Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-JQW7-W6RM-7CV4

Vulnerability from github – Published: 2025-07-25 15:30 – Updated: 2025-12-23 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

remoteproc: core: Release rproc->clean_table after rproc_attach() fails

When rproc->state = RPROC_DETACHED is attached to remote processor through rproc_attach(), if rproc_handle_resources() returns failure, then the clean table should be released, otherwise the following memory leak will occur.

unreferenced object 0xffff000086a99800 (size 1024): comm "kworker/u12:3", pid 59, jiffies 4294893670 (age 121.140s) hex dump (first 32 bytes): 00 00 00 00 00 80 00 00 00 00 00 00 00 00 10 00 ............ 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 ............ backtrace: [<000000008bbe4ca8>] slab_post_alloc_hook+0x98/0x3fc [<000000003b8a272b>] __kmem_cache_alloc_node+0x13c/0x230 [<000000007a507c51>] __kmalloc_node_track_caller+0x5c/0x260 [<0000000037818dae>] kmemdup+0x34/0x60 [<00000000610f7f57>] rproc_boot+0x35c/0x56c [<0000000065f8871a>] rproc_add+0x124/0x17c [<00000000497416ee>] imx_rproc_probe+0x4ec/0x5d4 [<000000003bcaa37d>] platform_probe+0x68/0xd8 [<00000000771577f9>] really_probe+0x110/0x27c [<00000000531fea59>] __driver_probe_device+0x78/0x12c [<0000000080036a04>] driver_probe_device+0x3c/0x118 [<000000007e0bddcb>] __device_attach_driver+0xb8/0xf8 [<000000000cf1fa33>] bus_for_each_drv+0x84/0xe4 [<000000001a53b53e>] __device_attach+0xfc/0x18c [<00000000d1a2a32c>] device_initial_probe+0x14/0x20 [<00000000d8f8b7ae>] bus_probe_device+0xb0/0xb4 unreferenced object 0xffff0000864c9690 (size 16):

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38418"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-25T14:15:33Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Release rproc-\u003eclean_table after rproc_attach() fails\n\nWhen rproc-\u003estate = RPROC_DETACHED is attached to remote processor\nthrough rproc_attach(), if rproc_handle_resources() returns failure,\nthen the clean table should be released, otherwise the following\nmemory leak will occur.\n\nunreferenced object 0xffff000086a99800 (size 1024):\ncomm \"kworker/u12:3\", pid 59, jiffies 4294893670 (age 121.140s)\nhex dump (first 32 bytes):\n00 00 00 00 00 80 00 00 00 00 00 00 00 00 10 00 ............\n00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 ............\nbacktrace:\n [\u003c000000008bbe4ca8\u003e] slab_post_alloc_hook+0x98/0x3fc\n [\u003c000000003b8a272b\u003e] __kmem_cache_alloc_node+0x13c/0x230\n [\u003c000000007a507c51\u003e] __kmalloc_node_track_caller+0x5c/0x260\n [\u003c0000000037818dae\u003e] kmemdup+0x34/0x60\n [\u003c00000000610f7f57\u003e] rproc_boot+0x35c/0x56c\n [\u003c0000000065f8871a\u003e] rproc_add+0x124/0x17c\n [\u003c00000000497416ee\u003e] imx_rproc_probe+0x4ec/0x5d4\n [\u003c000000003bcaa37d\u003e] platform_probe+0x68/0xd8\n [\u003c00000000771577f9\u003e] really_probe+0x110/0x27c\n [\u003c00000000531fea59\u003e] __driver_probe_device+0x78/0x12c\n [\u003c0000000080036a04\u003e] driver_probe_device+0x3c/0x118\n [\u003c000000007e0bddcb\u003e] __device_attach_driver+0xb8/0xf8\n [\u003c000000000cf1fa33\u003e] bus_for_each_drv+0x84/0xe4\n [\u003c000000001a53b53e\u003e] __device_attach+0xfc/0x18c\n [\u003c00000000d1a2a32c\u003e] device_initial_probe+0x14/0x20\n [\u003c00000000d8f8b7ae\u003e] bus_probe_device+0xb0/0xb4\n unreferenced object 0xffff0000864c9690 (size 16):",
  "id": "GHSA-jqw7-w6rm-7cv4",
  "modified": "2025-12-23T21:30:22Z",
  "published": "2025-07-25T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38418"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3562c09feeb8d8e9d102ce6840e8c7d57a7feb5c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3ee979709e16a83b257bc9a544a7ff71fd445ea9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6fe9486d709e4a60990843832501ef6556440ca7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bcd241230fdbc6005230f80a4f8646ff5a84f15b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bf876fd9dc2d0c9fff96aef63d4346719f206fc1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f4ef928ca504c996f9222eb2c59ac6d6eefd9c75"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JQWG-PJJQ-GQV5

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-30 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/nouveau/debugfs: fix file release memory leak

When using single_open() for opening, single_release() should be called, otherwise the 'op' allocated in single_open() will be leaked.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47423"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:27Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/debugfs: fix file release memory leak\n\nWhen using single_open() for opening, single_release() should be\ncalled, otherwise the \u0027op\u0027 allocated in single_open() will be leaked.",
  "id": "GHSA-jqwg-pjjq-gqv5",
  "modified": "2024-12-30T21:30:46Z",
  "published": "2024-05-21T15:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47423"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/11cd944bb87d9e575b94c07c952105eda745b459"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1508b09945bde393326a9dab73b1fc35f672d771"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/88c3610045ca6e699331b6bb5c095c5565f30721"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9f9d4c88b2edc7924e19c44909cfc3fa4e4d3d43"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/df0c9418923679bc6d0060bdb1b5bf2c755159e0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f5a8703a9c418c6fc54eb772712dfe7641e3991c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f69556a42043b5444ca712ee889829ba89fdcba8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JR2F-554P-CMVR

Vulnerability from github – Published: 2025-04-16 15:34 – Updated: 2025-11-03 21:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: put dl_stid if fail to queue dl_recall

Before calling nfsd4_run_cb to queue dl_recall to the callback_wq, we increment the reference count of dl_stid. We expect that after the corresponding work_struct is processed, the reference count of dl_stid will be decremented through the callback function nfsd4_cb_recall_release. However, if the call to nfsd4_run_cb fails, the incremented reference count of dl_stid will not be decremented correspondingly, leading to the following nfs4_stid leak: unreferenced object 0xffff88812067b578 (size 344): comm "nfsd", pid 2761, jiffies 4295044002 (age 5541.241s) hex dump (first 32 bytes): 01 00 00 00 6b 6b 6b 6b b8 02 c0 e2 81 88 ff ff ....kkkk........ 00 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 ad 4e ad de .kkkkkkk.....N.. backtrace: kmem_cache_alloc+0x4b9/0x700 nfsd4_process_open1+0x34/0x300 nfsd4_open+0x2d1/0x9d0 nfsd4_proc_compound+0x7a2/0xe30 nfsd_dispatch+0x241/0x3e0 svc_process_common+0x5d3/0xcc0 svc_process+0x2a3/0x320 nfsd+0x180/0x2e0 kthread+0x199/0x1d0 ret_from_fork+0x30/0x50 ret_from_fork_asm+0x1b/0x30 unreferenced object 0xffff8881499f4d28 (size 368): comm "nfsd", pid 2761, jiffies 4295044005 (age 5541.239s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 30 4d 9f 49 81 88 ff ff ........0M.I.... 30 4d 9f 49 81 88 ff ff 20 00 00 00 01 00 00 00 0M.I.... ....... backtrace: kmem_cache_alloc+0x4b9/0x700 nfs4_alloc_stid+0x29/0x210 alloc_init_deleg+0x92/0x2e0 nfs4_set_delegation+0x284/0xc00 nfs4_open_delegation+0x216/0x3f0 nfsd4_process_open2+0x2b3/0xee0 nfsd4_open+0x770/0x9d0 nfsd4_proc_compound+0x7a2/0xe30 nfsd_dispatch+0x241/0x3e0 svc_process_common+0x5d3/0xcc0 svc_process+0x2a3/0x320 nfsd+0x180/0x2e0 kthread+0x199/0x1d0 ret_from_fork+0x30/0x50 ret_from_fork_asm+0x1b/0x30 Fix it by checking the result of nfsd4_run_cb and call nfs4_put_stid if fail to queue dl_recall.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-22025"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-16T15:15:55Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: put dl_stid if fail to queue dl_recall\n\nBefore calling nfsd4_run_cb to queue dl_recall to the callback_wq, we\nincrement the reference count of dl_stid.\nWe expect that after the corresponding work_struct is processed, the\nreference count of dl_stid will be decremented through the callback\nfunction nfsd4_cb_recall_release.\nHowever, if the call to nfsd4_run_cb fails, the incremented reference\ncount of dl_stid will not be decremented correspondingly, leading to the\nfollowing nfs4_stid leak:\nunreferenced object 0xffff88812067b578 (size 344):\n  comm \"nfsd\", pid 2761, jiffies 4295044002 (age 5541.241s)\n  hex dump (first 32 bytes):\n    01 00 00 00 6b 6b 6b 6b b8 02 c0 e2 81 88 ff ff  ....kkkk........\n    00 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 ad 4e ad de  .kkkkkkk.....N..\n  backtrace:\n    kmem_cache_alloc+0x4b9/0x700\n    nfsd4_process_open1+0x34/0x300\n    nfsd4_open+0x2d1/0x9d0\n    nfsd4_proc_compound+0x7a2/0xe30\n    nfsd_dispatch+0x241/0x3e0\n    svc_process_common+0x5d3/0xcc0\n    svc_process+0x2a3/0x320\n    nfsd+0x180/0x2e0\n    kthread+0x199/0x1d0\n    ret_from_fork+0x30/0x50\n    ret_from_fork_asm+0x1b/0x30\nunreferenced object 0xffff8881499f4d28 (size 368):\n  comm \"nfsd\", pid 2761, jiffies 4295044005 (age 5541.239s)\n  hex dump (first 32 bytes):\n    01 00 00 00 00 00 00 00 30 4d 9f 49 81 88 ff ff  ........0M.I....\n    30 4d 9f 49 81 88 ff ff 20 00 00 00 01 00 00 00  0M.I.... .......\n  backtrace:\n    kmem_cache_alloc+0x4b9/0x700\n    nfs4_alloc_stid+0x29/0x210\n    alloc_init_deleg+0x92/0x2e0\n    nfs4_set_delegation+0x284/0xc00\n    nfs4_open_delegation+0x216/0x3f0\n    nfsd4_process_open2+0x2b3/0xee0\n    nfsd4_open+0x770/0x9d0\n    nfsd4_proc_compound+0x7a2/0xe30\n    nfsd_dispatch+0x241/0x3e0\n    svc_process_common+0x5d3/0xcc0\n    svc_process+0x2a3/0x320\n    nfsd+0x180/0x2e0\n    kthread+0x199/0x1d0\n    ret_from_fork+0x30/0x50\n    ret_from_fork_asm+0x1b/0x30\nFix it by checking the result of nfsd4_run_cb and call nfs4_put_stid if\nfail to queue dl_recall.",
  "id": "GHSA-jr2f-554p-cmvr",
  "modified": "2025-11-03T21:33:34Z",
  "published": "2025-04-16T15:34:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22025"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/133f5e2a37ce08c82d24e8fba65e0a81deae4609"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/230ca758453c63bd38e4d9f4a21db698f7abada8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/63b91c8ff4589f5263873b24c052447a28e10ef7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9a81cde8c7ce65dd90fb47ceea93a45fc1a2fbd1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b874cdef4e67e5150e07eff0eae1cbb21fb92da1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cad3479b63661a399c9df1d0b759e1806e2df3c8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cdb796137c57e68ca34518d53be53b679351eb86"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d96587cc93ec369031bcd7658c6adc719873c9fd"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JRV8-9M22-559M

Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-02-12 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/msm: fix vram leak on bind errors

Make sure to release the VRAM buffer also in a case a subcomponent fails to bind.

Patchwork: https://patchwork.freedesktop.org/patch/525094/

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53562"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-04T16:15:51Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: fix vram leak on bind errors\n\nMake sure to release the VRAM buffer also in a case a subcomponent fails\nto bind.\n\nPatchwork: https://patchwork.freedesktop.org/patch/525094/",
  "id": "GHSA-jrv8-9m22-559m",
  "modified": "2026-02-12T18:30:18Z",
  "published": "2025-10-04T18:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53562"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/544711591a67a6da4d9f0f70ba3c805eb2548729"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/60d476af96015891c7959f30838ae7a9749932bf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c02e8c1c5b3eb0b6193946194ac280f58f48b3b5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e3401e07ba98a94b978164b7e873c25e5fc82b4b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JV8H-WWPC-CCW4

Vulnerability from github – Published: 2026-01-31 12:30 – Updated: 2026-03-25 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

idpf: fix memory leak of flow steer list on rmmod

The flow steering list maintains entries that are added and removed as ethtool creates and deletes flow steering rules. Module removal with active entries causes memory leak as the list is not properly cleaned up.

Prevent this by iterating through the remaining entries in the list and freeing the associated memory during module removal. Add a spinlock (flow_steer_list_lock) to protect the list access from multiple threads.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23024"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-31T12:16:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leak of flow steer list on rmmod\n\nThe flow steering list maintains entries that are added and removed as\nethtool creates and deletes flow steering rules. Module removal with active\nentries causes memory leak as the list is not properly cleaned up.\n\nPrevent this by iterating through the remaining entries in the list and\nfreeing the associated memory during module removal. Add a spinlock\n(flow_steer_list_lock) to protect the list access from multiple threads.",
  "id": "GHSA-jv8h-wwpc-ccw4",
  "modified": "2026-03-25T18:31:35Z",
  "published": "2026-01-31T12:30:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23024"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1aedff70a5e97628eaaf17b169774cb6a45a1dc5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f9841bd28b600526ca4f6713b0ca49bf7bb98452"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JV96-QFMJ-26F9

Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2025-01-07 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix memory leak in dm_sw_fini()

After destroying dmub_srv, the memory associated with it is not freed, causing a memory leak:

unreferenced object 0xffff896302b45800 (size 1024): comm "(udev-worker)", pid 222, jiffies 4294894636 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 6265fd77): [] kmalloc_trace+0x29d/0x340 [] dm_dmub_sw_init+0xb4/0x450 [amdgpu] [] dm_sw_init+0x15/0x2b0 [amdgpu] [] amdgpu_device_init+0x1417/0x24e0 [amdgpu] [] amdgpu_driver_load_kms+0x15/0x190 [amdgpu] [] amdgpu_pci_probe+0x187/0x4e0 [amdgpu] [] local_pci_probe+0x3e/0x90 [] pci_device_probe+0xc3/0x230 [] really_probe+0xe2/0x480 [] __driver_probe_device+0x78/0x160 [] driver_probe_device+0x1f/0x90 [] __driver_attach+0xce/0x1c0 [] bus_for_each_dev+0x70/0xc0 [] bus_add_driver+0x112/0x210 [] driver_register+0x55/0x100 [] do_one_initcall+0x41/0x300

Fix this by freeing dmub_srv after destroying it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26833"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-17T10:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix memory leak in dm_sw_fini()\n\nAfter destroying dmub_srv, the memory associated with it is\nnot freed, causing a memory leak:\n\nunreferenced object 0xffff896302b45800 (size 1024):\n  comm \"(udev-worker)\", pid 222, jiffies 4294894636\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 6265fd77):\n    [\u003cffffffff993495ed\u003e] kmalloc_trace+0x29d/0x340\n    [\u003cffffffffc0ea4a94\u003e] dm_dmub_sw_init+0xb4/0x450 [amdgpu]\n    [\u003cffffffffc0ea4e55\u003e] dm_sw_init+0x15/0x2b0 [amdgpu]\n    [\u003cffffffffc0ba8557\u003e] amdgpu_device_init+0x1417/0x24e0 [amdgpu]\n    [\u003cffffffffc0bab285\u003e] amdgpu_driver_load_kms+0x15/0x190 [amdgpu]\n    [\u003cffffffffc0ba09c7\u003e] amdgpu_pci_probe+0x187/0x4e0 [amdgpu]\n    [\u003cffffffff9968fd1e\u003e] local_pci_probe+0x3e/0x90\n    [\u003cffffffff996918a3\u003e] pci_device_probe+0xc3/0x230\n    [\u003cffffffff99805872\u003e] really_probe+0xe2/0x480\n    [\u003cffffffff99805c98\u003e] __driver_probe_device+0x78/0x160\n    [\u003cffffffff99805daf\u003e] driver_probe_device+0x1f/0x90\n    [\u003cffffffff9980601e\u003e] __driver_attach+0xce/0x1c0\n    [\u003cffffffff99803170\u003e] bus_for_each_dev+0x70/0xc0\n    [\u003cffffffff99804822\u003e] bus_add_driver+0x112/0x210\n    [\u003cffffffff99807245\u003e] driver_register+0x55/0x100\n    [\u003cffffffff990012d1\u003e] do_one_initcall+0x41/0x300\n\nFix this by freeing dmub_srv after destroying it.",
  "id": "GHSA-jv96-qfmj-26f9",
  "modified": "2025-01-07T18:30:42Z",
  "published": "2024-04-17T12:32:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26833"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/10c6b90e975358c17856a578419dc449887899c2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/33f649f1b1cea39ed360e6c12bba4fac83118e6e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/541e79265ea7e339a7c4a462feafe9f8f996e04b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/58168005337eabef345a872be3f87d0215ff3b30"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b49b022f7dfce85eb77d0d987008fde5c01d7857"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bae67893578d608e35691dcdfa90c4957debf1d3"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JVJ6-QWX6-7F2X

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-25 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure

The wm5102_clear_write_sequencer() helper may return an error and just return, bypassing the cleanup sequence and causing regulators to remain enabled, leading to a resource leak.

Change the direct return to jump to the err_reset label to properly free the resources.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45875"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:01Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure\n\nThe wm5102_clear_write_sequencer() helper may return an error\nand just return, bypassing the cleanup sequence and causing\nregulators to remain enabled, leading to a resource leak.\n\nChange the direct return to jump to the err_reset label to\nproperly free the resources.",
  "id": "GHSA-jvj6-qwx6-7f2x",
  "modified": "2026-06-25T21:31:19Z",
  "published": "2026-05-27T15:33:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45875"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2049820d1e635e467d795237fd40287213d92349"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3ea01691738b0decb63ea2705d2cdf27f6f26fc0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/445cec7b4fbb1546836ae8e332d158e8d37d0fb6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4feb753ba6e5e5bbaba868b841a2db41c21e56fa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/54eafc1b0dbcf79c5f8b6dc8d9e92e56b9384c0a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a4923726a165593d7601834a6fb2a10ab47b85d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/933c5463873582baaecf5c38401ec4095b1c6269"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e0527c09bcf1e6beeb685a7f4177683866b8609c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JVPG-5WJJ-W2C6

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-11-24 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()

If vp alloc failed in qlcnic_sriov_init(), all previously allocated vp needs to be freed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50242"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T14:15:34Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()\n\nIf vp alloc failed in qlcnic_sriov_init(), all previously allocated vp\nneeds to be freed.",
  "id": "GHSA-jvpg-5wjj-w2c6",
  "modified": "2025-11-24T21:30:56Z",
  "published": "2025-09-15T15:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50242"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/01de1123322e4fe1bbd0fcdf0982511b55519c03"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0aefadf23ee5e33b747df195ace42d3be2025e4e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/132c502919bb08e16e3054cb28bb7b149ec20cf5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/14b349a15c297cf3e01b5deb4116f7cf297b6184"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/15770edc01edfce773269e8a443ca8e420f6f859"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8399b9893548c03fdb18be277bf99d985dbde925"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a44490abaf00f5b0cc5c448a17eae331c6195d0a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aa2d179544b6815b4a23c0c44543ba0971d49fce"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dcae92a249551d1a447804b4be1c9fab0e8c95e8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JW95-5CPM-5722

Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2025-01-07 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe()

Driver uses kasprintf() to initialize fw_{code,data}_bin members of struct acp_dev_data, but kfree() is never called to deallocate the memory, which results in a memory leak.

Fix the issue by switching to devm_kasprintf(). Additionally, ensure the allocation was successful by checking the pointer validity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52663"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T14:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe()\n\nDriver uses kasprintf() to initialize fw_{code,data}_bin members of\nstruct acp_dev_data, but kfree() is never called to deallocate the\nmemory, which results in a memory leak.\n\nFix the issue by switching to devm_kasprintf(). Additionally, ensure the\nallocation was successful by checking the pointer validity.",
  "id": "GHSA-jw95-5cpm-5722",
  "modified": "2025-01-07T18:30:43Z",
  "published": "2024-05-17T15:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52663"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/222be59e5eed1554119294edc743ee548c2371d0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7296152e58858f928db448826eb7ba5ae611297b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/88028c45d5871dfc449b2b0a27abf6428453a5ec"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/be4760799c6a7c01184467287f0de41e0dd255f8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JWRW-GR4P-2MX9

Vulnerability from github – Published: 2024-03-25 12:30 – Updated: 2025-01-07 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

NFC: nci: fix memory leak in nci_allocate_device

nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this by freeing hci_dev in nci_free_device.

BUG: memory leak unreferenced object 0xffff888111ea6800 (size 1024): comm "kworker/1:0", pid 19, jiffies 4294942308 (age 13.580s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline] [<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline] [<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784 [<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline] [<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132 [<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153 [<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345 [<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 [<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740 [<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846 [<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431 [<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914 [<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491 [<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109 [<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164 [<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238 [<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47180"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-25T10:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: fix memory leak in nci_allocate_device\n\nnfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev.\nFix this by freeing hci_dev in nci_free_device.\n\nBUG: memory leak\nunreferenced object 0xffff888111ea6800 (size 1024):\n  comm \"kworker/1:0\", pid 19, jiffies 4294942308 (age 13.580s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff  .........`......\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [\u003c000000004bc25d43\u003e] kmalloc include/linux/slab.h:552 [inline]\n    [\u003c000000004bc25d43\u003e] kzalloc include/linux/slab.h:682 [inline]\n    [\u003c000000004bc25d43\u003e] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784\n    [\u003c00000000c59cff92\u003e] nci_allocate_device net/nfc/nci/core.c:1170 [inline]\n    [\u003c00000000c59cff92\u003e] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132\n    [\u003c00000000006e0a8e\u003e] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153\n    [\u003c000000004da1b57e\u003e] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345\n    [\u003c00000000d506aed9\u003e] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396\n    [\u003c00000000bc632c92\u003e] really_probe+0x159/0x4a0 drivers/base/dd.c:554\n    [\u003c00000000f5009125\u003e] driver_probe_device+0x84/0x100 drivers/base/dd.c:740\n    [\u003c000000000ce658ca\u003e] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846\n    [\u003c000000007067d05f\u003e] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431\n    [\u003c00000000f8e13372\u003e] __device_attach+0x122/0x250 drivers/base/dd.c:914\n    [\u003c000000009cf68860\u003e] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491\n    [\u003c00000000359c965a\u003e] device_add+0x5be/0xc30 drivers/base/core.c:3109\n    [\u003c00000000086e4bd3\u003e] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164\n    [\u003c00000000ca036872\u003e] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238\n    [\u003c00000000d40d36f6\u003e] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293\n    [\u003c00000000bc632c92\u003e] really_probe+0x159/0x4a0 drivers/base/dd.c:554",
  "id": "GHSA-jwrw-gr4p-2mx9",
  "modified": "2025-01-07T18:30:39Z",
  "published": "2024-03-25T12:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47180"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0365701bc44e078682ee1224866a71897495c7ef"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2c2fb2df46ea866b49fea5ec7112ec3cd4896c74"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/448a1cb12977f52142e6feb12022c59662d88dc1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4a621621c7af3cec21c47c349b30cd9c3cea11c8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/65234f50a90b64b335cbb9164b8a98c2a0d031dd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/af2a4426baf71163c0c354580ae98c7888a9aba7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b34cb7ac32cc8e5471dc773180ea9ae676b1a745"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e0652f8bb44d6294eeeac06d703185357f25d50b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.