Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-PRQJ-M7RP-HG5Q

Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-11 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

integrity: Fix memory leakage in keyring allocation error path

Key restriction is allocated in integrity_init_keyring(). However, if keyring allocation failed, it is not freed, causing memory leaks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50395"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T14:15:38Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nintegrity: Fix memory leakage in keyring allocation error path\n\nKey restriction is allocated in integrity_init_keyring(). However, if\nkeyring allocation failed, it is not freed, causing memory leaks.",
  "id": "GHSA-prqj-m7rp-hg5q",
  "modified": "2025-12-11T21:31:26Z",
  "published": "2025-09-18T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50395"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/29d6c69ba4b96a1de0376e44e5f8b38b13ec8803"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/39419ef7af0916cc3620ecf1ed42d29659109bf3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3bd737289c26be3cee4b9afaf61ef784a2af9d6e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/57e49ad12f8f5df0c48e1710c54b147a05a10c32"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9b7c44885a07c5ee7f9bf3aa3c9c72fb110c8d22"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c591c48842f08d30ec6b8416757831985ed9a315"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PRX4-X7M8-P9M9

Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-02 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ptp: ocp: fix resource freeing order

Commit a60fc3294a37 ("ptp: rework ptp_clock_unregister() to disable events") added a call to ptp_disable_all_events() which changes the configuration of pins if they support EXTTS events. In ptp_ocp_detach() pins resources are freed before ptp_clock_unregister() and it leads to use-after-free during driver removal. Fix it by changing the order of free/unregister calls. To avoid irq handler running on the other core while ptp device unregistering, call synchronize_irq() after HW is configured to stop producing irqs and no irqs are in-flight.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53222"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T09:16:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: ocp: fix resource freeing order\n\nCommit a60fc3294a37 (\"ptp: rework ptp_clock_unregister() to disable\nevents\") added a call to ptp_disable_all_events() which changes the\nconfiguration of pins if they support EXTTS events. In ptp_ocp_detach()\npins resources are freed before ptp_clock_unregister() and it leads to\nuse-after-free during driver removal. Fix it by changing the order of\nfree/unregister calls. To avoid irq handler running on the other core\nwhile ptp device unregistering, call synchronize_irq() after HW is\nconfigured to stop producing irqs and no irqs are in-flight.",
  "id": "GHSA-prx4-x7m8-p9m9",
  "modified": "2026-07-02T21:32:05Z",
  "published": "2026-06-25T09:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53222"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/627366c51145a07f675b1800fb5ea2ec960bd900"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aa03698bb28d3be5ee180adb185395054b342b04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PV37-78JJ-HVQV

Vulnerability from github – Published: 2025-04-24 15:30 – Updated: 2025-07-28 15:31
VLAI
Details

A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-46420"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-24T13:15:45Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.",
  "id": "GHSA-pv37-78jj-hvqv",
  "modified": "2025-07-28T15:31:34Z",
  "published": "2025-04-24T15:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46420"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:4439"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:4440"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:4508"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:4538"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:4560"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:4568"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:4609"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:4624"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:7436"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-46420"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361963"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/438"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PV55-WF9R-RJ4V

Vulnerability from github – Published: 2025-03-14 00:30 – Updated: 2025-03-14 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

PCI: endpoint: Fix misused goto label

Fix a misused goto label jump since that can result in a memory leak.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49115"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:48Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Fix misused goto label\n\nFix a misused goto label jump since that can result in a memory leak.",
  "id": "GHSA-pv55-wf9r-rj4v",
  "modified": "2025-03-14T00:30:49Z",
  "published": "2025-03-14T00:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49115"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/70236a0d2d62b081d52076de22d8d017d6cbe99f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7c657c0694ff690e361a13ce41c36b9dfb433ec8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bf8d87c076f55b8b4dfdb6bc6c6b6dc0c2ccb487"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d3642fc64276b06446290f82fd45630aeaa4b007"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dc9d33b2d8d09e6478e8ef817a81cf26930acc3e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PV65-XQRG-HC85

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-24 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/cma: Fix rdma_resolve_route() memory leak

Fix a memory leak when "mda_resolve_route() is called more than once on the same "rdma_cm_id".

This is possible if cma_query_handler() triggers the RDMA_CM_EVENT_ROUTE_ERROR flow which puts the state machine back and allows rdma_resolve_route() to be called again.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47345"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:21Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Fix rdma_resolve_route() memory leak\n\nFix a memory leak when \"mda_resolve_route() is called more than once on\nthe same \"rdma_cm_id\".\n\nThis is possible if cma_query_handler() triggers the\nRDMA_CM_EVENT_ROUTE_ERROR flow which puts the state machine back and\nallows rdma_resolve_route() to be called again.",
  "id": "GHSA-pv65-xqrg-hc85",
  "modified": "2024-12-24T18:30:48Z",
  "published": "2024-05-21T15:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47345"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/032c68b4f5be128a2167f35b558b7cec88fe4972"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/07583ba2e2d8947c3d365d97608cb436510885ac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3d08b5917984f737f32d5bee9737b9075c3895c6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/40b613db3a95bc27998e4097d74c2f7e5d083a0b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4893c938f2a140a74be91779e45e4a7fa111198f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/74f160ead74bfe5f2b38afb4fcf86189f9ff40c9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e2da8ce2a9543f3ca5c93369bd1fe6eeb572101a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e4e062da082a199357ba4911145f331d40139ad8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f4f553d67236145fa5fd203ed7b35b9377e19939"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PVP3-22V7-6XCV

Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2025-09-25 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

efivarfs: Free s_fs_info on unmount

Now that we allocate a s_fs_info struct on fs context creation, we should ensure that we free it again when the superblock goes away.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52681"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T15:15:19Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: Free s_fs_info on unmount\n\nNow that we allocate a s_fs_info struct on fs context creation, we\nshould ensure that we free it again when the superblock goes away.",
  "id": "GHSA-pvp3-22v7-6xcv",
  "modified": "2025-09-25T18:30:28Z",
  "published": "2024-05-17T15:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52681"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/48be1364dd387e375e1274b76af986cb8747be2c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/547713d502f7b4b8efccd409cff84d731a23853b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/92be3095c6ca1cdc46237839c6087555be9160e3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ea6b597fcaca99562fa56a473bcbbbd79b40af03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PVXG-RPP4-G743

Vulnerability from github – Published: 2022-10-27 12:00 – Updated: 2022-10-28 19:00
VLAI
Details

A vulnerability was found in Axiomatic Bento4 and classified as problematic. This issue affects the function AP4_AvccAtom::Create of the component mp4edit. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212009 was assigned to this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3669"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401",
      "CWE-404"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-26T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Axiomatic Bento4 and classified as problematic. This issue affects the function AP4_AvccAtom::Create of the component mp4edit. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212009 was assigned to this vulnerability.",
  "id": "GHSA-pvxg-rpp4-g743",
  "modified": "2022-10-28T19:00:40Z",
  "published": "2022-10-27T12:00:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3669"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/776"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/files/9675042/Bug_2_POC.zip"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.212009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PW6X-273J-MP83

Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-08 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: fix leak if split 6 GHz scanning fails

rdev->int_scan_req is leaked if cfg80211_scan() fails. Note that it's supposed to be released at ___cfg80211_scan_done() but this doesn't happen as rdev->scan_req is NULL at that point, too, leading to the early return from the freeing function.

unreferenced object 0xffff8881161d0800 (size 512): comm "wpa_supplicant", pid 379, jiffies 4294749765 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 f0 81 13 16 81 88 ff ff ................ backtrace (crc c867fdb6): kmemleak_alloc+0x89/0x90 __kmalloc_noprof+0x2fd/0x410 cfg80211_scan+0x133/0x730 nl80211_trigger_scan+0xc69/0x1cc0 genl_family_rcv_msg_doit+0x204/0x2f0 genl_rcv_msg+0x431/0x6b0 netlink_rcv_skb+0x143/0x3f0 genl_rcv+0x27/0x40 netlink_unicast+0x4f6/0x820 netlink_sendmsg+0x797/0xce0 __sock_sendmsg+0xc4/0x160 _syssendmsg+0x5e4/0x890 _sys_sendmsg+0xf8/0x180 __sys_sendmsg+0x136/0x1e0 __x64_sys_sendmsg+0x76/0xc0 x64_sys_call+0x13f0/0x17d0

Found by Linux Verification Center (linuxtesting.org).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53258"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T09:16:43Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: fix leak if split 6 GHz scanning fails\n\nrdev-\u003eint_scan_req is leaked if cfg80211_scan() fails.  Note that it\u0027s\nsupposed to be released at ___cfg80211_scan_done() but this doesn\u0027t happen\nas rdev-\u003escan_req is NULL at that point, too, leading to the early return\nfrom the freeing function.\n\nunreferenced object 0xffff8881161d0800 (size 512):\n  comm \"wpa_supplicant\", pid 379, jiffies 4294749765\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 f0 81 13 16 81 88 ff ff  ................\n  backtrace (crc c867fdb6):\n    kmemleak_alloc+0x89/0x90\n    __kmalloc_noprof+0x2fd/0x410\n    cfg80211_scan+0x133/0x730\n    nl80211_trigger_scan+0xc69/0x1cc0\n    genl_family_rcv_msg_doit+0x204/0x2f0\n    genl_rcv_msg+0x431/0x6b0\n    netlink_rcv_skb+0x143/0x3f0\n    genl_rcv+0x27/0x40\n    netlink_unicast+0x4f6/0x820\n    netlink_sendmsg+0x797/0xce0\n    __sock_sendmsg+0xc4/0x160\n    ____sys_sendmsg+0x5e4/0x890\n    ___sys_sendmsg+0xf8/0x180\n    __sys_sendmsg+0x136/0x1e0\n    __x64_sys_sendmsg+0x76/0xc0\n    x64_sys_call+0x13f0/0x17d0\n\nFound by Linux Verification Center (linuxtesting.org).",
  "id": "GHSA-pw6x-273j-mp83",
  "modified": "2026-07-08T18:31:32Z",
  "published": "2026-06-25T09:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53258"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a24134ddc18b4d440714365637d440b7121447b9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e8694f7cc29287e843648d1075177b9a2000d957"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fb8db813eba2e56ee001c9fb5c2ce2cb78c42642"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PW7F-949H-594R

Vulnerability from github – Published: 2024-01-12 03:30 – Updated: 2024-01-12 03:30
VLAI
Details

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).

If an MX Series device receives PTP packets on an MPC3E that doesn't support PTP this causes a memory leak which will result in unpredictable behavior and ultimately in an MPC crash and restart.

To monitor for this issue, please use the following FPC vty level commands:

show heap shows an increase in "LAN buffer" utilization and

show clksync ptp nbr-upd-info shows non-zero "Pending PFEs" counter.

This issue affects Juniper Networks Junos OS on MX Series with MPC3E:

  • All versions earlier than 20.4R3-S3;
  • 21.1 versions earlier than 21.1R3-S4;
  • 21.2 versions earlier than 21.2R3;
  • 21.3 versions earlier than 21.3R2-S1, 21.3R3;
  • 21.4 versions earlier than 21.4R2;
  • 22.1 versions earlier than 22.1R2.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21599"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-12T01:15:47Z",
    "severity": "MODERATE"
  },
  "details": "\nA Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIf an MX Series device receives PTP packets on an MPC3E that doesn\u0027t support PTP this causes a memory leak which will result in unpredictable behavior and ultimately in an MPC crash and restart.\n\nTo monitor for this issue, please use the following FPC vty level commands:\n\nshow heap\nshows an increase in \"LAN buffer\" utilization and\n\nshow clksync ptp nbr-upd-info\nshows non-zero \"Pending PFEs\" counter.\n\nThis issue affects Juniper Networks Junos OS on MX Series with MPC3E:\n\n\n\n  *  All versions earlier than 20.4R3-S3;\n  *  21.1 versions earlier than 21.1R3-S4;\n  *  21.2 versions earlier than 21.2R3;\n  *  21.3 versions earlier than 21.3R2-S1, 21.3R3;\n  *  21.4 versions earlier than 21.4R2;\n  *  22.1 versions earlier than 22.1R2.\n\n\n\n\n\n\n",
  "id": "GHSA-pw7f-949h-594r",
  "modified": "2024-01-12T03:30:48Z",
  "published": "2024-01-12T03:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21599"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA75740"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PW7F-JVGM-W775

Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-04-28 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

HID: magicmouse: avoid memory leak in magicmouse_report_fixup()

The magicmouse_report_fixup() function was returning a newly kmemdup()-allocated buffer, but never freeing it.

The caller of report_fixup() does not take ownership of the returned pointer, but it is permitted to return a sub-portion of the input rdesc, whose lifetime is managed by the caller.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31522"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-22T14:16:52Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: magicmouse: avoid memory leak in magicmouse_report_fixup()\n\nThe magicmouse_report_fixup() function was returning a\nnewly kmemdup()-allocated buffer, but never freeing it.\n\nThe caller of report_fixup() does not take ownership of the returned\npointer, but it *is* permitted to return a sub-portion of the input\nrdesc, whose lifetime is managed by the caller.",
  "id": "GHSA-pw7f-jvgm-w775",
  "modified": "2026-04-28T18:30:29Z",
  "published": "2026-04-22T15:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31522"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/136f605e246b4bfe7ac2259471d1ff814aed0084"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/579c4c9857acdc8380fa99803f355f878bd766cb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/79e5dcc95d9abed6f8203cfd529f4ec71f0e505d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7edfe4346b052b708645d0acc0f186425766b785"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/91e8c6e601bdc1ccdf886479b6513c01c7e51c2c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d84c21aabaab517b9aaf9bc1d785922cb9db2f31"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fa95b0146358b49f9858139b67314591fd5871b0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.