Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-PCPM-W6GC-FM98

Vulnerability from github – Published: 2025-09-18 18:30 – Updated: 2025-12-12 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register()

mhi_alloc_controller() allocates a memory space for mhi_ctrl. When gets some error, mhi_ctrl should be freed with mhi_free_controller(). But when ath11k_mhi_read_addr_from_dt() fails, the function returns without calling mhi_free_controller(), which will lead to a memory leak.

We can fix it by calling mhi_free_controller() when ath11k_mhi_read_addr_from_dt() fails.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50418"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T16:15:45Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register()\n\nmhi_alloc_controller() allocates a memory space for mhi_ctrl. When gets\nsome error, mhi_ctrl should be freed with mhi_free_controller(). But\nwhen ath11k_mhi_read_addr_from_dt() fails, the function returns without\ncalling mhi_free_controller(), which will lead to a memory leak.\n\nWe can fix it by calling mhi_free_controller() when\nath11k_mhi_read_addr_from_dt() fails.",
  "id": "GHSA-pcpm-w6gc-fm98",
  "modified": "2025-12-12T21:31:31Z",
  "published": "2025-09-18T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50418"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/015ced9eb63b8b19cb725a1d592d150b60494ced"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/43e7c3505ec70db3d3c6458824d5fa40f62e3e7b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/72ef896e80b6ec7cdc1dd42577045f8e7c9c32b3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PCVH-VV8G-JM39

Vulnerability from github – Published: 2022-08-05 00:00 – Updated: 2022-08-11 00:00
VLAI
Details

The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-35858"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-04T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount.",
  "id": "GHSA-pcvh-vv8g-jm39",
  "modified": "2022-08-11T00:00:32Z",
  "published": "2022-08-05T00:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35858"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Samsung/mTower/issues/71"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Samsung/mTower/blob/18f4b592a8a973ce5972f4e2658ea0f6e3686284/tee/lib/libutee/tee_api_objects.c#L283"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PFJ6-PXH2-F24M

Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2024-11-07 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

firmware: qcom: qseecom: fix memory leaks in error paths

Fix instances of returning error codes directly instead of jumping to the relevant labels where memory allocated for the SCM calls would be freed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52684"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T15:15:19Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: qseecom: fix memory leaks in error paths\n\nFix instances of returning error codes directly instead of jumping to\nthe relevant labels where memory allocated for the SCM calls would be\nfreed.",
  "id": "GHSA-pfj6-pxh2-f24m",
  "modified": "2024-11-07T00:30:35Z",
  "published": "2024-05-17T15:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52684"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6c57d7b593c4a4e60db65d5ce0fe1d9f79ccbe9b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/85fdbf6840455be64eac16bdfe0df3368ee3d0f0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PFRQ-P4GG-QWX6

Vulnerability from github – Published: 2025-10-23 18:31 – Updated: 2025-10-23 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource

Unlike release_mem_region(), a call to release_resource() does not free the resource, so it has to be freed explicitly to avoid a memory leak.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49665"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:41Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource\n\nUnlike release_mem_region(), a call to release_resource() does not\nfree the resource, so it has to be freed explicitly to avoid a memory\nleak.",
  "id": "GHSA-pfrq-p4gg-qwx6",
  "modified": "2025-10-23T18:31:05Z",
  "published": "2025-10-23T18:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49665"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3884bf75fa044c73e843d95dd71a424e80ebb095"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d2f33f0c3ad7b0d5262d9b986f1353265fad7a08"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PFV7-6GR3-PF99

Vulnerability from github – Published: 2024-11-07 12:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()

The sun3_82586_send_packet() returns NETDEV_TX_OK without freeing skb in case of skb->len being too long, add dev_kfree_skb() to fix it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50168"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-07T10:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sun3_82586: fix potential memory leak in sun3_82586_send_packet()\n\nThe sun3_82586_send_packet() returns NETDEV_TX_OK without freeing skb\nin case of skb-\u003elen being too long, add dev_kfree_skb() to fix it.",
  "id": "GHSA-pfv7-6gr3-pf99",
  "modified": "2025-11-04T00:31:57Z",
  "published": "2024-11-07T12:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50168"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/137010d26dc5cd47cd62fef77cbe952d31951b7a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1a17a4ac2d57102497fac53b53c666dba6a0c20d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2cb3f56e827abb22c4168ad0c1bbbf401bb2f3b8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6dc937a3086e344f965ca5c459f8f3eb6b68d890"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/84f2bac74000dbb7a177d9b98a17031ec8d07ec5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8d5b20fbc548650019afa96822b6a33ea4ec8aa5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9c6ce55e6f0bd1541f112833006b4052614c7d94"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/db755e55349045375c5c7036e8650afb3ff419d8"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PG5J-WJ7F-H3MX

Vulnerability from github – Published: 2025-03-18 21:32 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

vfio/pci: fix memory leak during D3hot to D0 transition

If 'vfio_pci_core_device::needs_pm_restore' is set (PCI device does not have No_Soft_Reset bit set in its PMCSR config register), then the current PCI state will be saved locally in 'vfio_pci_core_device::pm_save' during D0->D3hot transition and same will be restored back during D3hot->D0 transition. For saving the PCI state locally, pci_store_saved_state() is being used and the pci_load_and_free_saved_state() will free the allocated memory.

But for reset related IOCTLs, vfio driver calls PCI reset-related API's which will internally change the PCI power state back to D0. So, when the guest resumes, then it will get the current state as D0 and it will skip the call to vfio_pci_set_power_state() for changing the power state to D0 explicitly. In this case, the memory pointed by 'pm_save' will never be freed. In a malicious sequence, the state changing to D3hot followed by VFIO_DEVICE_RESET/VFIO_DEVICE_PCI_HOT_RESET can be run in a loop and it can cause an OOM situation.

This patch frees the earlier allocated memory first before overwriting 'pm_save' to prevent the mentioned memory leak.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49219"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:58Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: fix memory leak during D3hot to D0 transition\n\nIf \u0027vfio_pci_core_device::needs_pm_restore\u0027 is set (PCI device does\nnot have No_Soft_Reset bit set in its PMCSR config register), then\nthe current PCI state will be saved locally in\n\u0027vfio_pci_core_device::pm_save\u0027 during D0-\u003eD3hot transition and same\nwill be restored back during D3hot-\u003eD0 transition.\nFor saving the PCI state locally, pci_store_saved_state() is being\nused and the pci_load_and_free_saved_state() will free the allocated\nmemory.\n\nBut for reset related IOCTLs, vfio driver calls PCI reset-related\nAPI\u0027s which will internally change the PCI power state back to D0. So,\nwhen the guest resumes, then it will get the current state as D0 and it\nwill skip the call to vfio_pci_set_power_state() for changing the\npower state to D0 explicitly. In this case, the memory pointed by\n\u0027pm_save\u0027 will never be freed. In a malicious sequence, the state changing\nto D3hot followed by VFIO_DEVICE_RESET/VFIO_DEVICE_PCI_HOT_RESET can be\nrun in a loop and it can cause an OOM situation.\n\nThis patch frees the earlier allocated memory first before overwriting\n\u0027pm_save\u0027 to prevent the mentioned memory leak.",
  "id": "GHSA-pg5j-wj7f-h3mx",
  "modified": "2025-11-03T21:32:52Z",
  "published": "2025-03-18T21:32:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49219"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/26ddd196e9eb264da8e1bdc4df8a94d62581c8b5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4319f17fb8264ba39352b611dfa913a4d8c1d1a0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c8a1f8bd586ee31020614b8d48b702ece3e2ae44"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/da426ad86027b849b877d4628b277ffbbd2f5325"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eadf88ecf6ac7d6a9f47a76c6055d9a1987a8991"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PG9F-25WH-974H

Vulnerability from github – Published: 2025-10-23 12:31 – Updated: 2025-10-23 12:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: stmmac: fix leaks in probe

These two error paths should clean up before returning.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49628"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:38Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix leaks in probe\n\nThese two error paths should clean up before returning.",
  "id": "GHSA-pg9f-25wh-974h",
  "modified": "2025-10-23T12:31:15Z",
  "published": "2025-10-23T12:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49628"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/23aa6d5088e3bd65de77c5c307237b9937f8b48a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dd91bc60f305610401b2196bedb573693d6c8e46"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f4bd3202a2b4194ab6c0ce61628095d54f994db4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGG7-9G7G-JG57

Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: lan743x: Fix memleak issue when GSO enabled

Always map the skb to the LS descriptor. Previously skb was mapped to EXT descriptor when the number of fragments is zero with GSO enabled. Mapping the skb to EXT descriptor prevents it from being freed, leading to a memory leak

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37909"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-20T16:15:27Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lan743x: Fix memleak issue when GSO enabled\n\nAlways map the `skb` to the LS descriptor. Previously skb was\nmapped to EXT descriptor when the number of fragments is zero with\nGSO enabled. Mapping the skb to EXT descriptor prevents it from\nbeing freed, leading to a memory leak",
  "id": "GHSA-pgg7-9g7g-jg57",
  "modified": "2026-07-14T15:31:21Z",
  "published": "2025-05-20T18:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37909"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/093855ce90177488eac772de4eefbb909033ce5f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/189b05f189cac9fd233ef04d31cb5078c4d09c39"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2d52e2e38b85c8b7bc00dca55c2499f46f8c8198"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6c65ee5ad632eb8dcd3a91cf5dc99b22535f44d9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a0e0efbabbbe6a1859bc31bf65237ce91e124b9b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dae1ce27ceaea7e1522025b15252e3cc52802622"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/df993daa4c968b4b23078eacc248f6502ede8664"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f42c18e2f14c1b1fdd2a5250069a84bc854c398c"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGJ7-6V58-MXR9

Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-12-03 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

misc: vmw_balloon: fix memory leak with using debugfs_lookup()

When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53279"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T08:15:36Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: vmw_balloon: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time.  To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic at\nonce.",
  "id": "GHSA-pgj7-6v58-mxr9",
  "modified": "2025-12-03T00:30:27Z",
  "published": "2025-09-16T15:32:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53279"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/209cdbd07cfaa4b7385bad4eeb47e5ec1887d33d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b94b39bf3d545671f210a2257d18e33c8b874699"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d1c545e44c1ec08bef0c0c14e632eec516431e9c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f7651fa88b17c2d7af949981a2423179db5e9453"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGJF-J2HP-QQXV

Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2025-12-16 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix memory leak in parse_lease_state()

The previous patch that added bounds check for create lease context introduced a memory leak. When the bounds check fails, the function returns NULL without freeing the previously allocated lease_ctx_info structure.

This patch fixes the issue by adding kfree(lreq) before returning NULL in both boundary check cases.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37962"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-20T16:15:34Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix memory leak in parse_lease_state()\n\nThe previous patch that added bounds check for create lease context\nintroduced a memory leak. When the bounds check fails, the function\nreturns NULL without freeing the previously allocated lease_ctx_info\nstructure.\n\nThis patch fixes the issue by adding kfree(lreq) before returning NULL\nin both boundary check cases.",
  "id": "GHSA-pgjf-j2hp-qqxv",
  "modified": "2025-12-16T21:30:49Z",
  "published": "2025-05-20T18:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37962"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2148d34371b06dac696c0497a98a6bf905a51650"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/829e19ef741d9e9932abdc3bee5466195e0852cf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/af9e2d4732a548db8f6f5a90c2c20a789a3d7240"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb4447bcce915b43b691123118893fca4f372a8f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/facf22c1a394c1e023dab5daf9a494f722771e1c"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.