Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-R24M-V6JQ-PP52

Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:29
VLAI
Details

An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3577"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-20T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "An out-of-bounds memory write flaw was found in the Linux kernel\u2019s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write.",
  "id": "GHSA-r24m-v6jq-pp52",
  "modified": "2024-04-04T05:29:36Z",
  "published": "2023-07-06T19:24:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3577"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git/commit/?h=char-misc-next\u0026id=9d64d2405f7d30d49818f6682acd0392348f0fdb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=945a9a8e448b65bec055d37eba58f711b39f66f0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fc4ef9d5724973193bfa5ebed181dba6de3a56db"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R24Q-WPFH-2VQX

Vulnerability from github – Published: 2025-04-16 15:34 – Updated: 2025-11-03 21:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

spufs: fix a leak in spufs_create_context()

Leak fixes back in 2008 missed one case - if we are trying to set affinity and spufs_mkdir() fails, we need to drop the reference to neighbor.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-22071"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-16T15:16:01Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspufs: fix a leak in spufs_create_context()\n\nLeak fixes back in 2008 missed one case - if we are trying to set affinity\nand spufs_mkdir() fails, we need to drop the reference to neighbor.",
  "id": "GHSA-r24q-wpfh-2vqx",
  "modified": "2025-11-03T21:33:36Z",
  "published": "2025-04-16T15:34:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22071"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f5cce3fc55b08ee4da3372baccf4bcd36a98396"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/239ea3c34673b3244a499fd65771c47e5bffcbb0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/410c787d89c92df4215d7b1a338e2c1a8aba6b9b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4a7448c83e117ed68597952ecaede1cebc4427a7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a90b699844a5bb96961e5892e51cc59255444a3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/829bd6139968e2e759f3928cf65ad0db1e302fe3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a333f223e555d27609f8b45d75a08e8e1d36c432"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c4e72a0d75442237b6f3bcca10a7d81b89376d16"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d04600f43569d48262e1328eaa1592fcefa2c19c"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R27M-4434-33FH

Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-08 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8723bs: fix memory leak on failure path

cfg80211_inform_bss_frame() may return NULL on failure. In that case, the allocated buffer 'buf' is not freed and the function returns early, leading to potential memory leak. Fix this by ensuring that 'buf' is freed on both success and failure paths.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43225"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-06T12:16:42Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: fix memory leak on failure path\n\ncfg80211_inform_bss_frame() may return NULL on failure. In that case,\nthe allocated buffer \u0027buf\u0027 is not freed and the function returns early,\nleading to potential memory leak.\nFix this by ensuring that \u0027buf\u0027 is freed on both success and failure paths.",
  "id": "GHSA-r27m-4434-33fh",
  "modified": "2026-05-08T21:31:20Z",
  "published": "2026-05-06T12:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43225"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/017295b17bf1f477246c95bd253a7ef0cb4684c9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8311bb40698ba027649d5d1ca84ad4bf25270546"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9874e33ce52ba449ab0ade78752a2d37a2294617"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9f70f78e22b321429afc77befecedf05543d4e2c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a968c6a39607c129b8ac2c3c2a5e8923574e90d0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/abe850d82c8cb72d28700673678724e779b1826e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/af48c1a0abe849e167fc754b6c260b6d8350b6fd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R287-6H24-3PJX

Vulnerability from github – Published: 2026-01-31 12:30 – Updated: 2026-03-25 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: usb: pegasus: fix memory leak in update_eth_regs_async()

When asynchronously writing to the device registers and if usb_submit_urb() fail, the code fail to release allocated to this point resources.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23021"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-31T12:16:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: pegasus: fix memory leak in update_eth_regs_async()\n\nWhen asynchronously writing to the device registers and if usb_submit_urb()\nfail, the code fail to release allocated to this point resources.",
  "id": "GHSA-r287-6h24-3pjx",
  "modified": "2026-03-25T18:31:35Z",
  "published": "2026-01-31T12:30:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23021"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/471dfb97599eec74e0476046b3ef8e7037f27b34"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5397ea6d21c35a17707e201a60761bdee00bcc4e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/93f18eaa190374e0f2d253e3b1a65cee19a7abe6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a40af9a2904a1ab8ce61866ebe2a894ef30754ba"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ac5d92d2826dec51e5d4c6854865bc5817277452"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/afa27621a28af317523e0836dad430bec551eb54"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ce6eef731aba23a988decea1df3b08cf978f7b01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R2VF-F3JW-34MM

Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-24 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

powerpc/xive: fix kmemleak caused by incorrect chip_data lookup

The kmemleak reports the following memory leak:

Unreferenced object 0xc0000002a7fbc640 (size 64): comm "kworker/8:1", pid 540, jiffies 4294937872 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 09 04 00 04 00 00 ................ 00 00 a7 81 00 00 0a c0 00 00 08 04 00 04 00 00 ................ backtrace (crc 177d48f6): __kmalloc_cache_noprof+0x520/0x730 xive_irq_alloc_data.constprop.0+0x40/0xe0 xive_irq_domain_alloc+0xd0/0x1b0 irq_domain_alloc_irqs_parent+0x44/0x6c pseries_irq_domain_alloc+0x1cc/0x354 irq_domain_alloc_irqs_parent+0x44/0x6c msi_domain_alloc+0xb0/0x220 irq_domain_alloc_irqs_locked+0x138/0x4d0 __irq_domain_alloc_irqs+0x8c/0xfc __msi_domain_alloc_irqs+0x214/0x4d8 msi_domain_alloc_irqs_all_locked+0x70/0xf8 pci_msi_setup_msi_irqs+0x60/0x78 __pci_enable_msix_range+0x54c/0x98c pci_alloc_irq_vectors_affinity+0x16c/0x1d4 nvme_pci_enable+0xac/0x9c0 [nvme] nvme_probe+0x340/0x764 [nvme]

This occurs when allocating MSI-X vectors for an NVMe device. During allocation the XIVE code creates a struct xive_irq_data and stores it in irq_data->chip_data.

When the MSI-X irqdomain is later freed, xive_irq_free_data() is responsible for retrieving this structure and freeing it. However, after commit cc0cc23babc9 ("powerpc/xive: Untangle xive from child interrupt controller drivers"), xive_irq_free_data() retrieves the chip_data using irq_get_chip_data(), which looks up the data through the child domain.

This is incorrect because the XIVE-specific irq data is associated with the XIVE (parent) domain. As a result the lookup fails and the allocated struct xive_irq_data is never freed, leading to the kmemleak report shown above.

Fix this by retrieving the irq_data from the correct domain using irq_domain_get_irq_data() and then accessing the chip_data via irq_data_get_irq_chip_data().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46141"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-28T10:16:29Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/xive: fix kmemleak caused by incorrect chip_data lookup\n\nThe kmemleak reports the following memory leak:\n\nUnreferenced object 0xc0000002a7fbc640 (size 64):\n  comm \"kworker/8:1\", pid 540, jiffies 4294937872\n  hex dump (first 32 bytes):\n    01 00 00 00 00 00 00 00 00 00 09 04 00 04 00 00  ................\n    00 00 a7 81 00 00 0a c0 00 00 08 04 00 04 00 00  ................\n  backtrace (crc 177d48f6):\n    __kmalloc_cache_noprof+0x520/0x730\n    xive_irq_alloc_data.constprop.0+0x40/0xe0\n    xive_irq_domain_alloc+0xd0/0x1b0\n    irq_domain_alloc_irqs_parent+0x44/0x6c\n    pseries_irq_domain_alloc+0x1cc/0x354\n    irq_domain_alloc_irqs_parent+0x44/0x6c\n    msi_domain_alloc+0xb0/0x220\n    irq_domain_alloc_irqs_locked+0x138/0x4d0\n    __irq_domain_alloc_irqs+0x8c/0xfc\n    __msi_domain_alloc_irqs+0x214/0x4d8\n    msi_domain_alloc_irqs_all_locked+0x70/0xf8\n    pci_msi_setup_msi_irqs+0x60/0x78\n    __pci_enable_msix_range+0x54c/0x98c\n    pci_alloc_irq_vectors_affinity+0x16c/0x1d4\n    nvme_pci_enable+0xac/0x9c0 [nvme]\n    nvme_probe+0x340/0x764 [nvme]\n\nThis occurs when allocating MSI-X vectors for an NVMe device. During\nallocation the XIVE code creates a struct xive_irq_data and stores it\nin irq_data-\u003echip_data.\n\nWhen the MSI-X irqdomain is later freed, xive_irq_free_data() is\nresponsible for retrieving this structure and freeing it. However,\nafter commit cc0cc23babc9 (\"powerpc/xive: Untangle xive from child\ninterrupt controller drivers\"), xive_irq_free_data() retrieves the\nchip_data using irq_get_chip_data(), which looks up the data through\nthe child domain.\n\nThis is incorrect because the XIVE-specific irq data is associated with\nthe XIVE (parent) domain. As a result the lookup fails and the allocated\nstruct xive_irq_data is never freed, leading to the kmemleak report\nshown above.\n\nFix this by retrieving the irq_data from the correct domain using\nirq_domain_get_irq_data() and then accessing the chip_data via\nirq_data_get_irq_chip_data().",
  "id": "GHSA-r2vf-f3jw-34mm",
  "modified": "2026-06-24T18:32:33Z",
  "published": "2026-05-28T12:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46141"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2546fb8c9acc8c7512ed4339ce2a982cb7407065"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6771c54728c278bf1e4bfdab4fddbbb186e33498"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e66ed135cdf23a318e9727dca48f98f7f6142f78"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R32H-Q4VW-RVF3

Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2024-12-30 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work

The rehash delayed work is rescheduled with a delay if the number of credits at end of the work is not negative as supposedly it means that the migration ended. Otherwise, it is rescheduled immediately.

After "mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash" the above is no longer accurate as a non-negative number of credits is no longer indicative of the migration being done. It can also happen if the work encountered an error in which case the migration will resume the next time the work is scheduled.

The significance of the above is that it is possible for the work to be pending and associated with hints that were allocated when the migration started. This leads to the hints being leaked [1] when the work is canceled while pending as part of ACL region dismantle.

Fix by freeing the hints if hints are associated with a work that was canceled while pending.

Blame the original commit since the reliance on not having a pending work associated with hints is fragile.

[1] unreferenced object 0xffff88810e7c3000 (size 256): comm "kworker/0:16", pid 176, jiffies 4295460353 hex dump (first 32 bytes): 00 30 95 11 81 88 ff ff 61 00 00 00 00 00 00 80 .0......a....... 00 00 61 00 40 00 00 00 00 00 00 00 04 00 00 00 ..a.@........... backtrace (crc 2544ddb9): [<00000000cf8cfab3>] kmalloc_trace+0x23f/0x2a0 [<000000004d9a1ad9>] objagg_hints_get+0x42/0x390 [<000000000b143cf3>] mlxsw_sp_acl_erp_rehash_hints_get+0xca/0x400 [<0000000059bdb60a>] mlxsw_sp_acl_tcam_vregion_rehash_work+0x868/0x1160 [<00000000e81fd734>] process_one_work+0x59c/0xf20 [<00000000ceee9e81>] worker_thread+0x799/0x12c0 [<00000000bda6fe39>] kthread+0x246/0x300 [<0000000070056d23>] ret_from_fork+0x34/0x70 [<00000000dea2b93e>] ret_from_fork_asm+0x1a/0x30

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35852"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T15:15:22Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work\n\nThe rehash delayed work is rescheduled with a delay if the number of\ncredits at end of the work is not negative as supposedly it means that\nthe migration ended. Otherwise, it is rescheduled immediately.\n\nAfter \"mlxsw: spectrum_acl_tcam: Fix possible use-after-free during\nrehash\" the above is no longer accurate as a non-negative number of\ncredits is no longer indicative of the migration being done. It can also\nhappen if the work encountered an error in which case the migration will\nresume the next time the work is scheduled.\n\nThe significance of the above is that it is possible for the work to be\npending and associated with hints that were allocated when the migration\nstarted. This leads to the hints being leaked [1] when the work is\ncanceled while pending as part of ACL region dismantle.\n\nFix by freeing the hints if hints are associated with a work that was\ncanceled while pending.\n\nBlame the original commit since the reliance on not having a pending\nwork associated with hints is fragile.\n\n[1]\nunreferenced object 0xffff88810e7c3000 (size 256):\n  comm \"kworker/0:16\", pid 176, jiffies 4295460353\n  hex dump (first 32 bytes):\n    00 30 95 11 81 88 ff ff 61 00 00 00 00 00 00 80  .0......a.......\n    00 00 61 00 40 00 00 00 00 00 00 00 04 00 00 00  ..a.@...........\n  backtrace (crc 2544ddb9):\n    [\u003c00000000cf8cfab3\u003e] kmalloc_trace+0x23f/0x2a0\n    [\u003c000000004d9a1ad9\u003e] objagg_hints_get+0x42/0x390\n    [\u003c000000000b143cf3\u003e] mlxsw_sp_acl_erp_rehash_hints_get+0xca/0x400\n    [\u003c0000000059bdb60a\u003e] mlxsw_sp_acl_tcam_vregion_rehash_work+0x868/0x1160\n    [\u003c00000000e81fd734\u003e] process_one_work+0x59c/0xf20\n    [\u003c00000000ceee9e81\u003e] worker_thread+0x799/0x12c0\n    [\u003c00000000bda6fe39\u003e] kthread+0x246/0x300\n    [\u003c0000000070056d23\u003e] ret_from_fork+0x34/0x70\n    [\u003c00000000dea2b93e\u003e] ret_from_fork_asm+0x1a/0x30",
  "id": "GHSA-r32h-q4vw-rvf3",
  "modified": "2024-12-30T18:30:40Z",
  "published": "2024-05-17T15:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35852"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/51cefc9da400b953fee749c9e5d26cd4a2b5d758"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5bfe7bf9656ed2633718388f12b7c38b86414a04"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/63d814d93c5cce4c18284adc810028f28dca493f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/857ed800133ffcfcee28582090b63b0cbb8ba59d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d72dd6fcd7886d0523afbab8b4a4b22d17addd7d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/de1aaefa75be9d0ec19c9a3e0e2f9696de20c6ab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fb4e2b70a7194b209fc7320bbf33b375f7114bd5"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R3J4-J9X2-2MJJ

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-02 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

USB: uhci: fix memory leak with using debugfs_lookup()

When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53197"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T14:15:42Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: uhci: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time.  To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once.",
  "id": "GHSA-r3j4-j9x2-2mjj",
  "modified": "2025-12-02T21:31:25Z",
  "published": "2025-09-15T15:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53197"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0a3f82c79c86278e7f144564b1cb6cc5c3657144"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9cb88847b8b86f132309030022a23dca895b6f61"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c6af1dbc99ad37bf67c8703982df4d7f12d256c1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e529aeb771aef1402c899b6b405610ef444d5d88"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R3M4-WQ9M-7FX4

Vulnerability from github – Published: 2025-03-18 21:31 – Updated: 2025-03-18 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

MIPS: pgalloc: fix memory leak caused by pgd_free()

pgd page is freed by generic implementation pgd_free() since commit f9cb654cb550 ("asm-generic: pgalloc: provide generic pgd_free()"), however, there are scenarios that the system uses more than one page as the pgd table, in such cases the generic implementation pgd_free() won't be applicable anymore. For example, when PAGE_SIZE_4KB is enabled and MIPS_VA_BITS_48 is not enabled in a 64bit system, the macro "PGD_ORDER" will be set as "1", which will cause allocating two pages as the pgd table. Well, at the same time, the generic implementation pgd_free() just free one pgd page, which will result in the memory leak.

The memory leak can be easily detected by executing shell command: "while true; do ls > /dev/null; grep MemFree /proc/meminfo; done"

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49210"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:58Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: pgalloc: fix memory leak caused by pgd_free()\n\npgd page is freed by generic implementation pgd_free() since commit\nf9cb654cb550 (\"asm-generic: pgalloc: provide generic pgd_free()\"),\nhowever, there are scenarios that the system uses more than one page as\nthe pgd table, in such cases the generic implementation pgd_free() won\u0027t\nbe applicable anymore. For example, when PAGE_SIZE_4KB is enabled and\nMIPS_VA_BITS_48 is not enabled in a 64bit system, the macro \"PGD_ORDER\"\nwill be set as \"1\", which will cause allocating two pages as the pgd\ntable. Well, at the same time, the generic implementation pgd_free()\njust free one pgd page, which will result in the memory leak.\n\nThe memory leak can be easily detected by executing shell command:\n\"while true; do ls \u003e /dev/null; grep MemFree /proc/meminfo; done\"",
  "id": "GHSA-r3m4-wq9m-7fx4",
  "modified": "2025-03-18T21:32:00Z",
  "published": "2025-03-18T21:31:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49210"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1bf0d78c8cc3cf615a6e7bf33ada70b73592f0a1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2bc5bab9a763d520937e4f3fe8df51c6a1eceb97"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a8501d34b261906e4c76ec9da679f2cb4d309ed"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d29cda15cab086d82d692de016f7249545d4b6b4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fa3d44424579972cc7c4fac3d9cf227798ebdfa0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R3PW-3J86-Q7W6

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-02 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: dwc3: qcom: Fix potential memory leak

Function dwc3_qcom_probe() allocates memory for resource structure which is pointed by parent_res pointer. This memory is not freed. This leads to memory leak. Use stack memory to prevent memory leak.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53196"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T14:15:41Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: qcom: Fix potential memory leak\n\nFunction dwc3_qcom_probe() allocates memory for resource structure\nwhich is pointed by parent_res pointer. This memory is not\nfreed. This leads to memory leak. Use stack memory to prevent\nmemory leak.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
  "id": "GHSA-r3pw-3j86-q7w6",
  "modified": "2025-12-02T21:31:25Z",
  "published": "2025-09-15T15:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53196"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/097fb3ee710d4de83b8d4f5589e8ee13e0f0541e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/134a7d4642f11daed6bbc378f930a54dd0322291"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/648a163cff21ea355c8765e882ba8bf66a870a3e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/74f8606ddfa450d2255b4e61472a7632def1e8c4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b626cd5e4a87a281629e0c2b07519990077c0fbe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c3b322b84ab5dda7eaca9ded763628b7467734f4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R42V-97M8-W3J8

Vulnerability from github – Published: 2024-03-15 21:30 – Updated: 2025-01-07 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

HID: amd_sfh: Fix memory leak in amd_sfh_work

Kmemleak tool detected a memory leak in the amd_sfh driver.

==================== unreferenced object 0xffff88810228ada0 (size 32): comm "insmod", pid 3968, jiffies 4295056001 (age 775.792s) hex dump (first 32 bytes): 00 20 73 1f 81 88 ff ff 00 01 00 00 00 00 ad de . s............. 22 01 00 00 00 00 ad de 01 00 02 00 00 00 00 00 "............... backtrace: [<000000007b4c8799>] kmem_cache_alloc_trace+0x163/0x4f0 [<0000000005326893>] amd_sfh_get_report+0xa4/0x1d0 [amd_sfh] [<000000002a9e5ec4>] amdtp_hid_request+0x62/0x80 [amd_sfh] [<00000000b8a95807>] sensor_hub_get_feature+0x145/0x270 [hid_sensor_hub] [<00000000fda054ee>] hid_sensor_parse_common_attributes+0x215/0x460 [hid_sensor_iio_common] [<0000000021279ecf>] hid_accel_3d_probe+0xff/0x4a0 [hid_sensor_accel_3d] [<00000000915760ce>] platform_probe+0x6a/0xd0 [<0000000060258a1f>] really_probe+0x192/0x620 [<00000000fa812f2d>] driver_probe_device+0x14a/0x1d0 [<000000005e79f7fd>] __device_attach_driver+0xbd/0x110 [<0000000070d15018>] bus_for_each_drv+0xfd/0x160 [<0000000013a3c312>] __device_attach+0x18b/0x220 [<000000008c7b4afc>] device_initial_probe+0x13/0x20 [<00000000e6e99665>] bus_probe_device+0xfe/0x120 [<00000000833fa90b>] device_add+0x6a6/0xe00 [<00000000fa901078>] platform_device_add+0x180/0x380 ====================

The fix is to freeing request_list entry once the processed entry is removed from the request_list.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47133"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-15T21:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: Fix memory leak in amd_sfh_work\n\nKmemleak tool detected a memory leak in the amd_sfh driver.\n\n====================\nunreferenced object 0xffff88810228ada0 (size 32):\n  comm \"insmod\", pid 3968, jiffies 4295056001 (age 775.792s)\n  hex dump (first 32 bytes):\n    00 20 73 1f 81 88 ff ff 00 01 00 00 00 00 ad de  . s.............\n    22 01 00 00 00 00 ad de 01 00 02 00 00 00 00 00  \"...............\n  backtrace:\n    [\u003c000000007b4c8799\u003e] kmem_cache_alloc_trace+0x163/0x4f0\n    [\u003c0000000005326893\u003e] amd_sfh_get_report+0xa4/0x1d0 [amd_sfh]\n    [\u003c000000002a9e5ec4\u003e] amdtp_hid_request+0x62/0x80 [amd_sfh]\n    [\u003c00000000b8a95807\u003e] sensor_hub_get_feature+0x145/0x270 [hid_sensor_hub]\n    [\u003c00000000fda054ee\u003e] hid_sensor_parse_common_attributes+0x215/0x460 [hid_sensor_iio_common]\n    [\u003c0000000021279ecf\u003e] hid_accel_3d_probe+0xff/0x4a0 [hid_sensor_accel_3d]\n    [\u003c00000000915760ce\u003e] platform_probe+0x6a/0xd0\n    [\u003c0000000060258a1f\u003e] really_probe+0x192/0x620\n    [\u003c00000000fa812f2d\u003e] driver_probe_device+0x14a/0x1d0\n    [\u003c000000005e79f7fd\u003e] __device_attach_driver+0xbd/0x110\n    [\u003c0000000070d15018\u003e] bus_for_each_drv+0xfd/0x160\n    [\u003c0000000013a3c312\u003e] __device_attach+0x18b/0x220\n    [\u003c000000008c7b4afc\u003e] device_initial_probe+0x13/0x20\n    [\u003c00000000e6e99665\u003e] bus_probe_device+0xfe/0x120\n    [\u003c00000000833fa90b\u003e] device_add+0x6a6/0xe00\n    [\u003c00000000fa901078\u003e] platform_device_add+0x180/0x380\n====================\n\nThe fix is to freeing request_list entry once the processed entry is\nremoved from the request_list.",
  "id": "GHSA-r42v-97m8-w3j8",
  "modified": "2025-01-07T18:30:39Z",
  "published": "2024-03-15T21:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47133"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/29beadea66a226d744d5ffdcde6b984623053d24"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5ad755fd2b326aa2bc8910b0eb351ee6aece21b1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.