Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-65P9-X3QJ-Q764

Vulnerability from github – Published: 2025-05-29 21:31 – Updated: 2025-05-29 21:31
VLAI
Details

A vulnerability, which was classified as problematic, was found in TechPowerUp GPU-Z 2.23.0. Affected is the function sub_140001880 in the library GPU-Z.sys of the component 0x8000645C IOCTL Handler. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5324"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-29T19:15:28Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, was found in TechPowerUp GPU-Z 2.23.0. Affected is the function sub_140001880 in the library GPU-Z.sys of the component 0x8000645C IOCTL Handler. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-65p9-x3qj-q764",
  "modified": "2025-05-29T21:31:37Z",
  "published": "2025-05-29T21:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5324"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Aiyakami/CVE-1/issues/3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Aiyakami/CVE-1/tree/main/test1"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.310494"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.310494"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.580513"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-65Q9-FQ96-WQPJ

Vulnerability from github – Published: 2022-02-19 00:01 – Updated: 2022-02-27 00:00
VLAI
Details

Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via crafted packets.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46082"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-18T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via crafted packets.",
  "id": "GHSA-65q9-fq96-wqpj",
  "modified": "2022-02-27T00:00:25Z",
  "published": "2022-02-19T00:01:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46082"
    },
    {
      "type": "WEB",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mgate-5109-5101-protocol-gateways-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-65WQ-6HC9-FGCM

Vulnerability from github – Published: 2025-10-07 18:31 – Updated: 2026-02-04 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: solo6x10: fix possible memory leak in solo_sysfs_init()

If device_register() returns error in solo_sysfs_init(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50547"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-07T16:15:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: solo6x10: fix possible memory leak in solo_sysfs_init()\n\nIf device_register() returns error in solo_sysfs_init(), the\nname allocated by dev_set_name() need be freed. As comment of\ndevice_register() says, it should use put_device() to give up\nthe reference in the error path. So fix this by calling\nput_device(), then the name can be freed in kobject_cleanup().",
  "id": "GHSA-65wq-6hc9-fgcm",
  "modified": "2026-02-04T21:30:24Z",
  "published": "2025-10-07T18:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50547"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/49060c0da57a381563e482e331dc9d4c3725b41b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7b02c50d3978840781808e13bc13137fb81286b5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7cf71bbe5d2ee12613f6e278888f5fc9c5c0cc2b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7f5866dd96d95b74e439f6ee17b8abd8195179fb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/83d4b1ae98a47a739fa5241300b86eb1110d5d63"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9416861170ba0da8ddb0f4fd2d28334f0ed3b9c2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/963729538674be4cb8fa292529ecf32de0d6c6dd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b61509093e1af69e336a094d439b8e1137cb40d8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d6db105bcfbdbbbd484e788a0ddf8140a4a8c486"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-663M-HM4M-RJG6

Vulnerability from github – Published: 2022-06-15 00:00 – Updated: 2022-06-23 00:00
VLAI
Details

Possible memory leak due to improper validation of certificate chain length while parsing server certificate chain in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-35078"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-14T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "Possible memory leak due to improper validation of certificate chain length while parsing server certificate chain in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
  "id": "GHSA-663m-hm4m-rjg6",
  "modified": "2022-06-23T00:00:22Z",
  "published": "2022-06-15T00:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35078"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-66RH-G7JV-6752

Vulnerability from github – Published: 2024-02-15 06:31 – Updated: 2024-10-28 21:30
VLAI
Details

A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause.

An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23091"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-15T06:15:45Z",
    "severity": "MODERATE"
  },
  "details": "A particular case of memory sharing is mishandled in the virtual memory system.  This is very similar to SA-21:08.vm, but with a different root cause.\n\nAn unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.",
  "id": "GHSA-66rh-g7jv-6752",
  "modified": "2024-10-28T21:30:33Z",
  "published": "2024-02-15T06:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23091"
    },
    {
      "type": "WEB",
      "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240415-0008"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6735-JGP5-QF5J

Vulnerability from github – Published: 2025-03-17 21:30 – Updated: 2025-03-17 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8712: fix a potential memory leak in r871xu_drv_init()

In r871xu_drv_init(), if r8712_init_drv_sw() fails, then the memory allocated by r8712_alloc_io_queue() in r8712_usb_dvobj_init() is not properly released as there is no action will be performed by r8712_usb_dvobj_deinit(). To properly release it, we should call r8712_free_io_queue() in r8712_usb_dvobj_deinit().

Besides, in r871xu_dev_remove(), r8712_usb_dvobj_deinit() will be called by r871x_dev_unload() under condition padapter->bup and r8712_free_io_queue() is called by r8712_free_drv_sw(). However, r8712_usb_dvobj_deinit() does not rely on padapter->bup and calling r8712_free_io_queue() in r8712_free_drv_sw() is negative for better understading the code. So I move r8712_usb_dvobj_deinit() into r871xu_dev_remove(), and remove r8712_free_io_queue() from r8712_free_drv_sw().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49312"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8712: fix a potential memory leak in r871xu_drv_init()\n\nIn r871xu_drv_init(), if r8712_init_drv_sw() fails, then the memory\nallocated by r8712_alloc_io_queue() in r8712_usb_dvobj_init() is not\nproperly released as there is no action will be performed by\nr8712_usb_dvobj_deinit().\nTo properly release it, we should call r8712_free_io_queue() in\nr8712_usb_dvobj_deinit().\n\nBesides, in r871xu_dev_remove(), r8712_usb_dvobj_deinit() will be called\nby r871x_dev_unload() under condition `padapter-\u003ebup` and\nr8712_free_io_queue() is called by r8712_free_drv_sw().\nHowever, r8712_usb_dvobj_deinit() does not rely on `padapter-\u003ebup` and\ncalling r8712_free_io_queue() in r8712_free_drv_sw() is negative for\nbetter understading the code.\nSo I move r8712_usb_dvobj_deinit() into r871xu_dev_remove(), and remove\nr8712_free_io_queue() from r8712_free_drv_sw().",
  "id": "GHSA-6735-jgp5-qf5j",
  "modified": "2025-03-17T21:30:33Z",
  "published": "2025-03-17T21:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49312"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/205e039fead72e87ad2838f5e649a4c4834f648b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a89a92efc342dd7c44b6056da87debc598f9c73"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7288ff561de650d4139fab80e9cb0da9b5b32434"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8eb42d6d10f8fe509117859defddf9e72b4fa4d0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a2882b8baad068d21c99fb2ab5a85a2bdbd5b834"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-675X-JH39-GVRQ

Vulnerability from github – Published: 2024-06-20 12:31 – Updated: 2025-09-17 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: ieee802154: ca8210: Stop leaking skb's

Upon error the ieee802154_xmit_complete() helper is not called. Only ieee802154_wake_queue() is called manually. We then leak the skb structure.

Free the skb structure upon error before returning.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48722"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-20T11:15:55Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ieee802154: ca8210: Stop leaking skb\u0027s\n\nUpon error the ieee802154_xmit_complete() helper is not called. Only\nieee802154_wake_queue() is called manually. We then leak the skb\nstructure.\n\nFree the skb structure upon error before returning.",
  "id": "GHSA-675x-jh39-gvrq",
  "modified": "2025-09-17T18:31:13Z",
  "published": "2024-06-20T12:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48722"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/21feb6df3967541931242c427fe0958276af81cc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/621b24b09eb61c63f262da0c9c5f0e93348897e5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6f38d3a6ec11c2733b1c641a46a2a2ecec57be08"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/78b3f20c17cbcb7645bfa63f2ca0e11b53c09d56"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/94cd597e20ed4acedb8f15f029d92998b011cb1a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a1c277b0ed2a13e7de923b5f03bc23586eceb851"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d6a44feb2f28d71a7e725f72d09c97c81561cd9a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-677G-FPR3-WQPR

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-18 03:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr()

__qedr_alloc_mr() allocates a memory chunk for "mr->info.pbl_table" with init_mr_info(). When rdma_alloc_tid() and rdma_register_tid() fail, "mr" is released while "mr->info.pbl_table" is not released, which will lead to a memory leak.

We should release the "mr->info.pbl_table" with qedr_free_pbl() when error occurs to fix the memory leak.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50138"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:43Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/qedr: Fix potential memory leak in __qedr_alloc_mr()\n\n__qedr_alloc_mr() allocates a memory chunk for \"mr-\u003einfo.pbl_table\" with\ninit_mr_info(). When rdma_alloc_tid() and rdma_register_tid() fail, \"mr\"\nis released while \"mr-\u003einfo.pbl_table\" is not released, which will lead\nto a memory leak.\n\nWe should release the \"mr-\u003einfo.pbl_table\" with qedr_free_pbl() when error\noccurs to fix the memory leak.",
  "id": "GHSA-677g-fpr3-wqpr",
  "modified": "2025-11-18T03:31:14Z",
  "published": "2025-06-18T12:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50138"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/07ba048df306dc93fc4d2ef670b9e24644a2069f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/79ce50dddaf28b5c57911ecc80a2be17a0b17f83"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7e647a8d5fc0a2c8e0f36f585a6388286a25bb15"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b3236a64ddd125a455ef5b5316c1b9051b732974"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b4c9f7db9f0148423557539af0fdf513338efe08"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-67C6-HV92-W98P

Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-17 00:01
VLAI
Details

There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40047"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-10T17:43:00Z",
    "severity": "HIGH"
  },
  "details": "There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity.",
  "id": "GHSA-67c6-hv92-w98p",
  "modified": "2022-03-17T00:01:56Z",
  "published": "2022-03-11T00:02:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40047"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2022/3"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202203-0000001257385193"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-67MX-9PX6-MHWV

Vulnerability from github – Published: 2025-09-18 18:30 – Updated: 2025-12-11 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: cpumap: Fix memory leak in cpu_map_update_elem

Syzkaller reported a memory leak as follows:

BUG: memory leak unreferenced object 0xff110001198ef748 (size 192): comm "syz-executor.3", pid 17672, jiffies 4298118891 (age 9.906s) hex dump (first 32 bytes): 00 00 00 00 4a 19 00 00 80 ad e3 e4 fe ff c0 00 ....J........... 00 b2 d3 0c 01 00 11 ff 28 f5 8e 19 01 00 11 ff ........(....... backtrace: [] __cpu_map_entry_alloc+0xf7/0xb00 [] cpu_map_update_elem+0x2fe/0x3d0 [] bpf_map_update_value.isra.0+0x2bd/0x520 [] map_update_elem+0x4cb/0x720 [] __se_sys_bpf+0x8c3/0xb90 [] do_syscall_64+0x30/0x40 [] entry_SYSCALL_64_after_hwframe+0x61/0xc6

BUG: memory leak unreferenced object 0xff110001198ef528 (size 192): comm "syz-executor.3", pid 17672, jiffies 4298118891 (age 9.906s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] __cpu_map_entry_alloc+0x260/0xb00 [] cpu_map_update_elem+0x2fe/0x3d0 [] bpf_map_update_value.isra.0+0x2bd/0x520 [] map_update_elem+0x4cb/0x720 [] __se_sys_bpf+0x8c3/0xb90 [] do_syscall_64+0x30/0x40 [] entry_SYSCALL_64_after_hwframe+0x61/0xc6

BUG: memory leak unreferenced object 0xff1100010fd93d68 (size 8): comm "syz-executor.3", pid 17672, jiffies 4298118891 (age 9.906s) hex dump (first 8 bytes): 00 00 00 00 00 00 00 00 ........ backtrace: [] kvmalloc_node+0x11e/0x170 [] __cpu_map_entry_alloc+0x2f0/0xb00 [] cpu_map_update_elem+0x2fe/0x3d0 [] bpf_map_update_value.isra.0+0x2bd/0x520 [] map_update_elem+0x4cb/0x720 [] __se_sys_bpf+0x8c3/0xb90 [] do_syscall_64+0x30/0x40 [] entry_SYSCALL_64_after_hwframe+0x61/0xc6

In the cpu_map_update_elem flow, when kthread_stop is called before calling the threadfn of rcpu->kthread, since the KTHREAD_SHOULD_STOP bit of kthread has been set by kthread_stop, the threadfn of rcpu->kthread will never be executed, and rcpu->refcnt will never be 0, which will lead to the allocated rcpu, rcpu->queue and rcpu->queue->queue cannot be released.

Calling kthread_stop before executing kthread's threadfn will return -EINTR. We can complete the release of memory resources in this state.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53441"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T16:15:48Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: cpumap: Fix memory leak in cpu_map_update_elem\n\nSyzkaller reported a memory leak as follows:\n\nBUG: memory leak\nunreferenced object 0xff110001198ef748 (size 192):\n  comm \"syz-executor.3\", pid 17672, jiffies 4298118891 (age 9.906s)\n  hex dump (first 32 bytes):\n    00 00 00 00 4a 19 00 00 80 ad e3 e4 fe ff c0 00  ....J...........\n    00 b2 d3 0c 01 00 11 ff 28 f5 8e 19 01 00 11 ff  ........(.......\n  backtrace:\n    [\u003cffffffffadd28087\u003e] __cpu_map_entry_alloc+0xf7/0xb00\n    [\u003cffffffffadd28d8e\u003e] cpu_map_update_elem+0x2fe/0x3d0\n    [\u003cffffffffadc6d0fd\u003e] bpf_map_update_value.isra.0+0x2bd/0x520\n    [\u003cffffffffadc7349b\u003e] map_update_elem+0x4cb/0x720\n    [\u003cffffffffadc7d983\u003e] __se_sys_bpf+0x8c3/0xb90\n    [\u003cffffffffb029cc80\u003e] do_syscall_64+0x30/0x40\n    [\u003cffffffffb0400099\u003e] entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nBUG: memory leak\nunreferenced object 0xff110001198ef528 (size 192):\n  comm \"syz-executor.3\", pid 17672, jiffies 4298118891 (age 9.906s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [\u003cffffffffadd281f0\u003e] __cpu_map_entry_alloc+0x260/0xb00\n    [\u003cffffffffadd28d8e\u003e] cpu_map_update_elem+0x2fe/0x3d0\n    [\u003cffffffffadc6d0fd\u003e] bpf_map_update_value.isra.0+0x2bd/0x520\n    [\u003cffffffffadc7349b\u003e] map_update_elem+0x4cb/0x720\n    [\u003cffffffffadc7d983\u003e] __se_sys_bpf+0x8c3/0xb90\n    [\u003cffffffffb029cc80\u003e] do_syscall_64+0x30/0x40\n    [\u003cffffffffb0400099\u003e] entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nBUG: memory leak\nunreferenced object 0xff1100010fd93d68 (size 8):\n  comm \"syz-executor.3\", pid 17672, jiffies 4298118891 (age 9.906s)\n  hex dump (first 8 bytes):\n    00 00 00 00 00 00 00 00                          ........\n  backtrace:\n    [\u003cffffffffade5db3e\u003e] kvmalloc_node+0x11e/0x170\n    [\u003cffffffffadd28280\u003e] __cpu_map_entry_alloc+0x2f0/0xb00\n    [\u003cffffffffadd28d8e\u003e] cpu_map_update_elem+0x2fe/0x3d0\n    [\u003cffffffffadc6d0fd\u003e] bpf_map_update_value.isra.0+0x2bd/0x520\n    [\u003cffffffffadc7349b\u003e] map_update_elem+0x4cb/0x720\n    [\u003cffffffffadc7d983\u003e] __se_sys_bpf+0x8c3/0xb90\n    [\u003cffffffffb029cc80\u003e] do_syscall_64+0x30/0x40\n    [\u003cffffffffb0400099\u003e] entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nIn the cpu_map_update_elem flow, when kthread_stop is called before\ncalling the threadfn of rcpu-\u003ekthread, since the KTHREAD_SHOULD_STOP bit\nof kthread has been set by kthread_stop, the threadfn of rcpu-\u003ekthread\nwill never be executed, and rcpu-\u003erefcnt will never be 0, which will\nlead to the allocated rcpu, rcpu-\u003equeue and rcpu-\u003equeue-\u003equeue cannot be\nreleased.\n\nCalling kthread_stop before executing kthread\u0027s threadfn will return\n-EINTR. We can complete the release of memory resources in this state.",
  "id": "GHSA-67mx-9px6-mhwv",
  "modified": "2025-12-11T15:30:30Z",
  "published": "2025-09-18T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53441"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4369016497319a9635702da010d02af1ebb1849d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a957ac8e0b5ffb5797382a6adbafd005a5f72851"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b11a9b4f28cb6ff69ef7e69809e5f7fffeac9030"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d26299f50f5ea8f0aeb5d49e659c31f64233c816"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.