CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-4VRR-7C2M-7WXQ
Vulnerability from github – Published: 2025-03-18 21:31 – Updated: 2025-03-18 21:31In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix some memory leaks in an error handling path of 'log_replay()'
All error handling paths lead to 'out' where many resources are freed.
Do it as well here instead of a direct return, otherwise 'log', 'ra' and 'log->one_page_buf' (at least) will leak.
{
"affected": [],
"aliases": [
"CVE-2021-47660"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T06:37:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix some memory leaks in an error handling path of \u0027log_replay()\u0027\n\nAll error handling paths lead to \u0027out\u0027 where many resources are freed.\n\nDo it as well here instead of a direct return, otherwise \u0027log\u0027, \u0027ra\u0027 and\n\u0027log-\u003eone_page_buf\u0027 (at least) will leak.",
"id": "GHSA-4vrr-7c2m-7wxq",
"modified": "2025-03-18T21:31:58Z",
"published": "2025-03-18T21:31:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47660"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2c97519ed6b4239594c58ddacf3d0d576cf070cc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bc4a1d384a04c6dba9312e1421a9f9f7c03339a4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d8be98ab88250dc12a98efdb703792a537b0eac3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e589f9b7078e1c0191613cd736f598e81d2390de"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4VX7-FJ8P-QPJ9
Vulnerability from github – Published: 2026-02-14 18:30 – Updated: 2026-03-17 21:31In the Linux kernel, the following vulnerability has been resolved:
ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref
The error branch for ext4_xattr_inode_update_ref forget to release the refcount for iloc.bh. Find this when review code.
{
"affected": [],
"aliases": [
"CVE-2026-23145"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-14T16:15:54Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix iloc.bh leak in ext4_xattr_inode_update_ref\n\nThe error branch for ext4_xattr_inode_update_ref forget to release the\nrefcount for iloc.bh. Find this when review code.",
"id": "GHSA-4vx7-fj8p-qpj9",
"modified": "2026-03-17T21:31:41Z",
"published": "2026-02-14T18:30:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23145"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/06e26287f2e349a28ad363941ffd9076bfed8b2e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b06cde92f2f960f4ebe3c988c69f2711f2a24dc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3b00c16e42428a1ecd3a5eb9cc37f8ad9bd47626"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6241cd1d0acc2363016ac55b8773ba1332dd59d7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7c9f059c3d531a12d7ad96cd34a44b8af7c00d5f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8e8542c539927ae3898a4d02941f84e252e2dea1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d250bdf531d9cd4096fedbb9f172bb2ca660c868"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4W3Q-GJ3X-9575
Vulnerability from github – Published: 2024-09-04 21:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
s390/sclp: Prevent release of buffer in I/O
When a task waiting for completion of a Store Data operation is interrupted, an attempt is made to halt this operation. If this attempt fails due to a hardware or firmware problem, there is a chance that the SCLP facility might store data into buffers referenced by the original operation at a later time.
Handle this situation by not releasing the referenced data buffers if the halt attempt fails. For current use cases, this might result in a leak of few pages of memory in case of a rare hardware/firmware malfunction.
{
"affected": [],
"aliases": [
"CVE-2024-44969"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-04T19:15:31Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Prevent release of buffer in I/O\n\nWhen a task waiting for completion of a Store Data operation is\ninterrupted, an attempt is made to halt this operation. If this attempt\nfails due to a hardware or firmware problem, there is a chance that the\nSCLP facility might store data into buffers referenced by the original\noperation at a later time.\n\nHandle this situation by not releasing the referenced data buffers if\nthe halt attempt fails. For current use cases, this might result in a\nleak of few pages of memory in case of a rare hardware/firmware\nmalfunction.",
"id": "GHSA-4w3q-gj3x-9575",
"modified": "2025-11-04T00:31:21Z",
"published": "2024-09-04T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44969"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4W73-G2F7-3G9H
Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could be seen by executing the "show task memory detail | match policy | match evpn" command multiple times to check if memory (Alloc Blocks value) is increasing. root@device> show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 3330678 79936272 3330678 79936272 root@device> show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 36620255 878886120 36620255 878886120 This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2; 20.1 versions prior to 20.1R1-S4, 20.1R2; Juniper Networks Junos OS Evolved: 19.4 versions; 20.1 versions prior to 20.1R1-S4-EVO, 20.1R2-EVO; 20.2 versions prior to 20.2R1-EVO; This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.
{
"affected": [],
"aliases": [
"CVE-2020-1678"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-16T21:15:00Z",
"severity": "MODERATE"
},
"details": "On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could be seen by executing the \"show task memory detail | match policy | match evpn\" command multiple times to check if memory (Alloc Blocks value) is increasing. root@device\u003e show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 3330678 79936272 3330678 79936272 root@device\u003e show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 36620255 878886120 36620255 878886120 This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2; 20.1 versions prior to 20.1R1-S4, 20.1R2; Juniper Networks Junos OS Evolved: 19.4 versions; 20.1 versions prior to 20.1R1-S4-EVO, 20.1R2-EVO; 20.2 versions prior to 20.2R1-EVO; This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.",
"id": "GHSA-4w73-g2f7-3g9h",
"modified": "2022-05-24T17:30:52Z",
"published": "2022-05-24T17:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1678"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA11075"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4WJ9-54W5-MWM9
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-24 18:32In the Linux kernel, the following vulnerability has been resolved:
crypto: caam - fix netdev memory leak in dpaa2_caam_probe
When commit 0e1a4d427f58 ("crypto: caam: Unembed net_dev structure in dpaa2") converted embedded net_device to dynamically allocated pointers, it added cleanup in dpaa2_dpseci_disable() but missed adding cleanup in dpaa2_dpseci_free() for error paths.
This causes memory leaks when dpaa2_dpseci_dpio_setup() fails during probe due to DPIO devices not being ready yet. The kernel's deferred probe mechanism handles the retry successfully, but the netdevs allocated during the failed probe attempt are never freed, resulting in kmemleak reports showing multiple leaked netdev-related allocations all traced back to dpaa2_caam_probe().
Fix this by preserving the CPU mask of allocated netdevs during setup and using it for cleanup in dpaa2_dpseci_free(). This approach ensures that only the CPUs that actually had netdevs allocated will be cleaned up, avoiding potential issues with CPU hotplug scenarios.
{
"affected": [],
"aliases": [
"CVE-2026-45900"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:04Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: caam - fix netdev memory leak in dpaa2_caam_probe\n\nWhen commit 0e1a4d427f58 (\"crypto: caam: Unembed net_dev structure in\ndpaa2\") converted embedded net_device to dynamically allocated pointers,\nit added cleanup in dpaa2_dpseci_disable() but missed adding cleanup in\ndpaa2_dpseci_free() for error paths.\n\nThis causes memory leaks when dpaa2_dpseci_dpio_setup() fails during probe\ndue to DPIO devices not being ready yet. The kernel\u0027s deferred probe\nmechanism handles the retry successfully, but the netdevs allocated during\nthe failed probe attempt are never freed, resulting in kmemleak reports\nshowing multiple leaked netdev-related allocations all traced back to\ndpaa2_caam_probe().\n\nFix this by preserving the CPU mask of allocated netdevs during setup and\nusing it for cleanup in dpaa2_dpseci_free(). This approach ensures that\nonly the CPUs that actually had netdevs allocated will be cleaned up,\navoiding potential issues with CPU hotplug scenarios.",
"id": "GHSA-4wj9-54w5-mwm9",
"modified": "2026-06-24T18:32:26Z",
"published": "2026-05-27T15:33:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45900"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7d43252b3060b0ba4a192dce5dba85a3f39ffe39"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d5c6f254528caf78d5de7d9646dc21c81d351827"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d7decb572b55d2af33e59e9858fcee5d9ae69175"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e144cce29851610ce9c6eda405ce21118779aa51"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4WPW-HQRW-X8Q2
Vulnerability from github – Published: 2025-10-24 18:30 – Updated: 2025-10-24 18:30In the Linux kernel, the following vulnerability has been resolved:
scsi: ibmvfc: Allocate/free queue resource only during probe/remove
Currently, the sub-queues and event pool resources are allocated/freed for every CRQ connection event such as reset and LPM. This exposes the driver to a couple issues. First the inefficiency of freeing and reallocating memory that can simply be resued after being sanitized. Further, a system under memory pressue runs the risk of allocation failures that could result in a crippled driver. Finally, there is a race window where command submission/compeletion can try to pull/return elements from/to an event pool that is being deleted or already has been deleted due to the lack of host state around freeing/allocating resources. The following is an example of list corruption following a live partition migration (LPM):
Oops: Exception in kernel mode, sig: 5 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries Modules linked in: vfat fat isofs cdrom ext4 mbcache jbd2 nft_counter nft_compat nf_tables nfnetlink rpadlpar_io rpaphp xsk_diag nfsv3 nfs_acl nfs lockd grace fscache netfs rfkill bonding tls sunrpc pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c dm_service_time sd_mod t10_pi sg ibmvfc scsi_transport_fc ibmveth vmx_crypto dm_multipath dm_mirror dm_region_hash dm_log dm_mod ipmi_devintf ipmi_msghandler fuse CPU: 0 PID: 2108 Comm: ibmvfc_0 Kdump: loaded Not tainted 5.14.0-70.9.1.el9_0.ppc64le #1 NIP: c0000000007c4bb0 LR: c0000000007c4bac CTR: 00000000005b9a10 REGS: c00000025c10b760 TRAP: 0700 Not tainted (5.14.0-70.9.1.el9_0.ppc64le) MSR: 800000000282b033 CR: 2800028f XER: 0000000f CFAR: c0000000001f55bc IRQMASK: 0 GPR00: c0000000007c4bac c00000025c10ba00 c000000002a47c00 000000000000004e GPR04: c0000031e3006f88 c0000031e308bd00 c00000025c10b768 0000000000000027 GPR08: 0000000000000000 c0000031e3009dc0 00000031e0eb0000 0000000000000000 GPR12: c0000031e2ffffa8 c000000002dd0000 c000000000187108 c00000020fcee2c0 GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR20: 0000000000000000 0000000000000000 0000000000000000 c008000002f81300 GPR24: 5deadbeef0000100 5deadbeef0000122 c000000263ba6910 c00000024cc88000 GPR28: 000000000000003c c0000002430a0000 c0000002430ac300 000000000000c300 NIP [c0000000007c4bb0] __list_del_entry_valid+0x90/0x100 LR [c0000000007c4bac] __list_del_entry_valid+0x8c/0x100 Call Trace: [c00000025c10ba00] [c0000000007c4bac] __list_del_entry_valid+0x8c/0x100 (unreliable) [c00000025c10ba60] [c008000002f42284] ibmvfc_free_queue+0xec/0x210 [ibmvfc] [c00000025c10bb10] [c008000002f4246c] ibmvfc_deregister_scsi_channel+0xc4/0x160 [ibmvfc] [c00000025c10bba0] [c008000002f42580] ibmvfc_release_sub_crqs+0x78/0x130 [ibmvfc] [c00000025c10bc20] [c008000002f4f6cc] ibmvfc_do_work+0x5c4/0xc70 [ibmvfc] [c00000025c10bce0] [c008000002f4fdec] ibmvfc_work+0x74/0x1e8 [ibmvfc] [c00000025c10bda0] [c0000000001872b8] kthread+0x1b8/0x1c0 [c00000025c10be10] [c00000000000cd64] ret_from_kernel_thread+0x5c/0x64 Instruction dump: 40820034 38600001 38210060 4e800020 7c0802a6 7c641b78 3c62fe7a 7d254b78 3863b590 f8010070 4ba309cd 60000000 <0fe00000> 7c0802a6 3c62fe7a 3863b640 ---[ end trace 11a2b65a92f8b66c ]--- ibmvfc 30000003: Send warning. Receive queue closed, will retry.
Add registration/deregistration helpers that are called instead during connection resets to sanitize and reconfigure the queues.
{
"affected": [],
"aliases": [
"CVE-2022-49701"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:44Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ibmvfc: Allocate/free queue resource only during probe/remove\n\nCurrently, the sub-queues and event pool resources are allocated/freed for\nevery CRQ connection event such as reset and LPM. This exposes the driver\nto a couple issues. First the inefficiency of freeing and reallocating\nmemory that can simply be resued after being sanitized. Further, a system\nunder memory pressue runs the risk of allocation failures that could result\nin a crippled driver. Finally, there is a race window where command\nsubmission/compeletion can try to pull/return elements from/to an event\npool that is being deleted or already has been deleted due to the lack of\nhost state around freeing/allocating resources. The following is an example\nof list corruption following a live partition migration (LPM):\n\nOops: Exception in kernel mode, sig: 5 [#1]\nLE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\nModules linked in: vfat fat isofs cdrom ext4 mbcache jbd2 nft_counter nft_compat nf_tables nfnetlink rpadlpar_io rpaphp xsk_diag nfsv3 nfs_acl nfs lockd grace fscache netfs rfkill bonding tls sunrpc pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c dm_service_time sd_mod t10_pi sg ibmvfc scsi_transport_fc ibmveth vmx_crypto dm_multipath dm_mirror dm_region_hash dm_log dm_mod ipmi_devintf ipmi_msghandler fuse\nCPU: 0 PID: 2108 Comm: ibmvfc_0 Kdump: loaded Not tainted 5.14.0-70.9.1.el9_0.ppc64le #1\nNIP: c0000000007c4bb0 LR: c0000000007c4bac CTR: 00000000005b9a10\nREGS: c00000025c10b760 TRAP: 0700 Not tainted (5.14.0-70.9.1.el9_0.ppc64le)\nMSR: 800000000282b033 \u003cSF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE\u003e CR: 2800028f XER: 0000000f\nCFAR: c0000000001f55bc IRQMASK: 0\n GPR00: c0000000007c4bac c00000025c10ba00 c000000002a47c00 000000000000004e\n GPR04: c0000031e3006f88 c0000031e308bd00 c00000025c10b768 0000000000000027\n GPR08: 0000000000000000 c0000031e3009dc0 00000031e0eb0000 0000000000000000\n GPR12: c0000031e2ffffa8 c000000002dd0000 c000000000187108 c00000020fcee2c0\n GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000\n GPR20: 0000000000000000 0000000000000000 0000000000000000 c008000002f81300\n GPR24: 5deadbeef0000100 5deadbeef0000122 c000000263ba6910 c00000024cc88000\n GPR28: 000000000000003c c0000002430a0000 c0000002430ac300 000000000000c300\nNIP [c0000000007c4bb0] __list_del_entry_valid+0x90/0x100\nLR [c0000000007c4bac] __list_del_entry_valid+0x8c/0x100\nCall Trace:\n[c00000025c10ba00] [c0000000007c4bac] __list_del_entry_valid+0x8c/0x100 (unreliable)\n[c00000025c10ba60] [c008000002f42284] ibmvfc_free_queue+0xec/0x210 [ibmvfc]\n[c00000025c10bb10] [c008000002f4246c] ibmvfc_deregister_scsi_channel+0xc4/0x160 [ibmvfc]\n[c00000025c10bba0] [c008000002f42580] ibmvfc_release_sub_crqs+0x78/0x130 [ibmvfc]\n[c00000025c10bc20] [c008000002f4f6cc] ibmvfc_do_work+0x5c4/0xc70 [ibmvfc]\n[c00000025c10bce0] [c008000002f4fdec] ibmvfc_work+0x74/0x1e8 [ibmvfc]\n[c00000025c10bda0] [c0000000001872b8] kthread+0x1b8/0x1c0\n[c00000025c10be10] [c00000000000cd64] ret_from_kernel_thread+0x5c/0x64\nInstruction dump:\n40820034 38600001 38210060 4e800020 7c0802a6 7c641b78 3c62fe7a 7d254b78\n3863b590 f8010070 4ba309cd 60000000 \u003c0fe00000\u003e 7c0802a6 3c62fe7a 3863b640\n---[ end trace 11a2b65a92f8b66c ]---\nibmvfc 30000003: Send warning. Receive queue closed, will retry.\n\nAdd registration/deregistration helpers that are called instead during\nconnection resets to sanitize and reconfigure the queues.",
"id": "GHSA-4wpw-hqrw-x8q2",
"modified": "2025-10-24T18:30:56Z",
"published": "2025-10-24T18:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49701"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/161ec2a0807ddd58bc0f24f3e1e7e3d4fef5297f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/72ea7fe0db73d65c7d977208842d8ade9b823de9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9f23c499ca601b2a1e1d2e761d03964b739bca0e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4X48-PH6H-WFMF
Vulnerability from github – Published: 2024-12-29 12:30 – Updated: 2025-11-03 21:32In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Several fixes to bpf_msg_pop_data
Several fixes to bpf_msg_pop_data, 1. In sk_msg_shift_left, we should put_page 2. if (len == 0), return early is better 3. pop the entire sk_msg (last == msg->sg.size) should be supported 4. Fix for the value of variable "a" 5. In sk_msg_shift_left, after shifting, i has already pointed to the next element. Addtional sk_msg_iter_var_next may result in BUG.
{
"affected": [],
"aliases": [
"CVE-2024-56720"
],
"database_specific": {
"cwe_ids": [
"CWE-193",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-29T12:15:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG.",
"id": "GHSA-4x48-ph6h-wfmf",
"modified": "2025-11-03T21:32:02Z",
"published": "2024-12-29T12:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56720"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/275a9f3ef8fabb0cb282a62b9e164dedba7284c5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5d609ba262475db450ba69b8e8a557bd768ac07a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/785180bed9879680d8e5c5e1b54c8ae8d948f4c8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/98c7ea7d11f2588e8197db042e0291e4ac8f8346"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d26d977633d1d0b8bf9407278189bd0a8d973323"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d3f5763b3062514a234114e97bbde74d8d702449"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e1f54c61c4c9a5244eb8159dce60d248f7d97b32"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f58d3aa457e77a3d9b3df2ab081dcf9950f6029f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4XC4-5PG7-XRM8
Vulnerability from github – Published: 2024-05-03 15:30 – Updated: 2024-06-03 18:53In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: clean up hook list when offload flags check fails
splice back the hook list so nft_chain_release_hook() has a chance to release the hooks.
BUG: memory leak unreferenced object 0xffff88810180b100 (size 96): comm "syz-executor133", pid 3619, jiffies 4294945714 (age 12.690s) hex dump (first 32 bytes): 28 64 23 02 81 88 ff ff 28 64 23 02 81 88 ff ff (d#.....(d#..... 90 a8 aa 83 ff ff ff ff 00 00 b5 0f 81 88 ff ff ................ backtrace: [] kmalloc include/linux/slab.h:600 [inline] [] nft_netdev_hook_alloc+0x3b/0xc0 net/netfilter/nf_tables_api.c:1901 [] nft_chain_parse_netdev net/netfilter/nf_tables_api.c:1998 [inline] [] nft_chain_parse_hook+0x33a/0x530 net/netfilter/nf_tables_api.c:2073 [] nf_tables_addchain.constprop.0+0x10b/0x950 net/netfilter/nf_tables_api.c:2218 [] nf_tables_newchain+0xa8b/0xc60 net/netfilter/nf_tables_api.c:2593 [] nfnetlink_rcv_batch+0xa46/0xd20 net/netfilter/nfnetlink.c:517 [] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:638 [inline] [] nfnetlink_rcv+0x1f9/0x220 net/netfilter/nfnetlink.c:656 [] netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] [] netlink_unicast+0x397/0x4c0 net/netlink/af_netlink.c:1345 [] netlink_sendmsg+0x396/0x710 net/netlink/af_netlink.c:1921 [] sock_sendmsg_nosec net/socket.c:714 [inline] [] sock_sendmsg+0x56/0x80 net/socket.c:734 [] _syssendmsg+0x36c/0x390 net/socket.c:2482 [] _sys_sendmsg+0xa8/0x110 net/socket.c:2536 [] __sys_sendmsg+0x88/0x100 net/socket.c:2565 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd
{
"affected": [],
"aliases": [
"CVE-2022-48691"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T15:15:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: clean up hook list when offload flags check fails\n\nsplice back the hook list so nft_chain_release_hook() has a chance to\nrelease the hooks.\n\nBUG: memory leak\nunreferenced object 0xffff88810180b100 (size 96):\n comm \"syz-executor133\", pid 3619, jiffies 4294945714 (age 12.690s)\n hex dump (first 32 bytes):\n 28 64 23 02 81 88 ff ff 28 64 23 02 81 88 ff ff (d#.....(d#.....\n 90 a8 aa 83 ff ff ff ff 00 00 b5 0f 81 88 ff ff ................\n backtrace:\n [\u003cffffffff83a8c59b\u003e] kmalloc include/linux/slab.h:600 [inline]\n [\u003cffffffff83a8c59b\u003e] nft_netdev_hook_alloc+0x3b/0xc0 net/netfilter/nf_tables_api.c:1901\n [\u003cffffffff83a9239a\u003e] nft_chain_parse_netdev net/netfilter/nf_tables_api.c:1998 [inline]\n [\u003cffffffff83a9239a\u003e] nft_chain_parse_hook+0x33a/0x530 net/netfilter/nf_tables_api.c:2073\n [\u003cffffffff83a9b14b\u003e] nf_tables_addchain.constprop.0+0x10b/0x950 net/netfilter/nf_tables_api.c:2218\n [\u003cffffffff83a9c41b\u003e] nf_tables_newchain+0xa8b/0xc60 net/netfilter/nf_tables_api.c:2593\n [\u003cffffffff83a3d6a6\u003e] nfnetlink_rcv_batch+0xa46/0xd20 net/netfilter/nfnetlink.c:517\n [\u003cffffffff83a3db79\u003e] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:638 [inline]\n [\u003cffffffff83a3db79\u003e] nfnetlink_rcv+0x1f9/0x220 net/netfilter/nfnetlink.c:656\n [\u003cffffffff83a13b17\u003e] netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n [\u003cffffffff83a13b17\u003e] netlink_unicast+0x397/0x4c0 net/netlink/af_netlink.c:1345\n [\u003cffffffff83a13fd6\u003e] netlink_sendmsg+0x396/0x710 net/netlink/af_netlink.c:1921\n [\u003cffffffff83865ab6\u003e] sock_sendmsg_nosec net/socket.c:714 [inline]\n [\u003cffffffff83865ab6\u003e] sock_sendmsg+0x56/0x80 net/socket.c:734\n [\u003cffffffff8386601c\u003e] ____sys_sendmsg+0x36c/0x390 net/socket.c:2482\n [\u003cffffffff8386a918\u003e] ___sys_sendmsg+0xa8/0x110 net/socket.c:2536\n [\u003cffffffff8386aaa8\u003e] __sys_sendmsg+0x88/0x100 net/socket.c:2565\n [\u003cffffffff845e5955\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n [\u003cffffffff845e5955\u003e] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n [\u003cffffffff84800087\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"id": "GHSA-4xc4-5pg7-xrm8",
"modified": "2024-06-03T18:53:46Z",
"published": "2024-05-03T15:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48691"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1ce55ec5cb7c573c983dffbe290b8d17caf1f157"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/77972a36ecc4db7fc7c68f0e80714263c5f03f65"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/910891a2a44cdc49efcc4fe7459c1085ba00d0f4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/94ed8eeb8d9aeb00e4f4e19b83a2e28b6442fbc5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-528F-9JJM-WRC2
Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2025-01-14 15:30In the Linux kernel, the following vulnerability has been resolved:
media: ir_toy: fix a memleak in irtoy_tx
When irtoy_command fails, buf should be freed since it is allocated by irtoy_tx, or there is a memleak.
{
"affected": [],
"aliases": [
"CVE-2024-26829"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T10:15:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ir_toy: fix a memleak in irtoy_tx\n\nWhen irtoy_command fails, buf should be freed since it is allocated by\nirtoy_tx, or there is a memleak.",
"id": "GHSA-528f-9jjm-wrc2",
"modified": "2025-01-14T15:30:48Z",
"published": "2024-04-17T12:32:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26829"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/207557e393a135c1b6fe1df7cc0741d2c1789fff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/486a4176bc783df798bce2903824801af8d2c3ae"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7219a692ffc00089015ada33b85b334d1a4b6e8e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b37259448bbc70af1d0e52a9dd5559a9c29c9621"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/be76ad74a43f90f340f9f479e6b04f02125f6aef"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dc9ceb90c4b42c6e5c6757df1d6257110433788e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-529P-W982-9F3H
Vulnerability from github – Published: 2025-10-07 18:31 – Updated: 2026-02-04 18:30In the Linux kernel, the following vulnerability has been resolved:
usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
xhci_alloc_stream_info() allocates stream context array for stream_info ->stream_ctx_array with xhci_alloc_stream_ctx(). When some error occurs, stream_info->stream_ctx_array is not released, which will lead to a memory leak.
We can fix it by releasing the stream_info->stream_ctx_array with xhci_free_stream_ctx() on the error path to avoid the potential memory leak.
{
"affected": [],
"aliases": [
"CVE-2022-50544"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-07T16:15:38Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()\n\nxhci_alloc_stream_info() allocates stream context array for stream_info\n-\u003estream_ctx_array with xhci_alloc_stream_ctx(). When some error occurs,\nstream_info-\u003estream_ctx_array is not released, which will lead to a\nmemory leak.\n\nWe can fix it by releasing the stream_info-\u003estream_ctx_array with\nxhci_free_stream_ctx() on the error path to avoid the potential memory\nleak.",
"id": "GHSA-529p-w982-9f3h",
"modified": "2026-02-04T18:30:20Z",
"published": "2025-10-07T18:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50544"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/782c873f8e7686f5b3c47e8b099f7e08c3dd1fdc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7e271f42a5cc3768cd2622b929ba66859ae21f97"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7fc6bab3413e6a42bb1264ff7c9149808c93a4c7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/91271a3e772e180bbb8afb114c72fd294a02f93d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9fa81cbd2dd300aa8fe9bac70e068b9a11cbb144"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a40ad475236022f3432880e3091c380e46e71a71"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ddab9fe76296840aad686c66888a9c1dfdbff5ff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e702de2f5c893bf2cdb0152191f99a6ad1411823"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fcd594da0b5955119d9707e4e0a8d0fb1c969101"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.