CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-37R4-CW3G-GH25
Vulnerability from github – Published: 2022-10-18 12:00 – Updated: 2022-10-18 12:00An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privileged attacker to cause a Denial of Sevice (DoS). In a high-scaled BGP routing environment with rib-sharding enabled, two issues may occur when executing a specific CLI command. One is a memory leak issue with rpd where the leak rate is not constant, and the other is a temporary spike in rpd memory usage during command execution. This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R1-S2-EVO, 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1.
{
"affected": [],
"aliases": [
"CVE-2022-22240"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-18T03:15:00Z",
"severity": "MODERATE"
},
"details": "An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privileged attacker to cause a Denial of Sevice (DoS). In a high-scaled BGP routing environment with rib-sharding enabled, two issues may occur when executing a specific CLI command. One is a memory leak issue with rpd where the leak rate is not constant, and the other is a temporary spike in rpd memory usage during command execution. This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R1-S2-EVO, 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1.",
"id": "GHSA-37r4-cw3g-gh25",
"modified": "2022-10-18T12:00:30Z",
"published": "2022-10-18T12:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22240"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA69896"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3835-QHJH-269W
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-14 18:31In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix possible memory leak in btrfs_get_dev_args_from_path()
In btrfs_get_dev_args_from_path(), btrfs_get_bdev_and_sb() can fail if the path is invalid. In this case, btrfs_get_dev_args_from_path() returns directly without freeing args->uuid and args->fsid allocated before, which causes memory leak.
To fix these possible leaks, when btrfs_get_bdev_and_sb() fails, btrfs_put_dev_args_from_path() is called to clean up the memory.
{
"affected": [],
"aliases": [
"CVE-2022-49996"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix possible memory leak in btrfs_get_dev_args_from_path()\n\nIn btrfs_get_dev_args_from_path(), btrfs_get_bdev_and_sb() can fail if\nthe path is invalid. In this case, btrfs_get_dev_args_from_path()\nreturns directly without freeing args-\u003euuid and args-\u003efsid allocated\nbefore, which causes memory leak.\n\nTo fix these possible leaks, when btrfs_get_bdev_and_sb() fails,\nbtrfs_put_dev_args_from_path() is called to clean up the memory.",
"id": "GHSA-3835-qhjh-269w",
"modified": "2025-11-14T18:31:23Z",
"published": "2025-06-18T12:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49996"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b124ad87244cd7f0883c5eaa38d2326b2154cad"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5f52402c77013e4a826394b807dd5ea4dc83bd72"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9ea0106a7a3d8116860712e3f17cd52ce99f6707"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3884-HC6C-JWPV
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-03 21:30In the Linux kernel, the following vulnerability has been resolved:
orangefs: Fix kmemleak in orangefs_sysfs_init()
When insert and remove the orangefs module, there are kobjects memory leaked as below:
unreferenced object 0xffff88810f95af00 (size 64): comm "insmod", pid 783, jiffies 4294813439 (age 65.512s) hex dump (first 32 bytes): a0 83 af 01 81 88 ff ff 08 af 95 0f 81 88 ff ff ................ 08 af 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000031ab7788>] kmalloc_trace+0x27/0xa0 [<000000005a6e4dfe>] orangefs_sysfs_init+0x42/0x3a0 [<00000000722645ca>] 0xffffffffa02780fe [<000000004232d9f7>] do_one_initcall+0x87/0x2a0 [<0000000054f22384>] do_init_module+0xdf/0x320 [<000000003263bdea>] load_module+0x2f98/0x3330 [<0000000052cd4153>] __do_sys_finit_module+0x113/0x1b0 [<00000000250ae02b>] do_syscall_64+0x35/0x80 [<00000000f11c03c7>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
unreferenced object 0xffff88810f95ae80 (size 64): comm "insmod", pid 783, jiffies 4294813439 (age 65.512s) hex dump (first 32 bytes): c8 90 0f 02 81 88 ff ff 88 ae 95 0f 81 88 ff ff ................ 88 ae 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000031ab7788>] kmalloc_trace+0x27/0xa0 [<000000001a4841fa>] orangefs_sysfs_init+0xc7/0x3a0 [<00000000722645ca>] 0xffffffffa02780fe [<000000004232d9f7>] do_one_initcall+0x87/0x2a0 [<0000000054f22384>] do_init_module+0xdf/0x320 [<000000003263bdea>] load_module+0x2f98/0x3330 [<0000000052cd4153>] __do_sys_finit_module+0x113/0x1b0 [<00000000250ae02b>] do_syscall_64+0x35/0x80 [<00000000f11c03c7>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
unreferenced object 0xffff88810f95ae00 (size 64): comm "insmod", pid 783, jiffies 4294813440 (age 65.511s) hex dump (first 32 bytes): 60 87 a1 00 81 88 ff ff 08 ae 95 0f 81 88 ff ff `............... 08 ae 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000031ab7788>] kmalloc_trace+0x27/0xa0 [<000000005915e797>] orangefs_sysfs_init+0x12b/0x3a0 [<00000000722645ca>] 0xffffffffa02780fe [<000000004232d9f7>] do_one_initcall+0x87/0x2a0 [<0000000054f22384>] do_init_module+0xdf/0x320 [<000000003263bdea>] load_module+0x2f98/0x3330 [<0000000052cd4153>] __do_sys_finit_module+0x113/0x1b0 [<00000000250ae02b>] do_syscall_64+0x35/0x80 [<00000000f11c03c7>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
unreferenced object 0xffff88810f95ad80 (size 64): comm "insmod", pid 783, jiffies 4294813440 (age 65.511s) hex dump (first 32 bytes): 78 90 0f 02 81 88 ff ff 88 ad 95 0f 81 88 ff ff x............... 88 ad 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000031ab7788>] kmalloc_trace+0x27/0xa0 [<000000007a14eb35>] orangefs_sysfs_init+0x1ac/0x3a0 [<00000000722645ca>] 0xffffffffa02780fe [<000000004232d9f7>] do_one_initcall+0x87/0x2a0 [<0000000054f22384>] do_init_module+0xdf/0x320 [<000000003263bdea>] load_module+0x2f98/0x3330 [<0000000052cd4153>] __do_sys_finit_module+0x113/0x1b0 [<00000000250ae02b>] do_syscall_64+0x35/0x80 [<00000000f11c03c7>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
unreferenced object 0xffff88810f95ac00 (size 64): comm "insmod", pid 783, jiffies 4294813440 (age 65.531s) hex dump (first 32 bytes): e0 ff 67 02 81 88 ff ff 08 ac 95 0f 81 88 ff ff ..g............. 08 ac 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000031ab7788>] kmalloc_trace+0x27/0xa0 [<000000001f38adcb>] orangefs_sysfs_init+0x291/0x3a0 [<00000000722645ca>] 0xffffffffa02780fe [<000000004232d9f7>] do_one_initcall+0x87/0x2a0 [<0000000054f22384>] do_init_module+0xdf/0x320 [<000000003263bdea>] load_module+0x2f98/0x3330 [<0000000052cd4153>] __do_sys_finit_module+0x113/0x1b0 [<00000000250ae02b>] do_syscall_64+0x35/ ---truncated---
{
"affected": [],
"aliases": [
"CVE-2022-50316"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T15:15:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: Fix kmemleak in orangefs_sysfs_init()\n\nWhen insert and remove the orangefs module, there are kobjects memory\nleaked as below:\n\nunreferenced object 0xffff88810f95af00 (size 64):\n comm \"insmod\", pid 783, jiffies 4294813439 (age 65.512s)\n hex dump (first 32 bytes):\n a0 83 af 01 81 88 ff ff 08 af 95 0f 81 88 ff ff ................\n 08 af 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000031ab7788\u003e] kmalloc_trace+0x27/0xa0\n [\u003c000000005a6e4dfe\u003e] orangefs_sysfs_init+0x42/0x3a0\n [\u003c00000000722645ca\u003e] 0xffffffffa02780fe\n [\u003c000000004232d9f7\u003e] do_one_initcall+0x87/0x2a0\n [\u003c0000000054f22384\u003e] do_init_module+0xdf/0x320\n [\u003c000000003263bdea\u003e] load_module+0x2f98/0x3330\n [\u003c0000000052cd4153\u003e] __do_sys_finit_module+0x113/0x1b0\n [\u003c00000000250ae02b\u003e] do_syscall_64+0x35/0x80\n [\u003c00000000f11c03c7\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nunreferenced object 0xffff88810f95ae80 (size 64):\n comm \"insmod\", pid 783, jiffies 4294813439 (age 65.512s)\n hex dump (first 32 bytes):\n c8 90 0f 02 81 88 ff ff 88 ae 95 0f 81 88 ff ff ................\n 88 ae 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000031ab7788\u003e] kmalloc_trace+0x27/0xa0\n [\u003c000000001a4841fa\u003e] orangefs_sysfs_init+0xc7/0x3a0\n [\u003c00000000722645ca\u003e] 0xffffffffa02780fe\n [\u003c000000004232d9f7\u003e] do_one_initcall+0x87/0x2a0\n [\u003c0000000054f22384\u003e] do_init_module+0xdf/0x320\n [\u003c000000003263bdea\u003e] load_module+0x2f98/0x3330\n [\u003c0000000052cd4153\u003e] __do_sys_finit_module+0x113/0x1b0\n [\u003c00000000250ae02b\u003e] do_syscall_64+0x35/0x80\n [\u003c00000000f11c03c7\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nunreferenced object 0xffff88810f95ae00 (size 64):\n comm \"insmod\", pid 783, jiffies 4294813440 (age 65.511s)\n hex dump (first 32 bytes):\n 60 87 a1 00 81 88 ff ff 08 ae 95 0f 81 88 ff ff `...............\n 08 ae 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000031ab7788\u003e] kmalloc_trace+0x27/0xa0\n [\u003c000000005915e797\u003e] orangefs_sysfs_init+0x12b/0x3a0\n [\u003c00000000722645ca\u003e] 0xffffffffa02780fe\n [\u003c000000004232d9f7\u003e] do_one_initcall+0x87/0x2a0\n [\u003c0000000054f22384\u003e] do_init_module+0xdf/0x320\n [\u003c000000003263bdea\u003e] load_module+0x2f98/0x3330\n [\u003c0000000052cd4153\u003e] __do_sys_finit_module+0x113/0x1b0\n [\u003c00000000250ae02b\u003e] do_syscall_64+0x35/0x80\n [\u003c00000000f11c03c7\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nunreferenced object 0xffff88810f95ad80 (size 64):\n comm \"insmod\", pid 783, jiffies 4294813440 (age 65.511s)\n hex dump (first 32 bytes):\n 78 90 0f 02 81 88 ff ff 88 ad 95 0f 81 88 ff ff x...............\n 88 ad 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000031ab7788\u003e] kmalloc_trace+0x27/0xa0\n [\u003c000000007a14eb35\u003e] orangefs_sysfs_init+0x1ac/0x3a0\n [\u003c00000000722645ca\u003e] 0xffffffffa02780fe\n [\u003c000000004232d9f7\u003e] do_one_initcall+0x87/0x2a0\n [\u003c0000000054f22384\u003e] do_init_module+0xdf/0x320\n [\u003c000000003263bdea\u003e] load_module+0x2f98/0x3330\n [\u003c0000000052cd4153\u003e] __do_sys_finit_module+0x113/0x1b0\n [\u003c00000000250ae02b\u003e] do_syscall_64+0x35/0x80\n [\u003c00000000f11c03c7\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nunreferenced object 0xffff88810f95ac00 (size 64):\n comm \"insmod\", pid 783, jiffies 4294813440 (age 65.531s)\n hex dump (first 32 bytes):\n e0 ff 67 02 81 88 ff ff 08 ac 95 0f 81 88 ff ff ..g.............\n 08 ac 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000031ab7788\u003e] kmalloc_trace+0x27/0xa0\n [\u003c000000001f38adcb\u003e] orangefs_sysfs_init+0x291/0x3a0\n [\u003c00000000722645ca\u003e] 0xffffffffa02780fe\n [\u003c000000004232d9f7\u003e] do_one_initcall+0x87/0x2a0\n [\u003c0000000054f22384\u003e] do_init_module+0xdf/0x320\n [\u003c000000003263bdea\u003e] load_module+0x2f98/0x3330\n [\u003c0000000052cd4153\u003e] __do_sys_finit_module+0x113/0x1b0\n [\u003c00000000250ae02b\u003e] do_syscall_64+0x35/\n---truncated---",
"id": "GHSA-3884-hc6c-jwpv",
"modified": "2025-12-03T21:30:59Z",
"published": "2025-09-15T15:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50316"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1f2c0e8a587bcafad85019a2d80f158d8d41a868"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/22409490294180c39be7dd0e5b2667d41556307d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9ce4ba7fff5af36da82dc5964221367630621b99"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3886-873F-6XPF
Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-02 21:32In the Linux kernel, the following vulnerability has been resolved:
drm/vc4: fix krealloc() memory leak
Don't just overwrite the original pointer passed to krealloc() with its return value without checking latter:
MEM = krealloc(MEM, SZ, GFP);
If krealloc() returns NULL, that erases the pointer to the still allocated memory, hence leaks this memory. Instead, use a temporary variable, check it's not NULL and only then assign it to the original pointer:
TMP = krealloc(MEM, SZ, GFP);
if (!TMP) return;
MEM = TMP;
While on it, use krealloc_array().
{
"affected": [],
"aliases": [
"CVE-2026-53213"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T09:16:38Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: fix krealloc() memory leak\n\nDon\u0027t just overwrite the original pointer passed to krealloc()\nwith its return value without checking latter:\n\n MEM = krealloc(MEM, SZ, GFP);\n\nIf krealloc() returns NULL, that erases the pointer\nto the still allocated memory, hence leaks this memory.\nInstead, use a temporary variable, check it\u0027s not NULL\nand only then assign it to the original pointer:\n\n TMP = krealloc(MEM, SZ, GFP);\n if (!TMP) return;\n MEM = TMP;\n\nWhile on it, use krealloc_array().",
"id": "GHSA-3886-873f-6xpf",
"modified": "2026-07-02T21:32:05Z",
"published": "2026-06-25T09:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53213"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/02f5e4db57c0cdd7bac89d503b301a093a0fa95c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/30165a09f76eaf34951c818eb5d9d6e4771d76f6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4fc692dc6df5bc777cc1bcebf95179e28594875f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5d563a5da8717629ae72f9eadf1e0e340bd1658b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c034aa0b1ba5f49cbdf8ef193d6ec714d74aac27"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e0ce103e89d61eef70edc1d1ae3bfd4c0aacbc2e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fd87d6966041e33ef7d2e5dc59f9a52b71c6ae5f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-388X-F5QM-FVJG
Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2021-33365"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-13T20:15:00Z",
"severity": "MODERATE"
},
"details": "Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.",
"id": "GHSA-388x-f5qm-fvjg",
"modified": "2022-05-24T19:14:15Z",
"published": "2022-05-24T19:14:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33365"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1784"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/984787de3d414a5f7d43d0b4584d9469dff2a5a5"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5411"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-398V-CX4G-HHXC
Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2025-01-07 18:30In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: msft: Fix memory leak
Fix leaking buffer allocated to send MSFT_OP_LE_MONITOR_ADVERTISEMENT.
{
"affected": [],
"aliases": [
"CVE-2024-26888"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T11:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: msft: Fix memory leak\n\nFix leaking buffer allocated to send MSFT_OP_LE_MONITOR_ADVERTISEMENT.",
"id": "GHSA-398v-cx4g-hhxc",
"modified": "2025-01-07T18:30:42Z",
"published": "2024-04-17T12:32:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26888"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5987b9f7d9314c7411136005b3a52f61a8cc0911"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5cb93417c93716a5404f762f331f5de3653fd952"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/98e9920c75e0790bff947a00d192d24bf1c724e0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a6e06258f4c31eba0fcd503e19828b5f8fe7b08b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-39MW-228P-WR6V
Vulnerability from github – Published: 2025-09-09 12:30 – Updated: 2026-05-19 15:31A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.
{
"affected": [],
"aliases": [
"CVE-2025-8277"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-09T12:15:30Z",
"severity": "LOW"
},
"details": "A flaw was found in libssh\u0027s handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.",
"id": "GHSA-39mw-228p-wr6v",
"modified": "2026-05-19T15:31:19Z",
"published": "2025-09-09T12:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8277"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:18683"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-8277"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383888"
},
{
"type": "WEB",
"url": "https://www.libssh.org/security/advisories/CVE-2025-8277.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-39RF-5F5G-VGX4
Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-08-03 00:00A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information, causing a denial of service.
{
"affected": [],
"aliases": [
"CVE-2022-1651"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-26T17:15:00Z",
"severity": "HIGH"
},
"details": "A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information, causing a denial of service.",
"id": "GHSA-39rf-5f5g-vgx4",
"modified": "2022-08-03T00:00:54Z",
"published": "2022-07-27T00:00:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1651"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecd1735f14d6ac868ae5d8b7a2bf193fa11f388b"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220901-0008"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3C3R-RM96-X7CW
Vulnerability from github – Published: 2025-03-18 21:32 – Updated: 2025-03-18 21:32In the Linux kernel, the following vulnerability has been resolved:
mt76: mt7921s: fix a possible memory leak in mt7921_load_patch
Always release fw data at the end of mt7921_load_patch routine.
{
"affected": [],
"aliases": [
"CVE-2022-49225"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:59Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7921s: fix a possible memory leak in mt7921_load_patch\n\nAlways release fw data at the end of mt7921_load_patch routine.",
"id": "GHSA-3c3r-rm96-x7cw",
"modified": "2025-03-18T21:32:00Z",
"published": "2025-03-18T21:32:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49225"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/11005b18f453aa192d035d410c11d07edcba5a45"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b301043384c5c2447357952be9a536c2026d8ad0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3CCX-358P-C5MM
Vulnerability from github – Published: 2022-08-27 00:00 – Updated: 2022-09-01 00:00A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.
{
"affected": [],
"aliases": [
"CVE-2021-3574"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-26T16:15:00Z",
"severity": "LOW"
},
"details": "A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.",
"id": "GHSA-3ccx-358p-c5mm",
"modified": "2022-09-01T00:00:17Z",
"published": "2022-08-27T00:00:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3574"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/3540"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/c6ad94fbb7b280f39c2fbbdc1c140e51b1b466e9"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick6/commit/cd7f9fb7751b0d59d5a74b12d971155caad5a792"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4Q6MJAMGHGB552KSFTQKXEKJVQNM4MCT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5C6XAGUFPUF4SNVCI2T4OJK3EFIENBGP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNVDNM4ZEIYPT3SLZHPYN7OG4CZLEXZJ"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.