": "GHSA-2xmc-f6qc-h4h9",
  "modified": "2026-07-08T21:30:22Z",
  "published": "2026-06-24T09:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52937"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/05305e832be7b9d65b2b72caacf7d850b3942b2a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/719007c3492f0f1f9e9cdbed8ac45ba45bb13eeb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bddc09212c24934643bd44fc794748d2bbb3b6cd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2XR8-28CV-28VV

Vulnerability from github – Published: 2022-05-13 01:09 – Updated: 2022-05-13 01:09
VLAI
Details

A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-8980"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-21T05:29:00Z",
    "severity": "HIGH"
  },
  "details": "A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.",
  "id": "GHSA-2xr8-28cv-28vv",
  "modified": "2022-05-13T01:09:55Z",
  "published": "2022-05-13T01:09:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8980"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K56480726"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3930-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3930-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3931-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3931-2"
    },
    {
      "type": "WEB",
      "url": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935698.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935705.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/107120"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2XXJ-GWFX-RR2C

Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2025-01-07 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

calipso: fix memory leak in netlbl_calipso_add_pass()

If IPv6 support is disabled at boot (ipv6.disable=1), the calipso_init() -> netlbl_calipso_ops_register() function isn't called, and the netlbl_calipso_ops_get() function always returns NULL. In this case, the netlbl_calipso_add_pass() function allocates memory for the doi_def variable but doesn't free it with the calipso_doi_free().

BUG: memory leak unreferenced object 0xffff888011d68180 (size 64): comm "syz-executor.1", pid 10746, jiffies 4295410986 (age 17.928s) hex dump (first 32 bytes): 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<...>] kmalloc include/linux/slab.h:552 [inline] [<...>] netlbl_calipso_add_pass net/netlabel/netlabel_calipso.c:76 [inline] [<...>] netlbl_calipso_add+0x22e/0x4f0 net/netlabel/netlabel_calipso.c:111 [<...>] genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739 [<...>] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] [<...>] genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800 [<...>] netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2515 [<...>] genl_rcv+0x29/0x40 net/netlink/genetlink.c:811 [<...>] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] [<...>] netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1339 [<...>] netlink_sendmsg+0x90a/0xdf0 net/netlink/af_netlink.c:1934 [<...>] sock_sendmsg_nosec net/socket.c:651 [inline] [<...>] sock_sendmsg+0x157/0x190 net/socket.c:671 [<...>] _syssendmsg+0x712/0x870 net/socket.c:2342 [<...>] _sys_sendmsg+0xf8/0x170 net/socket.c:2396 [<...>] __sys_sendmsg+0xea/0x1b0 net/socket.c:2429 [<...>] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46 [<...>] entry_SYSCALL_64_after_hwframe+0x61/0xc6

Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller

[PM: merged via the LSM tree at Jakub Kicinski request]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52698"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T15:15:20Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncalipso: fix memory leak in netlbl_calipso_add_pass()\n\nIf IPv6 support is disabled at boot (ipv6.disable=1),\nthe calipso_init() -\u003e netlbl_calipso_ops_register() function isn\u0027t called,\nand the netlbl_calipso_ops_get() function always returns NULL.\nIn this case, the netlbl_calipso_add_pass() function allocates memory\nfor the doi_def variable but doesn\u0027t free it with the calipso_doi_free().\n\nBUG: memory leak\nunreferenced object 0xffff888011d68180 (size 64):\n  comm \"syz-executor.1\", pid 10746, jiffies 4295410986 (age 17.928s)\n  hex dump (first 32 bytes):\n    00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [\u003c...\u003e] kmalloc include/linux/slab.h:552 [inline]\n    [\u003c...\u003e] netlbl_calipso_add_pass net/netlabel/netlabel_calipso.c:76 [inline]\n    [\u003c...\u003e] netlbl_calipso_add+0x22e/0x4f0 net/netlabel/netlabel_calipso.c:111\n    [\u003c...\u003e] genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739\n    [\u003c...\u003e] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n    [\u003c...\u003e] genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800\n    [\u003c...\u003e] netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2515\n    [\u003c...\u003e] genl_rcv+0x29/0x40 net/netlink/genetlink.c:811\n    [\u003c...\u003e] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n    [\u003c...\u003e] netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1339\n    [\u003c...\u003e] netlink_sendmsg+0x90a/0xdf0 net/netlink/af_netlink.c:1934\n    [\u003c...\u003e] sock_sendmsg_nosec net/socket.c:651 [inline]\n    [\u003c...\u003e] sock_sendmsg+0x157/0x190 net/socket.c:671\n    [\u003c...\u003e] ____sys_sendmsg+0x712/0x870 net/socket.c:2342\n    [\u003c...\u003e] ___sys_sendmsg+0xf8/0x170 net/socket.c:2396\n    [\u003c...\u003e] __sys_sendmsg+0xea/0x1b0 net/socket.c:2429\n    [\u003c...\u003e] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n    [\u003c...\u003e] entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with Syzkaller\n\n[PM: merged via the LSM tree at Jakub Kicinski request]",
  "id": "GHSA-2xxj-gwfx-rr2c",
  "modified": "2025-01-07T21:30:54Z",
  "published": "2024-05-17T15:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52698"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/321b3a5592c8a9d6b654c7c64833ea67dbb33149"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/36e19f84634aaa94f543fedc0a07588949638d53"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/408bbd1e1746fe33e51f4c81c2febd7d3841d031"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/44a88650ba55e6a7f2ec485d2c2413ba7e216f01"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9a8f811a146aa2a0230f8edb2e9f4b6609aab8da"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a4529a08d3704c17ea9c7277d180e46b99250ded"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ec4e9d630a64df500641892f4e259e8149594a99"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f14d36e6e97fe935a20e0ceb159c100f90b6627c"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3252-JGXW-QHMV

Vulnerability from github – Published: 2024-09-11 18:31 – Updated: 2024-09-11 18:31
VLAI
Details

A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device.

This vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to exhaust the incoming UDP packet memory. The affected device would not be able to process higher-level UDP-based protocols packets, possibly causing a denial of service (DoS) condition. Note: This vulnerability can be exploited using IPv4 or IPv6.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20304"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-11T17:15:11Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device.\n\nThis vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to exhaust the incoming UDP packet memory. The affected device would not be able to process higher-level UDP-based protocols packets, possibly causing a denial of service (DoS) condition.\nNote: This vulnerability can be exploited using IPv4 or IPv6.",
  "id": "GHSA-3252-jgxw-qhmv",
  "modified": "2024-09-11T18:31:07Z",
  "published": "2024-09-11T18:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20304"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pak-mem-exhst-3ke9FeFy"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.