CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-6264-3HHV-77HG
Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2026-05-12 12:31In the Linux kernel, the following vulnerability has been resolved:
wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
In the for statement of lbs_allocate_cmd_buffer(), if the allocation of cmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to be freed. Otherwise, there will be memleaks in lbs_allocate_cmd_buffer().
{
"affected": [],
"aliases": [
"CVE-2024-35828"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T14:15:18Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()\n\nIn the for statement of lbs_allocate_cmd_buffer(), if the allocation of\ncmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to\nbe freed. Otherwise, there will be memleaks in lbs_allocate_cmd_buffer().",
"id": "GHSA-6264-3hhv-77hg",
"modified": "2026-05-12T12:31:47Z",
"published": "2024-05-17T15:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35828"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4d99d267da3415db2124029cb5a6d2d955ca43f9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5f0e4aede01cb01fa633171f0533affd25328c3a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8e243ac649c10922a6b4855170eaefe4c5b3faab"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/96481624fb5a6319079fb5059e46dbce43a90186"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bea9573c795acec5614d4ac2dcc7b3b684cea5bf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d219724d4b0ddb8ec7dfeaed5989f23edabaf591"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/da10f6b7918abd5b4bc5c9cb66f0fc6763ac48f3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e888c4461e109f7b93c3522afcbbaa5a8fdf29d2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f0dd27314c7afe34794c2aa19dd6f2d30eb23bc7"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-62G2-5R5G-GCXP
Vulnerability from github – Published: 2022-05-24 22:00 – Updated: 2022-05-24 22:00ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.
{
"affected": [],
"aliases": [
"CVE-2019-16710"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-23T12:15:00Z",
"severity": "MODERATE"
},
"details": "ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.",
"id": "GHSA-62g2-5r5g-gcxp",
"modified": "2022-05-24T22:00:41Z",
"published": "2022-05-24T22:00:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16710"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/1528"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4192-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4712"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-62G2-8MJ9-VF3F
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-13 21:31In the Linux kernel, the following vulnerability has been resolved:
memory: mtk-smi: fix device leak on larb probe
Make sure to drop the reference taken when looking up the SMI device during larb probe on late probe failure (e.g. probe deferral) and on driver unbind.
{
"affected": [],
"aliases": [
"CVE-2025-71287"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T12:16:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: mtk-smi: fix device leak on larb probe\n\nMake sure to drop the reference taken when looking up the SMI device\nduring larb probe on late probe failure (e.g. probe deferral) and on\ndriver unbind.",
"id": "GHSA-62g2-8mj9-vf3f",
"modified": "2026-05-13T21:31:56Z",
"published": "2026-05-06T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71287"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/04057b86fdac3d4847913a97dc6552c0bff9b85e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1288bb394d464975cea18f69940f206e235e0fe7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1f23a48ff2b8ab47e514f7c84a4b1dbf9b848168"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/357e16a7fc9c1fef2ea37dce9bb6b9bcb1d1687d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9dae65913b32d05dbc8ff4b8a6bf04a0e49a8eb6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b9eccd59697f7e1cb9a714501d9af826e7f7e073"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f69535b77fa0518ad39870c00dd2995439ed5c34"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-62G8-53XP-7372
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-02 03:31In the Linux kernel, the following vulnerability has been resolved:
vxlan: Fix memory leaks in error path
The memory allocated by vxlan_vnigroup_init() is not freed in the error path, leading to memory leaks [1]. Fix by calling vxlan_vnigroup_uninit() in the error path.
The leaks can be reproduced by annotating gro_cells_init() with ALLOW_ERROR_INJECTION() and then running:
# echo "100" > /sys/kernel/debug/fail_function/probability # echo "1" > /sys/kernel/debug/fail_function/times # echo "gro_cells_init" > /sys/kernel/debug/fail_function/inject # printf %#x -12 > /sys/kernel/debug/fail_function/gro_cells_init/retval # ip link add name vxlan0 type vxlan dstport 4789 external vnifilter RTNETLINK answers: Cannot allocate memory
[1] unreferenced object 0xffff88810db84a00 (size 512): comm "ip", pid 330, jiffies 4295010045 (age 66.016s) hex dump (first 32 bytes): f8 d5 76 0e 81 88 ff ff 01 00 00 00 00 00 00 02 ..v............. 03 00 04 00 48 00 00 00 00 00 00 01 04 00 01 00 ....H........... backtrace: [] kmalloc_trace+0x2a/0x60 [] vxlan_vnigroup_init+0x4c/0x160 [] vxlan_init+0x1ae/0x280 [] register_netdevice+0x57a/0x16d0 [] __vxlan_dev_create+0x7c7/0xa50 [] vxlan_newlink+0xd6/0x130 [] __rtnl_newlink+0x112b/0x18a0 [] rtnl_newlink+0x6c/0xa0 [] rtnetlink_rcv_msg+0x43f/0xd40 [] netlink_rcv_skb+0x170/0x440 [] netlink_unicast+0x53f/0x810 [] netlink_sendmsg+0x958/0xe70 [] _syssendmsg+0x78f/0xa90 [] _sys_sendmsg+0x13a/0x1e0 [] __sys_sendmsg+0x11c/0x1f0 [] do_syscall_64+0x38/0x80 unreferenced object 0xffff88810e76d5f8 (size 192): comm "ip", pid 330, jiffies 4295010045 (age 66.016s) hex dump (first 32 bytes): 04 00 00 00 00 00 00 00 db e1 4f e7 00 00 00 00 ..........O..... 08 d6 76 0e 81 88 ff ff 08 d6 76 0e 81 88 ff ff ..v.......v..... backtrace: [] __kmalloc_node+0x4e/0x90 [] kvmalloc_node+0xa6/0x1f0 [] bucket_table_alloc.isra.0+0x83/0x460 [] rhashtable_init+0x43b/0x7c0 [] vxlan_vnigroup_init+0x6c/0x160 [] vxlan_init+0x1ae/0x280 [] register_netdevice+0x57a/0x16d0 [] __vxlan_dev_create+0x7c7/0xa50 [] vxlan_newlink+0xd6/0x130 [] __rtnl_newlink+0x112b/0x18a0 [] rtnl_newlink+0x6c/0xa0 [] rtnetlink_rcv_msg+0x43f/0xd40 [] netlink_rcv_skb+0x170/0x440 [] netlink_unicast+0x53f/0x810 [] netlink_sendmsg+0x958/0xe70 [] ____sys_sendmsg+0x78f/0xa90
{
"affected": [],
"aliases": [
"CVE-2023-53190"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T14:15:41Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix memory leaks in error path\n\nThe memory allocated by vxlan_vnigroup_init() is not freed in the error\npath, leading to memory leaks [1]. Fix by calling\nvxlan_vnigroup_uninit() in the error path.\n\nThe leaks can be reproduced by annotating gro_cells_init() with\nALLOW_ERROR_INJECTION() and then running:\n\n # echo \"100\" \u003e /sys/kernel/debug/fail_function/probability\n # echo \"1\" \u003e /sys/kernel/debug/fail_function/times\n # echo \"gro_cells_init\" \u003e /sys/kernel/debug/fail_function/inject\n # printf %#x -12 \u003e /sys/kernel/debug/fail_function/gro_cells_init/retval\n # ip link add name vxlan0 type vxlan dstport 4789 external vnifilter\n RTNETLINK answers: Cannot allocate memory\n\n[1]\nunreferenced object 0xffff88810db84a00 (size 512):\n comm \"ip\", pid 330, jiffies 4295010045 (age 66.016s)\n hex dump (first 32 bytes):\n f8 d5 76 0e 81 88 ff ff 01 00 00 00 00 00 00 02 ..v.............\n 03 00 04 00 48 00 00 00 00 00 00 01 04 00 01 00 ....H...........\n backtrace:\n [\u003cffffffff81a3097a\u003e] kmalloc_trace+0x2a/0x60\n [\u003cffffffff82f049fc\u003e] vxlan_vnigroup_init+0x4c/0x160\n [\u003cffffffff82ecd69e\u003e] vxlan_init+0x1ae/0x280\n [\u003cffffffff836858ca\u003e] register_netdevice+0x57a/0x16d0\n [\u003cffffffff82ef67b7\u003e] __vxlan_dev_create+0x7c7/0xa50\n [\u003cffffffff82ef6ce6\u003e] vxlan_newlink+0xd6/0x130\n [\u003cffffffff836d02ab\u003e] __rtnl_newlink+0x112b/0x18a0\n [\u003cffffffff836d0a8c\u003e] rtnl_newlink+0x6c/0xa0\n [\u003cffffffff836c0ddf\u003e] rtnetlink_rcv_msg+0x43f/0xd40\n [\u003cffffffff83908ce0\u003e] netlink_rcv_skb+0x170/0x440\n [\u003cffffffff839066af\u003e] netlink_unicast+0x53f/0x810\n [\u003cffffffff839072d8\u003e] netlink_sendmsg+0x958/0xe70\n [\u003cffffffff835c319f\u003e] ____sys_sendmsg+0x78f/0xa90\n [\u003cffffffff835cd6da\u003e] ___sys_sendmsg+0x13a/0x1e0\n [\u003cffffffff835cd94c\u003e] __sys_sendmsg+0x11c/0x1f0\n [\u003cffffffff8424da78\u003e] do_syscall_64+0x38/0x80\nunreferenced object 0xffff88810e76d5f8 (size 192):\n comm \"ip\", pid 330, jiffies 4295010045 (age 66.016s)\n hex dump (first 32 bytes):\n 04 00 00 00 00 00 00 00 db e1 4f e7 00 00 00 00 ..........O.....\n 08 d6 76 0e 81 88 ff ff 08 d6 76 0e 81 88 ff ff ..v.......v.....\n backtrace:\n [\u003cffffffff81a3162e\u003e] __kmalloc_node+0x4e/0x90\n [\u003cffffffff81a0e166\u003e] kvmalloc_node+0xa6/0x1f0\n [\u003cffffffff8276e1a3\u003e] bucket_table_alloc.isra.0+0x83/0x460\n [\u003cffffffff8276f18b\u003e] rhashtable_init+0x43b/0x7c0\n [\u003cffffffff82f04a1c\u003e] vxlan_vnigroup_init+0x6c/0x160\n [\u003cffffffff82ecd69e\u003e] vxlan_init+0x1ae/0x280\n [\u003cffffffff836858ca\u003e] register_netdevice+0x57a/0x16d0\n [\u003cffffffff82ef67b7\u003e] __vxlan_dev_create+0x7c7/0xa50\n [\u003cffffffff82ef6ce6\u003e] vxlan_newlink+0xd6/0x130\n [\u003cffffffff836d02ab\u003e] __rtnl_newlink+0x112b/0x18a0\n [\u003cffffffff836d0a8c\u003e] rtnl_newlink+0x6c/0xa0\n [\u003cffffffff836c0ddf\u003e] rtnetlink_rcv_msg+0x43f/0xd40\n [\u003cffffffff83908ce0\u003e] netlink_rcv_skb+0x170/0x440\n [\u003cffffffff839066af\u003e] netlink_unicast+0x53f/0x810\n [\u003cffffffff839072d8\u003e] netlink_sendmsg+0x958/0xe70\n [\u003cffffffff835c319f\u003e] ____sys_sendmsg+0x78f/0xa90",
"id": "GHSA-62g8-53xp-7372",
"modified": "2025-12-02T03:31:35Z",
"published": "2025-09-15T15:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53190"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/06bf62944144a92d83dd14fd1378d2a288259561"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5896f55810680391a32652ca2b91245a05c11e22"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/75c1ab900f7cf0485f0be1607c79c55f51faaa90"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-62M8-JJ4J-QM8P
Vulnerability from github – Published: 2026-03-18 18:31 – Updated: 2026-05-21 21:30In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix reservation leak in some error paths when inserting inline extent
If we fail to allocate a path or join a transaction, we return from __cow_file_range_inline() without freeing the reserved qgroup data, resulting in a leak. Fix this by ensuring we call btrfs_qgroup_free_data() in such cases.
{
"affected": [],
"aliases": [
"CVE-2025-71268"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-18T18:16:21Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix reservation leak in some error paths when inserting inline extent\n\nIf we fail to allocate a path or join a transaction, we return from\n__cow_file_range_inline() without freeing the reserved qgroup data,\nresulting in a leak. Fix this by ensuring we call btrfs_qgroup_free_data()\nin such cases.",
"id": "GHSA-62m8-jj4j-qm8p",
"modified": "2026-05-21T21:30:28Z",
"published": "2026-03-18T18:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71268"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/28768bd3abf9995a93f6e01bfce01c60622964dd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/28b97fcbbf523779688e8de5fe55bf2dae3859f6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c1c050f92d8f6aac4e17f7f2230160794fceef0c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f3ee1732851aec6fe6b2cec2ef1b32d4e71d9913"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7156512c8166d385f574b9ec030479aa7b1e8c9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-632R-423P-9JX4
Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2024-09-23 18:30In the Linux kernel, the following vulnerability has been resolved:
drm/imagination: Free pvr_vm_gpuva after unlink
This caused a measurable memory leak. Although the individual allocations are small, the leaks occurs in a high-usage codepath (remapping or unmapping device memory) so they add up quickly.
{
"affected": [],
"aliases": [
"CVE-2024-46779"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T08:15:05Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Free pvr_vm_gpuva after unlink\n\nThis caused a measurable memory leak. Although the individual\nallocations are small, the leaks occurs in a high-usage codepath\n(remapping or unmapping device memory) so they add up quickly.",
"id": "GHSA-632r-423p-9jx4",
"modified": "2024-09-23T18:30:34Z",
"published": "2024-09-18T09:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46779"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1cc695be8920df234f83270d789078cb2d3bc564"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3f6b2f60b4631cd0c368da6a1587ab55a696164d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6368-3WVQ-PCHC
Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-11-12 21:31In the Linux kernel, the following vulnerability has been resolved:
powerpc/iommu: fix memory leak with using debugfs_lookup()
When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.
{
"affected": [],
"aliases": [
"CVE-2023-53097"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-02T16:15:28Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/iommu: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time. To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once.",
"id": "GHSA-6368-3wvq-pchc",
"modified": "2025-11-12T21:31:01Z",
"published": "2025-05-02T18:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53097"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/24c1bd1cd0d1ff821fd7d2f01a1e648c7882dfc2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4050498c0ae3946c223fc63e9dd7b878b76611e0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b505063910c134778202dfad9332dfcecb76bab3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e3a62a35f903fd8be5b44542fe3901ec45f16757"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6399-486W-R6QV
Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-05-24 17:26Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a disclosure of sensitive data vulnerability. Successful exploitation could lead to memory leak.
{
"affected": [],
"aliases": [
"CVE-2020-9697"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-19T14:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a disclosure of sensitive data vulnerability. Successful exploitation could lead to memory leak.",
"id": "GHSA-6399-486w-r6qv",
"modified": "2022-05-24T17:26:09Z",
"published": "2022-05-24T17:26:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9697"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb20-48.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-63GQ-CVV8-GC2G
Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-09-03 00:00Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
{
"affected": [],
"aliases": [
"CVE-2020-26418"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-11T19:15:00Z",
"severity": "MODERATE"
},
"details": "Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.",
"id": "GHSA-63gq-cvv8-gc2g",
"modified": "2022-09-03T00:00:23Z",
"published": "2022-05-24T17:36:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26418"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26418.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/16739"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202101-12"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2020-16.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-63WM-RVCG-492W
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-03 21:30In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix memory leak in ocfs2_stack_glue_init()
ocfs2_table_header should be free in ocfs2_stack_glue_init() if ocfs2_sysfs_init() failed, otherwise kmemleak will report memleak.
BUG: memory leak unreferenced object 0xffff88810eeb5800 (size 128): comm "modprobe", pid 4507, jiffies 4296182506 (age 55.888s) hex dump (first 32 bytes): c0 40 14 a0 ff ff ff ff 00 00 00 00 01 00 00 00 .@.............. 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000001e59e1cd>] __register_sysctl_table+0xca/0xef0 [<00000000c04f70f7>] 0xffffffffa0050037 [<000000001bd12912>] do_one_initcall+0xdb/0x480 [<0000000064f766c9>] do_init_module+0x1cf/0x680 [<000000002ba52db0>] load_module+0x6441/0x6f20 [<000000009772580d>] __do_sys_finit_module+0x12f/0x1c0 [<00000000380c1f22>] do_syscall_64+0x3f/0x90 [<000000004cf473bc>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
{
"affected": [],
"aliases": [
"CVE-2022-50289"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T15:15:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix memory leak in ocfs2_stack_glue_init()\n\nocfs2_table_header should be free in ocfs2_stack_glue_init() if\nocfs2_sysfs_init() failed, otherwise kmemleak will report memleak.\n\nBUG: memory leak\nunreferenced object 0xffff88810eeb5800 (size 128):\n comm \"modprobe\", pid 4507, jiffies 4296182506 (age 55.888s)\n hex dump (first 32 bytes):\n c0 40 14 a0 ff ff ff ff 00 00 00 00 01 00 00 00 .@..............\n 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c000000001e59e1cd\u003e] __register_sysctl_table+0xca/0xef0\n [\u003c00000000c04f70f7\u003e] 0xffffffffa0050037\n [\u003c000000001bd12912\u003e] do_one_initcall+0xdb/0x480\n [\u003c0000000064f766c9\u003e] do_init_module+0x1cf/0x680\n [\u003c000000002ba52db0\u003e] load_module+0x6441/0x6f20\n [\u003c000000009772580d\u003e] __do_sys_finit_module+0x12f/0x1c0\n [\u003c00000000380c1f22\u003e] do_syscall_64+0x3f/0x90\n [\u003c000000004cf473bc\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"id": "GHSA-63wm-rvcg-492w",
"modified": "2025-12-03T21:30:59Z",
"published": "2025-09-15T15:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50289"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0000281f019111526f7abccc61f2746d2eb626ca"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b2128b70849f2728949babfc1c760096ef72f5d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/13b6269dd022aaa69ca8d1df374ab327504121cf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/61d68cf2ba79128c48d4b3fa4d10c34dc18ba572"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6f6c13776cbee4b6a515f4cd3b859f046be4f6f9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7c8bf45cea9c8d6fb3e14d8cd5ae60e0372f39b7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/802abe2bc654e87334e6a0ab6c1adc2b6d5f6394"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b0822faebd79971617abd495beb2d6f5356b88bf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f5f2682d3a34dd8350bf63f232d885fd95f25b92"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.