CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-PW82-JCJX-2282
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-13 21:31In the Linux kernel, the following vulnerability has been resolved:
memory: mtk-smi: fix device leaks on common probe
Make sure to drop the reference taken when looking up the SMI device during common probe on late probe failure (e.g. probe deferral) and on driver unbind.
{
"affected": [],
"aliases": [
"CVE-2025-71288"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T12:16:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: mtk-smi: fix device leaks on common probe\n\nMake sure to drop the reference taken when looking up the SMI device\nduring common probe on late probe failure (e.g. probe deferral) and on\ndriver unbind.",
"id": "GHSA-pw82-jcjx-2282",
"modified": "2026-05-13T21:31:56Z",
"published": "2026-05-06T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71288"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6cfa038bddd710f544076ea2ef7792fc82fbedd6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9704564a70399c2787f5a7c5d347add721056e9d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/984992f31cfb71b25cd0a72ef51ceb5dd6f187e8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b16599fedf49fd42d174fba342a0b56103df3169"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b44d090d6ca159d94b59ad4cc44ffdaca094df82"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b8b2cf42b94c0a8efe43279643935256a6f58b9f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PW84-W4V5-39JJ
Vulnerability from github – Published: 2024-07-29 15:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
btrfs: qgroup: fix quota root leak after quota disable failure
If during the quota disable we fail when cleaning the quota tree or when deleting the root from the root tree, we jump to the 'out' label without ever dropping the reference on the quota root, resulting in a leak of the root since fs_info->quota_root is no longer pointing to the root (we have set it to NULL just before those steps).
Fix this by always doing a btrfs_put_root() call under the 'out' label. This is a problem that exists since qgroups were first added in 2012 by commit bed92eae26cc ("Btrfs: qgroup implementation and prototypes"), but back then we missed a kfree on the quota root and free_extent_buffer() calls on its root and commit root nodes, since back then roots were not yet reference counted.
{
"affected": [],
"aliases": [
"CVE-2024-41078"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-29T15:15:15Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix quota root leak after quota disable failure\n\nIf during the quota disable we fail when cleaning the quota tree or when\ndeleting the root from the root tree, we jump to the \u0027out\u0027 label without\never dropping the reference on the quota root, resulting in a leak of the\nroot since fs_info-\u003equota_root is no longer pointing to the root (we have\nset it to NULL just before those steps).\n\nFix this by always doing a btrfs_put_root() call under the \u0027out\u0027 label.\nThis is a problem that exists since qgroups were first added in 2012 by\ncommit bed92eae26cc (\"Btrfs: qgroup implementation and prototypes\"), but\nback then we missed a kfree on the quota root and free_extent_buffer()\ncalls on its root and commit root nodes, since back then roots were not\nyet reference counted.",
"id": "GHSA-pw84-w4v5-39jj",
"modified": "2025-11-04T00:31:03Z",
"published": "2024-07-29T15:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41078"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5ef3961682e5310f2221bae99bcf9f5d0f4b0d51"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7dd6a5b96157a21245566b21fd58276a214357ff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8a69529f22590b67bb018de9acbcf94abc8603cf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/94818bdb00ef34a996a06aa63d11f591074cb757"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7e4c6a3031c74078dba7fa36239d0f4fe476c53"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f88aeff5a173e8ba3133314eb4b964236ef3589d"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PWF7-JC5H-RR33
Vulnerability from github – Published: 2024-06-20 12:31 – Updated: 2024-09-09 15:30In the Linux kernel, the following vulnerability has been resolved:
tracing/histogram: Fix a potential memory leak for kstrdup()
kfree() is missing on an error path to free the memory allocated by kstrdup():
p = param = kstrdup(data->params[i], GFP_KERNEL);
So it is better to free it via kfree(p).
{
"affected": [],
"aliases": [
"CVE-2022-48768"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-20T12:15:14Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/histogram: Fix a potential memory leak for kstrdup()\n\nkfree() is missing on an error path to free the memory allocated by\nkstrdup():\n\n p = param = kstrdup(data-\u003eparams[i], GFP_KERNEL);\n\nSo it is better to free it via kfree(p).",
"id": "GHSA-pwf7-jc5h-rr33",
"modified": "2024-09-09T15:30:37Z",
"published": "2024-06-20T12:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48768"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8a8878ebb596281f50fc0b9a6e1f23f0d7f154e8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d71b06aa995007eafd247626d0669b9364c42ad7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/df86e2fe808c3536a9dba353cc2bebdfea00d0cf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e33fa4a46ee22de88a700e2e3d033da8214a5175"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e629e7b525a179e29d53463d992bdee759c950fb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PWQ9-W59R-4V6M
Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2022-06-17 00:01Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.
{
"affected": [],
"aliases": [
"CVE-2019-12265"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-09T19:15:00Z",
"severity": "MODERATE"
},
"details": "Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.",
"id": "GHSA-pwq9-w59r-4v6m",
"modified": "2022-06-17T00:01:23Z",
"published": "2022-05-24T16:53:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12265"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf"
},
{
"type": "WEB",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190802-0001"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K41190253"
},
{
"type": "WEB",
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2019-12265"
},
{
"type": "WEB",
"url": "https://support2.windriver.com/index.php?page=security-notices"
},
{
"type": "WEB",
"url": "https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PWQM-5JRG-2V3G
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-24 18:30In the Linux kernel, the following vulnerability has been resolved:
nfs: fix acl memory leak of posix_acl_create()
When looking into another nfs xfstests report, I found acl and default_acl in nfs3_proc_create() and nfs3_proc_mknod() error paths are possibly leaked. Fix them in advance.
{
"affected": [],
"aliases": [
"CVE-2021-47320"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:19Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: fix acl memory leak of posix_acl_create()\n\nWhen looking into another nfs xfstests report, I found acl and\ndefault_acl in nfs3_proc_create() and nfs3_proc_mknod() error\npaths are possibly leaked. Fix them in advance.",
"id": "GHSA-pwqm-5jrg-2v3g",
"modified": "2024-12-24T18:30:48Z",
"published": "2024-05-21T15:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47320"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0704f617040c397ae73c1f88f3956787ec5d6529"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1fcb6fcd74a222d9ead54d405842fc763bb86262"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e3960f276b4574a9bb0dfa31a7497302f6363b2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b515308ab875c7e8ada8e606fe0c64762da5ed4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/687cf32865b2d6960214bce523f2afac58dd3cd2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8a2b308a54c5ec224fedc753617f99b29ffcd883"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c8fc86e9df6a6a03f5a8e15a3b7a5c75fd05aa38"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cef9d9acb7c80ed6bace894b6334557fd493863b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d0b32dc1409f7e65e4fcc34e236462268e69a357"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PWQV-PFWC-3854
Vulnerability from github – Published: 2023-05-02 06:30 – Updated: 2024-04-04 03:45Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
{
"affected": [],
"aliases": [
"CVE-2023-21666"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-02T06:15:10Z",
"severity": "HIGH"
},
"details": "Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.",
"id": "GHSA-pwqv-pfwc-3854",
"modified": "2024-04-04T03:45:55Z",
"published": "2023-05-02T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21666"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/172664/Qualcomm-Adreno-KGSL-Data-Leakage.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PX23-CHRJ-RRMH
Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-11 18:30In the Linux kernel, the following vulnerability has been resolved:
media: mdp3: Fix resource leaks in of_find_device_by_node
Use put_device to release the object get through of_find_device_by_node, avoiding resource leaks.
{
"affected": [],
"aliases": [
"CVE-2023-53385"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T14:15:41Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mdp3: Fix resource leaks in of_find_device_by_node\n\nUse put_device to release the object get through of_find_device_by_node,\navoiding resource leaks.",
"id": "GHSA-px23-chrj-rrmh",
"modified": "2025-12-11T18:30:34Z",
"published": "2025-09-18T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53385"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/35ca8ce495366909b4c2e701d1356570dd40c4e2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8ba9d91c8f21f070af2049f114c206a8f2d5c71e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fa481125bc4ca8edc1a4c62fe53486ac9a817593"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PX2Q-R9RV-Q5M3
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-07 18:30In the Linux kernel, the following vulnerability has been resolved:
scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
If device_register() fails in tcm_loop_setup_hba_bus(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(). The 'tl_hba' will be freed in tcm_loop_release_adapter(), so it don't need goto error label in this case.
{
"affected": [],
"aliases": [
"CVE-2022-49780"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T15:16:01Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()\n\nIf device_register() fails in tcm_loop_setup_hba_bus(), the name allocated\nby dev_set_name() need be freed. As comment of device_register() says, it\nshould use put_device() to give up the reference in the error path. So fix\nthis by calling put_device(), then the name can be freed in kobject_cleanup().\nThe \u0027tl_hba\u0027 will be freed in tcm_loop_release_adapter(), so it don\u0027t need\ngoto error label in this case.",
"id": "GHSA-px2q-r9rv-q5m3",
"modified": "2025-11-07T18:30:25Z",
"published": "2025-05-01T15:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49780"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/28f7ff5e7559d226e63c7c5de74eb075a83d8c53"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/41a6b8b527a5957fab41c3c05e25ad125268e2e9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/75205f1b47a88c3fac4f30bd7567e89b2887c7fd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a636772988bafab89278e7bb3420d8e8eacfe912"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bc68e428d4963af0201e92159629ab96948f0893"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dce0589a3faec9e2e543e97bca7e62592ec85585"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PX8M-VH6V-XC52
Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-05-24 17:46An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.
{
"affected": [],
"aliases": [
"CVE-2021-30002"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-02T05:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.",
"id": "GHSA-px8m-vh6v-xc52",
"modified": "2022-05-24T17:46:27Z",
"published": "2022-05-24T17:46:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30002"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1184120"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb18802a338b36f675a388fc03d2aa504a0d0899"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PXCG-3RJ5-5GX5
Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-05-29 15:30In the Linux kernel, the following vulnerability has been resolved:
nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit().
syzbot reported memory leak of struct cred. [0]
nfsd_nl_threads_set_doit() passes get_current_cred() to nfsd_svc(), but put_cred() is not called after that.
The cred is finally passed down to _svc_xprt_create(), which calls get_cred() with the cred for struct svc_xprt.
The ownership of the refcount by get_current_cred() is not transferred to anywhere and is just leaked.
nfsd_svc() is also called from write_threads(), but it does not bump file->f_cred there.
nfsd_nl_threads_set_doit() is called from sendmsg() and current->cred does not go away.
Let's use current_cred() in nfsd_nl_threads_set_doit().
[0]: BUG: memory leak unreferenced object 0xffff888108b89480 (size 184): comm "syz-executor", pid 5994, jiffies 4294943386 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 369454a7): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x412/0x580 mm/slub.c:5270 prepare_creds+0x22/0x600 kernel/cred.c:185 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x7a7/0x2870 kernel/fork.c:2086 kernel_clone+0xac/0x6e0 kernel/fork.c:2651 __do_sys_clone+0x7f/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f
{
"affected": [],
"aliases": [
"CVE-2026-23297"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T11:16:25Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Fix cred ref leak in nfsd_nl_threads_set_doit().\n\nsyzbot reported memory leak of struct cred. [0]\n\nnfsd_nl_threads_set_doit() passes get_current_cred() to\nnfsd_svc(), but put_cred() is not called after that.\n\nThe cred is finally passed down to _svc_xprt_create(),\nwhich calls get_cred() with the cred for struct svc_xprt.\n\nThe ownership of the refcount by get_current_cred() is not\ntransferred to anywhere and is just leaked.\n\nnfsd_svc() is also called from write_threads(), but it does\nnot bump file-\u003ef_cred there.\n\nnfsd_nl_threads_set_doit() is called from sendmsg() and\ncurrent-\u003ecred does not go away.\n\nLet\u0027s use current_cred() in nfsd_nl_threads_set_doit().\n\n[0]:\nBUG: memory leak\nunreferenced object 0xffff888108b89480 (size 184):\n comm \"syz-executor\", pid 5994, jiffies 4294943386\n hex dump (first 32 bytes):\n 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 369454a7):\n kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]\n slab_post_alloc_hook mm/slub.c:4958 [inline]\n slab_alloc_node mm/slub.c:5263 [inline]\n kmem_cache_alloc_noprof+0x412/0x580 mm/slub.c:5270\n prepare_creds+0x22/0x600 kernel/cred.c:185\n copy_creds+0x44/0x290 kernel/cred.c:286\n copy_process+0x7a7/0x2870 kernel/fork.c:2086\n kernel_clone+0xac/0x6e0 kernel/fork.c:2651\n __do_sys_clone+0x7f/0xb0 kernel/fork.c:2792\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"id": "GHSA-pxcg-3rj5-5gx5",
"modified": "2026-05-29T15:30:26Z",
"published": "2026-03-25T12:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23297"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1cb968a2013ffa8112d52ebe605009ea1c6a582c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/27c13c5bb0948e3b5c64e59f8a903231896fab9b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/41170716421c25cd20b39e83f0e0762e212b377b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a3f88e3e18b51a7f654189189c762ebcdeaa7e29"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.