Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-434P-VVGH-4RF9

Vulnerability from github – Published: 2026-05-01 15:30 – Updated: 2026-05-08 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: misc: usbio: Fix URB memory leak on submit failure

When usb_submit_urb() fails in usbio_probe(), the previously allocated URB is never freed, causing a memory leak.

Fix this by jumping to err_free_urb label to properly release the URB on the error path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31757"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-01T15:16:38Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: misc: usbio: Fix URB memory leak on submit failure\n\nWhen usb_submit_urb() fails in usbio_probe(), the previously allocated\nURB is never freed, causing a memory leak.\n\nFix this by jumping to err_free_urb label to properly release the URB\non the error path.",
  "id": "GHSA-434p-vvgh-4rf9",
  "modified": "2026-05-08T18:31:25Z",
  "published": "2026-05-01T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31757"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1762dc43b983d321180582afba4a0c5185fae04c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/33cfe0709b6bf1a7f1a16d5e8d65d003a71b6a21"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/65ff09f48b0e72e4049096a989723406aabcf091"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-449V-6J3R-MXHJ

Vulnerability from github – Published: 2025-06-23 03:30 – Updated: 2025-06-23 03:30
VLAI
Details

A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6498"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-23T02:15:20Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-449v-6j3r-mxhj",
  "modified": "2025-06-23T03:30:30Z",
  "published": "2025-06-23T03:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6498"
    },
    {
      "type": "WEB",
      "url": "https://github.com/htacg/tidy-html5/issues/1152"
    },
    {
      "type": "WEB",
      "url": "https://github.com/user-attachments/files/20438303/tidy-html5_crash_3.txt"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.313614"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.313614"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.601009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-44FP-W29J-9VJ5

Vulnerability from github – Published: 2025-05-19 22:04 – Updated: 2025-05-19 22:04
VLAI
Summary
Multer vulnerable to Denial of Service via memory leaks from unclosed streams
Details

Impact

Multer <2.0.0 is vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal busboy stream is not closed, violating Node.js stream safety guidance.

This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted.

Patches

Users should upgrade to 2.0.0

Workarounds

None

References

  • https://github.com/expressjs/multer/pull/1120
  • https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "multer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-47935"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-19T22:04:17Z",
    "nvd_published_at": "2025-05-19T20:15:25Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nMulter \u003c2.0.0 is vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance.\n\nThis leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted.\n\n\n### Patches\n\nUsers should upgrade to `2.0.0`\n\n\n### Workarounds\n\nNone\n\n### References\n\n- https://github.com/expressjs/multer/pull/1120\n- https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665",
  "id": "GHSA-44fp-w29j-9vj5",
  "modified": "2025-05-19T22:04:17Z",
  "published": "2025-05-19T22:04:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47935"
    },
    {
      "type": "WEB",
      "url": "https://github.com/expressjs/multer/pull/1120"
    },
    {
      "type": "WEB",
      "url": "https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/expressjs/multer"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Multer vulnerable to Denial of Service via memory leaks from unclosed streams"
}

GHSA-44G3-HWMH-JX63

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-03 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

watchdog: Fix kmemleak in watchdog_cdev_register

kmemleak reports memory leaks in watchdog_dev_register, as follows: unreferenced object 0xffff888116233000 (size 2048): comm ""modprobe"", pid 28147, jiffies 4353426116 (age 61.741s) hex dump (first 32 bytes): 80 fa b9 05 81 88 ff ff 08 30 23 16 81 88 ff ff .........0#..... 08 30 23 16 81 88 ff ff 00 00 00 00 00 00 00 00 .0#............. backtrace: [<000000007f001ffd>] __kmem_cache_alloc_node+0x157/0x220 [<000000006a389304>] kmalloc_trace+0x21/0x110 [<000000008d640eea>] watchdog_dev_register+0x4e/0x780 [watchdog] [<0000000053c9f248>] __watchdog_register_device+0x4f0/0x680 [watchdog] [<00000000b2979824>] watchdog_register_device+0xd2/0x110 [watchdog] [<000000001f730178>] 0xffffffffc10880ae [<000000007a1a8bcc>] do_one_initcall+0xcb/0x4d0 [<00000000b98be325>] do_init_module+0x1ca/0x5f0 [<0000000046d08e7c>] load_module+0x6133/0x70f0 ...

unreferenced object 0xffff888105b9fa80 (size 16): comm ""modprobe"", pid 28147, jiffies 4353426116 (age 61.741s) hex dump (first 16 bytes): 77 61 74 63 68 64 6f 67 31 00 b9 05 81 88 ff ff watchdog1....... backtrace: [<000000007f001ffd>] __kmem_cache_alloc_node+0x157/0x220 [<00000000486ab89b>] __kmalloc_node_track_caller+0x44/0x1b0 [<000000005a39aab0>] kvasprintf+0xb5/0x140 [<0000000024806f85>] kvasprintf_const+0x55/0x180 [<000000009276cb7f>] kobject_set_name_vargs+0x56/0x150 [<00000000a92e820b>] dev_set_name+0xab/0xe0 [<00000000cec812c6>] watchdog_dev_register+0x285/0x780 [watchdog] [<0000000053c9f248>] __watchdog_register_device+0x4f0/0x680 [watchdog] [<00000000b2979824>] watchdog_register_device+0xd2/0x110 [watchdog] [<000000001f730178>] 0xffffffffc10880ae [<000000007a1a8bcc>] do_one_initcall+0xcb/0x4d0 [<00000000b98be325>] do_init_module+0x1ca/0x5f0 [<0000000046d08e7c>] load_module+0x6133/0x70f0 ...

The reason is that put_device is not be called if cdev_device_add fails and wdd->id != 0.

watchdog_cdev_register wd_data = kzalloc [1] err = dev_set_name [2] .. err = cdev_device_add if (err) { if (wdd->id == 0) { // wdd->id != 0 .. } return err; // [1],[2] would be leaked

To fix it, call put_device in all wdd->id cases.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53234"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:50Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: Fix kmemleak in watchdog_cdev_register\n\nkmemleak reports memory leaks in watchdog_dev_register, as follows:\nunreferenced object 0xffff888116233000 (size 2048):\n  comm \"\"modprobe\"\", pid 28147, jiffies 4353426116 (age 61.741s)\n  hex dump (first 32 bytes):\n    80 fa b9 05 81 88 ff ff 08 30 23 16 81 88 ff ff  .........0#.....\n    08 30 23 16 81 88 ff ff 00 00 00 00 00 00 00 00  .0#.............\n  backtrace:\n    [\u003c000000007f001ffd\u003e] __kmem_cache_alloc_node+0x157/0x220\n    [\u003c000000006a389304\u003e] kmalloc_trace+0x21/0x110\n    [\u003c000000008d640eea\u003e] watchdog_dev_register+0x4e/0x780 [watchdog]\n    [\u003c0000000053c9f248\u003e] __watchdog_register_device+0x4f0/0x680 [watchdog]\n    [\u003c00000000b2979824\u003e] watchdog_register_device+0xd2/0x110 [watchdog]\n    [\u003c000000001f730178\u003e] 0xffffffffc10880ae\n    [\u003c000000007a1a8bcc\u003e] do_one_initcall+0xcb/0x4d0\n    [\u003c00000000b98be325\u003e] do_init_module+0x1ca/0x5f0\n    [\u003c0000000046d08e7c\u003e] load_module+0x6133/0x70f0\n    ...\n\nunreferenced object 0xffff888105b9fa80 (size 16):\n  comm \"\"modprobe\"\", pid 28147, jiffies 4353426116 (age 61.741s)\n  hex dump (first 16 bytes):\n    77 61 74 63 68 64 6f 67 31 00 b9 05 81 88 ff ff  watchdog1.......\n  backtrace:\n    [\u003c000000007f001ffd\u003e] __kmem_cache_alloc_node+0x157/0x220\n    [\u003c00000000486ab89b\u003e] __kmalloc_node_track_caller+0x44/0x1b0\n    [\u003c000000005a39aab0\u003e] kvasprintf+0xb5/0x140\n    [\u003c0000000024806f85\u003e] kvasprintf_const+0x55/0x180\n    [\u003c000000009276cb7f\u003e] kobject_set_name_vargs+0x56/0x150\n    [\u003c00000000a92e820b\u003e] dev_set_name+0xab/0xe0\n    [\u003c00000000cec812c6\u003e] watchdog_dev_register+0x285/0x780 [watchdog]\n    [\u003c0000000053c9f248\u003e] __watchdog_register_device+0x4f0/0x680 [watchdog]\n    [\u003c00000000b2979824\u003e] watchdog_register_device+0xd2/0x110 [watchdog]\n    [\u003c000000001f730178\u003e] 0xffffffffc10880ae\n    [\u003c000000007a1a8bcc\u003e] do_one_initcall+0xcb/0x4d0\n    [\u003c00000000b98be325\u003e] do_init_module+0x1ca/0x5f0\n    [\u003c0000000046d08e7c\u003e] load_module+0x6133/0x70f0\n    ...\n\nThe reason is that put_device is not be called if cdev_device_add fails\nand wdd-\u003eid != 0.\n\nwatchdog_cdev_register\n  wd_data = kzalloc                             [1]\n  err = dev_set_name                            [2]\n  ..\n  err = cdev_device_add\n  if (err) {\n    if (wdd-\u003eid == 0) {  // wdd-\u003eid != 0\n      ..\n    }\n    return err;  // [1],[2] would be leaked\n\nTo fix it, call put_device in all wdd-\u003eid cases.",
  "id": "GHSA-44g3-hwmh-jx63",
  "modified": "2025-12-03T21:30:59Z",
  "published": "2025-09-15T15:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53234"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/13721a2ac66b246f5802ba1b75ad8637e53eeecc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/23cc41c3f19c4d858c3708f1c0a06e94958e6c3b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/50808d034e199fe3ff7a9d2068a4eebeb6b4098a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/59e391b3fc507a15b7e8e9d9f4de87cae177c366"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8c1655600f4f2839fb844fe8c70b2b65fadc7a56"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ac099d94e0480c937aa9172ab64074981ca1a4d3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bf26b0e430ce34261f45959989edaf680b64d538"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c5a21a5501508ae3afa2fe6d5a3e74a37fa48df3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-45HW-XGGF-P88G

Vulnerability from github – Published: 2026-04-03 18:31 – Updated: 2026-05-20 15:35
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()

In mpfs_sys_controller_probe(), if of_get_mtd_device_by_node() fails, the function returns immediately without freeing the allocated memory for sys_controller, leading to a memory leak.

Fix this by jumping to the out_free label to ensure the memory is properly freed.

Also, consolidate the error handling for the mbox_request_channel() failure case to use the same label.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23464"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-03T16:16:33Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()\n\nIn mpfs_sys_controller_probe(), if of_get_mtd_device_by_node() fails,\nthe function returns immediately without freeing the allocated memory\nfor sys_controller, leading to a memory leak.\n\nFix this by jumping to the out_free label to ensure the memory is\nproperly freed.\n\nAlso, consolidate the error handling for the mbox_request_channel()\nfailure case to use the same label.",
  "id": "GHSA-45hw-xggf-p88g",
  "modified": "2026-05-20T15:35:21Z",
  "published": "2026-04-03T18:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23464"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/17c84fb7cf3971cc621646185d785670e9530ca1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a741f8cc6fe62542f955cd8d24933a1b6589cbd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/da4b44c42f40501db35f5d0a6243708a061490a0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e3dd5cffba07de6574165a72851471cd42cc6d15"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-45VC-784V-VP78

Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-12-02 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow

When an invalid stc_type is provided, the function allocates memory for shared_stc but jumps to unlock_and_out without freeing it, causing a memory leak.

Fix by jumping to free_shared_stc label instead to ensure proper cleanup.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-39834"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T14:15:51Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow\n\nWhen an invalid stc_type is provided, the function allocates memory for\nshared_stc but jumps to unlock_and_out without freeing it, causing a\nmemory leak.\n\nFix by jumping to free_shared_stc label instead to ensure proper cleanup.",
  "id": "GHSA-45vc-784v-vp78",
  "modified": "2025-12-02T00:31:10Z",
  "published": "2025-09-16T15:32:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39834"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/051fd8576a2e4e95d5870c5c9f8679c5b16882e4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a630f83592cdad1253523a1b760cfe78fef6cd9c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-46FR-3C87-QQ5V

Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Fix memory leak when a wq is reset

idxd_wq_disable_cleanup() which is called from the reset path for a workqueue, sets the wq type to NONE, which for other parts of the driver mean that the wq is empty (all its resources were released).

Only set the wq type to NONE after its resources are released.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31441"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-22T14:16:37Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix memory leak when a wq is reset\n\nidxd_wq_disable_cleanup() which is called from the reset path for a\nworkqueue, sets the wq type to NONE, which for other parts of the\ndriver mean that the wq is empty (all its resources were released).\n\nOnly set the wq type to NONE after its resources are released.",
  "id": "GHSA-46fr-3c87-qq5v",
  "modified": "2026-07-14T15:31:51Z",
  "published": "2026-04-22T15:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31441"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0c3d3ac57e3c52b570b8c695903306bff07e04c8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/39c1504e0e76bcfb93991fd94288a83e05d13b51"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/54d77cc0c40ca2f894859dc7b3c52997574f1a2a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a16098a2f0c11ee5e04e23aa7478ca1fcfb0f658"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a9e7815d38629bcf59d3005001f1f315424a58de"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d9cfb5193a047a92a4d3c0e91ea4cc87c8f7c478"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-46G4-87Q8-H7HC

Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22
VLAI
Details

An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-6458"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-16T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a.",
  "id": "GHSA-46g4-87q8-h7hc",
  "modified": "2022-05-13T01:22:42Z",
  "published": "2022-05-13T01:22:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6458"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TeamSeri0us/pocs/tree/master/recutils"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-46Q9-G5HQ-XPGM

Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-23 03:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

blk-mq: fix possible memleak when register 'hctx' failed

There's issue as follows when do fault injection test: unreferenced object 0xffff888132a9f400 (size 512): comm "insmod", pid 308021, jiffies 4324277909 (age 509.733s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 08 f4 a9 32 81 88 ff ff ...........2.... 08 f4 a9 32 81 88 ff ff 00 00 00 00 00 00 00 00 ...2............ backtrace: [<00000000e8952bb4>] kmalloc_node_trace+0x22/0xa0 [<00000000f9980e0f>] blk_mq_alloc_and_init_hctx+0x3f1/0x7e0 [<000000002e719efa>] blk_mq_realloc_hw_ctxs+0x1e6/0x230 [<000000004f1fda40>] blk_mq_init_allocated_queue+0x27e/0x910 [<00000000287123ec>] __blk_mq_alloc_disk+0x67/0xf0 [<00000000a2a34657>] 0xffffffffa2ad310f [<00000000b173f718>] 0xffffffffa2af824a [<0000000095a1dabb>] do_one_initcall+0x87/0x2a0 [<00000000f32fdf93>] do_init_module+0xdf/0x320 [<00000000cbe8541e>] load_module+0x3006/0x3390 [<0000000069ed1bdb>] __do_sys_finit_module+0x113/0x1b0 [<00000000a1a29ae8>] do_syscall_64+0x35/0x80 [<000000009cd878b0>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

Fault injection context as follows: kobject_add blk_mq_register_hctx blk_mq_sysfs_register blk_register_queue device_add_disk null_add_dev.part.0 [null_blk]

As 'blk_mq_register_hctx' may already add some objects when failed halfway, but there isn't do fallback, caller don't know which objects add failed. To solve above issue just do fallback when add objects failed halfway in 'blk_mq_register_hctx'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50434"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T12:15:35Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix possible memleak when register \u0027hctx\u0027 failed\n\nThere\u0027s issue as follows when do fault injection test:\nunreferenced object 0xffff888132a9f400 (size 512):\n  comm \"insmod\", pid 308021, jiffies 4324277909 (age 509.733s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 08 f4 a9 32 81 88 ff ff  ...........2....\n    08 f4 a9 32 81 88 ff ff 00 00 00 00 00 00 00 00  ...2............\n  backtrace:\n    [\u003c00000000e8952bb4\u003e] kmalloc_node_trace+0x22/0xa0\n    [\u003c00000000f9980e0f\u003e] blk_mq_alloc_and_init_hctx+0x3f1/0x7e0\n    [\u003c000000002e719efa\u003e] blk_mq_realloc_hw_ctxs+0x1e6/0x230\n    [\u003c000000004f1fda40\u003e] blk_mq_init_allocated_queue+0x27e/0x910\n    [\u003c00000000287123ec\u003e] __blk_mq_alloc_disk+0x67/0xf0\n    [\u003c00000000a2a34657\u003e] 0xffffffffa2ad310f\n    [\u003c00000000b173f718\u003e] 0xffffffffa2af824a\n    [\u003c0000000095a1dabb\u003e] do_one_initcall+0x87/0x2a0\n    [\u003c00000000f32fdf93\u003e] do_init_module+0xdf/0x320\n    [\u003c00000000cbe8541e\u003e] load_module+0x3006/0x3390\n    [\u003c0000000069ed1bdb\u003e] __do_sys_finit_module+0x113/0x1b0\n    [\u003c00000000a1a29ae8\u003e] do_syscall_64+0x35/0x80\n    [\u003c000000009cd878b0\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nFault injection context as follows:\n kobject_add\n blk_mq_register_hctx\n blk_mq_sysfs_register\n blk_register_queue\n device_add_disk\n null_add_dev.part.0 [null_blk]\n\nAs \u0027blk_mq_register_hctx\u0027 may already add some objects when failed halfway,\nbut there isn\u0027t do fallback, caller don\u0027t know which objects add failed.\nTo solve above issue just do fallback when add objects failed halfway in\n\u0027blk_mq_register_hctx\u0027.",
  "id": "GHSA-46q9-g5hq-xpgm",
  "modified": "2026-01-23T03:30:29Z",
  "published": "2025-10-01T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50434"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/02bc8bc6eab03c84373281b85cb6e98747172ff7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/33e8a3f61814ea30615d0fafaf50477975d6c1ca"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4b7a21c57b14fbcd0e1729150189e5933f5088e9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4b7fafa5f39b15c3a6ca3b95e534d05d6904cc95"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/654870789c3c1b9763316ef1c71d7a449127b175"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/87fd18016a47ea8ae12641377a390172c4aa97a7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cb186eb47fb9dd327bdefa15f0c5fc55c53a40dd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e8022da1fa2fdf2fa204b445dd3354e7a66d085a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eff45bfbc25a2509a6362dea6e699e14083c693c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-46VM-5748-8G36

Vulnerability from github – Published: 2025-03-12 00:31 – Updated: 2025-04-10 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

vlan: fix memory leak in vlan_newlink()

Blamed commit added back a bug I fixed in commit 9bbd917e0bec ("vlan: fix memory leak in vlan_dev_set_egress_priority")

If a memory allocation fails in vlan_changelink() after other allocations succeeded, we need to call vlan_dev_free_egress_priority() to free all allocated memory because after a failed ->newlink() we do not call any methods like ndo_uninit() or dev->priv_destructor().

In following example, if the allocation for last element 2000:2001 fails, we need to free eight prior allocations:

ip link add link dummy0 dummy0.100 type vlan id 100 \ egress-qos-map 1:2 2:3 3:4 4:5 5:6 6:7 7:8 8:9 2000:2001

syzbot report was:

BUG: memory leak unreferenced object 0xffff888117bd1060 (size 32): comm "syz-executor408", pid 3759, jiffies 4294956555 (age 34.090s) hex dump (first 32 bytes): 09 00 00 00 00 a0 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kmalloc include/linux/slab.h:600 [inline] [] vlan_dev_set_egress_priority+0xed/0x170 net/8021q/vlan_dev.c:193 [] vlan_changelink+0x178/0x1d0 net/8021q/vlan_netlink.c:128 [] vlan_newlink+0x148/0x260 net/8021q/vlan_netlink.c:185 [] rtnl_newlink_create net/core/rtnetlink.c:3363 [inline] [] __rtnl_newlink+0xa58/0xdc0 net/core/rtnetlink.c:3580 [] rtnl_newlink+0x49/0x70 net/core/rtnetlink.c:3593 [] rtnetlink_rcv_msg+0x21c/0x5c0 net/core/rtnetlink.c:6089 [] netlink_rcv_skb+0x87/0x1d0 net/netlink/af_netlink.c:2501 [] netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] [] netlink_unicast+0x397/0x4c0 net/netlink/af_netlink.c:1345 [] netlink_sendmsg+0x396/0x710 net/netlink/af_netlink.c:1921 [] sock_sendmsg_nosec net/socket.c:714 [inline] [] sock_sendmsg+0x56/0x80 net/socket.c:734 [] _syssendmsg+0x36c/0x390 net/socket.c:2488 [] _sys_sendmsg+0x8b/0xd0 net/socket.c:2542 [] __sys_sendmsg net/socket.c:2571 [inline] [] __do_sys_sendmsg net/socket.c:2580 [inline] [] __se_sys_sendmsg net/socket.c:2578 [inline] [] __x64_sys_sendmsg+0x78/0xf0 net/socket.c:2578 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x46/0xb0

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49636"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:38Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvlan: fix memory leak in vlan_newlink()\n\nBlamed commit added back a bug I fixed in commit 9bbd917e0bec\n(\"vlan: fix memory leak in vlan_dev_set_egress_priority\")\n\nIf a memory allocation fails in vlan_changelink() after other allocations\nsucceeded, we need to call vlan_dev_free_egress_priority()\nto free all allocated memory because after a failed -\u003enewlink()\nwe do not call any methods like ndo_uninit() or dev-\u003epriv_destructor().\n\nIn following example, if the allocation for last element 2000:2001 fails,\nwe need to free eight prior allocations:\n\nip link add link dummy0 dummy0.100 type vlan id 100 \\\n\tegress-qos-map 1:2 2:3 3:4 4:5 5:6 6:7 7:8 8:9 2000:2001\n\nsyzbot report was:\n\nBUG: memory leak\nunreferenced object 0xffff888117bd1060 (size 32):\ncomm \"syz-executor408\", pid 3759, jiffies 4294956555 (age 34.090s)\nhex dump (first 32 bytes):\n09 00 00 00 00 a0 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace:\n[\u003cffffffff83fc60ad\u003e] kmalloc include/linux/slab.h:600 [inline]\n[\u003cffffffff83fc60ad\u003e] vlan_dev_set_egress_priority+0xed/0x170 net/8021q/vlan_dev.c:193\n[\u003cffffffff83fc6628\u003e] vlan_changelink+0x178/0x1d0 net/8021q/vlan_netlink.c:128\n[\u003cffffffff83fc67c8\u003e] vlan_newlink+0x148/0x260 net/8021q/vlan_netlink.c:185\n[\u003cffffffff838b1278\u003e] rtnl_newlink_create net/core/rtnetlink.c:3363 [inline]\n[\u003cffffffff838b1278\u003e] __rtnl_newlink+0xa58/0xdc0 net/core/rtnetlink.c:3580\n[\u003cffffffff838b1629\u003e] rtnl_newlink+0x49/0x70 net/core/rtnetlink.c:3593\n[\u003cffffffff838ac66c\u003e] rtnetlink_rcv_msg+0x21c/0x5c0 net/core/rtnetlink.c:6089\n[\u003cffffffff839f9c37\u003e] netlink_rcv_skb+0x87/0x1d0 net/netlink/af_netlink.c:2501\n[\u003cffffffff839f8da7\u003e] netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n[\u003cffffffff839f8da7\u003e] netlink_unicast+0x397/0x4c0 net/netlink/af_netlink.c:1345\n[\u003cffffffff839f9266\u003e] netlink_sendmsg+0x396/0x710 net/netlink/af_netlink.c:1921\n[\u003cffffffff8384dbf6\u003e] sock_sendmsg_nosec net/socket.c:714 [inline]\n[\u003cffffffff8384dbf6\u003e] sock_sendmsg+0x56/0x80 net/socket.c:734\n[\u003cffffffff8384e15c\u003e] ____sys_sendmsg+0x36c/0x390 net/socket.c:2488\n[\u003cffffffff838523cb\u003e] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2542\n[\u003cffffffff838525b8\u003e] __sys_sendmsg net/socket.c:2571 [inline]\n[\u003cffffffff838525b8\u003e] __do_sys_sendmsg net/socket.c:2580 [inline]\n[\u003cffffffff838525b8\u003e] __se_sys_sendmsg net/socket.c:2578 [inline]\n[\u003cffffffff838525b8\u003e] __x64_sys_sendmsg+0x78/0xf0 net/socket.c:2578\n[\u003cffffffff845ad8d5\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n[\u003cffffffff845ad8d5\u003e] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n[\u003cffffffff8460006a\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0",
  "id": "GHSA-46vm-5748-8g36",
  "modified": "2025-04-10T15:31:41Z",
  "published": "2025-03-12T00:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49636"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4c43069bb1097dd6cc1cf0f7c43a36d1f7b3910b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/549de58dba4bf1b2adc72e9948b9c76fa88be9d2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/72a0b329114b1caa8e69dfa7cdad1dd3c69b8602"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/df27729a4fe0002dfd80c96fe1c142829c672728"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f5dc10b910bdac523e5947336445a77066c51bf9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.