Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-R9M9-7J24-222X

Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-11-07 19:00
VLAI
Details

Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19063"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-18T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.",
  "id": "GHSA-r9m9-7j24-222x",
  "modified": "2022-11-07T19:00:17Z",
  "published": "2022-05-24T17:01:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19063"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2020/Jan/10"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20191205-0001"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4254-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4254-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4284-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4285-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4287-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4287-2"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RC42-XQQ7-H58R

Vulnerability from github – Published: 2026-04-03 15:30 – Updated: 2026-04-23 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: free pages on error in btrfs_uring_read_extent()

In this function the 'pages' object is never freed in the hopes that it is picked up by btrfs_uring_read_finished() whenever that executes in the future. But that's just the happy path. Along the way previous allocations might have gone wrong, or we might not get -EIOCBQUEUED from btrfs_encoded_read_regular_fill_pages(). In all these cases, we go to a cleanup section that frees all memory allocated by this function without assuming any deferred execution, and this also needs to happen for the 'pages' allocation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23423"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-03T14:16:28Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: free pages on error in btrfs_uring_read_extent()\n\nIn this function the \u0027pages\u0027 object is never freed in the hopes that it is\npicked up by btrfs_uring_read_finished() whenever that executes in the\nfuture. But that\u0027s just the happy path. Along the way previous\nallocations might have gone wrong, or we might not get -EIOCBQUEUED from\nbtrfs_encoded_read_regular_fill_pages(). In all these cases, we go to a\ncleanup section that frees all memory allocated by this function without\nassuming any deferred execution, and this also needs to happen for the\n\u0027pages\u0027 allocation.",
  "id": "GHSA-rc42-xqq7-h58r",
  "modified": "2026-04-23T21:31:18Z",
  "published": "2026-04-03T15:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23423"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3f501412f2079ca14bf68a18d80a2b7a823f1f64"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/628895890b0c9ac9129129e89455da7db95ba343"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d4f210de01eaccac61eee657f676045ef9771d07"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RC6X-Q5FH-8F53

Vulnerability from github – Published: 2024-08-22 06:30 – Updated: 2024-08-23 03:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

iio: adc: men_z188_adc: Fix a resource leak in an error handling path

If iio_device_register() fails, a previous ioremap() is left unbalanced.

Update the error handling path and add the missing iounmap() call, as already done in the remove function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48928"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-22T04:15:15Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: men_z188_adc: Fix a resource leak in an error handling path\n\nIf iio_device_register() fails, a previous ioremap() is left unbalanced.\n\nUpdate the error handling path and add the missing iounmap() call, as\nalready done in the remove function.",
  "id": "GHSA-rc6x-q5fh-8f53",
  "modified": "2024-08-23T03:30:59Z",
  "published": "2024-08-22T06:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48928"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f88722313645a903f4d420ba61ddc690ec2481d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1aa12ecfdcbafebc218910ec47acf6262e600cf5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/53d43a9c8dd224e66559fe86af1e473802c7130e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c5723b422f564af15f2e3bc0592fd6376a0a6c45"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ce1076b33e299dc8d270e4450a420a18bfb3e190"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d6ed5426a7fad36cf928c244483ba24e72359638"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e0a2e37f303828d030a83f33ffe14b36cb88d563"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fe73477802981bd0d0d70f2b22f109bcca801bdb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RC8Q-6743-JH4W

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-05-07 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: macvlan: fix memory leaks of macvlan_common_newlink

kmemleak reports memory leaks in macvlan_common_newlink, as follows:

ip link add link eth0 name .. type macvlan mode source macaddr add

kmemleak reports:

unreferenced object 0xffff8880109bb140 (size 64): comm "ip", pid 284, jiffies 4294986150 (age 430.108s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 b8 aa 5a 12 80 88 ff ff ..........Z..... 80 1b fa 0d 80 88 ff ff 1e ff ac af c7 c1 6b 6b ..............kk backtrace: [] kmem_cache_alloc_trace+0x1c7/0x300 [] macvlan_hash_add_source+0x45/0xc0 [] macvlan_changelink_sources+0xd7/0x170 [] macvlan_common_newlink+0x38c/0x5a0 [] macvlan_newlink+0xe/0x20 [] __rtnl_newlink+0x7af/0xa50 [] rtnl_newlink+0x48/0x70 ...

In the scenario where the macvlan mode is configured as 'source', macvlan_changelink_sources() will be execured to reconfigure list of remote source mac addresses, at the same time, if register_netdevice() return an error, the resource generated by macvlan_changelink_sources() is not cleaned up.

Using this patch, in the case of an error, it will execute macvlan_flush_sources() to ensure that the resource is cleaned up.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49853"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T15:16:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: macvlan: fix memory leaks of macvlan_common_newlink\n\nkmemleak reports memory leaks in macvlan_common_newlink, as follows:\n\n ip link add link eth0 name .. type macvlan mode source macaddr add\n \u003cMAC-ADDR\u003e\n\nkmemleak reports:\n\nunreferenced object 0xffff8880109bb140 (size 64):\n  comm \"ip\", pid 284, jiffies 4294986150 (age 430.108s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 b8 aa 5a 12 80 88 ff ff  ..........Z.....\n    80 1b fa 0d 80 88 ff ff 1e ff ac af c7 c1 6b 6b  ..............kk\n  backtrace:\n    [\u003cffffffff813e06a7\u003e] kmem_cache_alloc_trace+0x1c7/0x300\n    [\u003cffffffff81b66025\u003e] macvlan_hash_add_source+0x45/0xc0\n    [\u003cffffffff81b66a67\u003e] macvlan_changelink_sources+0xd7/0x170\n    [\u003cffffffff81b6775c\u003e] macvlan_common_newlink+0x38c/0x5a0\n    [\u003cffffffff81b6797e\u003e] macvlan_newlink+0xe/0x20\n    [\u003cffffffff81d97f8f\u003e] __rtnl_newlink+0x7af/0xa50\n    [\u003cffffffff81d98278\u003e] rtnl_newlink+0x48/0x70\n    ...\n\nIn the scenario where the macvlan mode is configured as \u0027source\u0027,\nmacvlan_changelink_sources() will be execured to reconfigure list of\nremote source mac addresses, at the same time, if register_netdevice()\nreturn an error, the resource generated by macvlan_changelink_sources()\nis not cleaned up.\n\nUsing this patch, in the case of an error, it will execute\nmacvlan_flush_sources() to ensure that the resource is cleaned up.",
  "id": "GHSA-rc8q-6743-jh4w",
  "modified": "2025-05-07T15:31:24Z",
  "published": "2025-05-01T15:31:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49853"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/21d3a8b6a1e39e7529ce9de07316ee13a63f305b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/23569b5652ee8e8e55a12f7835f59af6f3cefc30"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/685e73e3f7a9fb75cbf049a9d0b7c45cc6b57b2e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/956e0216a19994443c90ba2ea6b0b284c9c4f9cb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9ea003c4671b2fc455320ecf6d4a43b0a3c1878a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9f288e338be206713d79b29144c27fca4503c39b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a81b44d1df1f07f00c0dcc0a0b3d2fa24a46289e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a8d67367ab33604326cc37ab44fd1801bf5691ba"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RC9C-XM7H-WMCX

Vulnerability from github – Published: 2026-07-14 18:31 – Updated: 2026-07-14 18:31
VLAI
Details

Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-44806"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T17:16:48Z",
    "severity": "MODERATE"
  },
  "details": "Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.",
  "id": "GHSA-rc9c-xm7h-wmcx",
  "modified": "2026-07-14T18:31:58Z",
  "published": "2026-07-14T18:31:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44806"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44806"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RC9Q-9GJH-F3Q6

Vulnerability from github – Published: 2024-08-21 09:31 – Updated: 2024-09-06 15:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ice: Fix potential memory leak in ice_gnss_tty_write()

The ice_gnss_tty_write() return directly if the write_buf alloc failed, leaking the cmd_buf.

Fix by free cmd_buf if write_buf alloc failed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48885"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-21T07:15:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix potential memory leak in ice_gnss_tty_write()\n\nThe ice_gnss_tty_write() return directly if the write_buf alloc failed,\nleaking the cmd_buf.\n\nFix by free cmd_buf if write_buf alloc failed.",
  "id": "GHSA-rc9q-9gjh-f3q6",
  "modified": "2024-09-06T15:32:56Z",
  "published": "2024-08-21T09:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48885"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/500ca1da9d0876244eb4d1b0ece6fa0e9968d45d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f58985620f55580a07d40062c4115d8c9cf6ae27"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RCMJ-JXVJ-G49V

Vulnerability from github – Published: 2024-12-29 12:30 – Updated: 2025-01-08 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

smb: Initialize cfid->tcon before performing network ops

Avoid leaking a tcon ref when a lease break races with opening the cached directory. Processing the leak break might take a reference to the tcon in cached_dir_lease_break() and then fail to release the ref in cached_dir_offload_close, since cfid->tcon is still NULL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56729"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-29T12:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Initialize cfid-\u003etcon before performing network ops\n\nAvoid leaking a tcon ref when a lease break races with opening the\ncached directory. Processing the leak break might take a reference to\nthe tcon in cached_dir_lease_break() and then fail to release the ref in\ncached_dir_offload_close, since cfid-\u003etcon is still NULL.",
  "id": "GHSA-rcmj-jxvj-g49v",
  "modified": "2025-01-08T00:30:48Z",
  "published": "2024-12-29T12:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56729"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1b9ab6b648f89441c8a13cb3fd8ca83ffebc5262"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4b216c8f9c7d84ef7de33ca60b97e08e03ef3292"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/625e2357c8fcfae6e66dcc667dc656fe390bab15"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c353ee4fb119a2582d0e011f66a76a38f5cf984d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RCVC-X6H8-MPP2

Vulnerability from github – Published: 2024-02-27 21:31 – Updated: 2025-01-08 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

s390/zcrypt: fix zcard and zqueue hot-unplug memleak

Tests with kvm and a kmemdebug kernel showed, that on hot unplug the zcard and zqueue structs for the unplugged card or queue are not properly freed because of a mismatch with get/put for the embedded kref counter.

This fix now adjusts the handling of the kref counters. With init the kref counter starts with 1. This initial value needs to drop to zero with the unregister of the card or queue to trigger the release and free the object.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46968"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-27T19:04:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: fix zcard and zqueue hot-unplug memleak\n\nTests with kvm and a kmemdebug kernel showed, that on hot unplug the\nzcard and zqueue structs for the unplugged card or queue are not\nproperly freed because of a mismatch with get/put for the embedded\nkref counter.\n\nThis fix now adjusts the handling of the kref counters. With init the\nkref counter starts with 1. This initial value needs to drop to zero\nwith the unregister of the card or queue to trigger the release and\nfree the object.",
  "id": "GHSA-rcvc-x6h8-mpp2",
  "modified": "2025-01-08T18:30:40Z",
  "published": "2024-02-27T21:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46968"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/026499a9c2e002e621ad568d1378324ae97e5524"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/055a063a18bcd19b93709e3eac8078d6b2f04599"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/70fac8088cfad9f3b379c9082832b4d7532c16c2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/971dc8706cee47393d393905d294ea47e39503d3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RF5C-CRCV-V9WG

Vulnerability from github – Published: 2025-10-07 18:31 – Updated: 2026-02-05 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix an information leak in tipc_topsrv_kern_subscr

Use a 8-byte write to initialize sub.usr_handle in tipc_topsrv_kern_subscr(), otherwise four bytes remain uninitialized when issuing setsockopt(..., SOL_TIPC, ...). This resulted in an infoleak reported by KMSAN when the packet was received:

===================================================== BUG: KMSAN: kernel-infoleak in copyout+0xbc/0x100 lib/iov_iter.c:169 instrument_copy_to_user ./include/linux/instrumented.h:121 copyout+0xbc/0x100 lib/iov_iter.c:169 _copy_to_iter+0x5c0/0x20a0 lib/iov_iter.c:527 copy_to_iter ./include/linux/uio.h:176 simple_copy_to_iter+0x64/0xa0 net/core/datagram.c:513 __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:419 skb_copy_datagram_iter+0x58/0x200 net/core/datagram.c:527 skb_copy_datagram_msg ./include/linux/skbuff.h:3903 packet_recvmsg+0x521/0x1e70 net/packet/af_packet.c:3469 _sysrecvmsg+0x2c4/0x810 net/socket.c:? _sys_recvmsg+0x217/0x840 net/socket.c:2743 __sys_recvmsg net/socket.c:2773 __do_sys_recvmsg net/socket.c:2783 __se_sys_recvmsg net/socket.c:2780 __x64_sys_recvmsg+0x364/0x540 net/socket.c:2780 do_syscall_x64 arch/x86/entry/common.c:50 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd arch/x86/entry/entry_64.S:120

...

Uninit was stored to memory at: tipc_sub_subscribe+0x42d/0xb50 net/tipc/subscr.c:156 tipc_conn_rcv_sub+0x246/0x620 net/tipc/topsrv.c:375 tipc_topsrv_kern_subscr+0x2e8/0x400 net/tipc/topsrv.c:579 tipc_group_create+0x4e7/0x7d0 net/tipc/group.c:190 tipc_sk_join+0x2a8/0x770 net/tipc/socket.c:3084 tipc_setsockopt+0xae5/0xe40 net/tipc/socket.c:3201 __sys_setsockopt+0x87f/0xdc0 net/socket.c:2252 __do_sys_setsockopt net/socket.c:2263 __se_sys_setsockopt net/socket.c:2260 __x64_sys_setsockopt+0xe0/0x160 net/socket.c:2260 do_syscall_x64 arch/x86/entry/common.c:50 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd arch/x86/entry/entry_64.S:120

Local variable sub created at: tipc_topsrv_kern_subscr+0x57/0x400 net/tipc/topsrv.c:562 tipc_group_create+0x4e7/0x7d0 net/tipc/group.c:190

Bytes 84-87 of 88 are uninitialized Memory access of size 88 starts at ffff88801ed57cd0 Data copied to user address 0000000020000400 ... =====================================================

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50531"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-07T16:15:37Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix an information leak in tipc_topsrv_kern_subscr\n\nUse a 8-byte write to initialize sub.usr_handle in\ntipc_topsrv_kern_subscr(), otherwise four bytes remain uninitialized\nwhen issuing setsockopt(..., SOL_TIPC, ...).\nThis resulted in an infoleak reported by KMSAN when the packet was\nreceived:\n\n  =====================================================\n  BUG: KMSAN: kernel-infoleak in copyout+0xbc/0x100 lib/iov_iter.c:169\n   instrument_copy_to_user ./include/linux/instrumented.h:121\n   copyout+0xbc/0x100 lib/iov_iter.c:169\n   _copy_to_iter+0x5c0/0x20a0 lib/iov_iter.c:527\n   copy_to_iter ./include/linux/uio.h:176\n   simple_copy_to_iter+0x64/0xa0 net/core/datagram.c:513\n   __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:419\n   skb_copy_datagram_iter+0x58/0x200 net/core/datagram.c:527\n   skb_copy_datagram_msg ./include/linux/skbuff.h:3903\n   packet_recvmsg+0x521/0x1e70 net/packet/af_packet.c:3469\n   ____sys_recvmsg+0x2c4/0x810 net/socket.c:?\n   ___sys_recvmsg+0x217/0x840 net/socket.c:2743\n   __sys_recvmsg net/socket.c:2773\n   __do_sys_recvmsg net/socket.c:2783\n   __se_sys_recvmsg net/socket.c:2780\n   __x64_sys_recvmsg+0x364/0x540 net/socket.c:2780\n   do_syscall_x64 arch/x86/entry/common.c:50\n   do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n   entry_SYSCALL_64_after_hwframe+0x63/0xcd arch/x86/entry/entry_64.S:120\n\n  ...\n\n  Uninit was stored to memory at:\n   tipc_sub_subscribe+0x42d/0xb50 net/tipc/subscr.c:156\n   tipc_conn_rcv_sub+0x246/0x620 net/tipc/topsrv.c:375\n   tipc_topsrv_kern_subscr+0x2e8/0x400 net/tipc/topsrv.c:579\n   tipc_group_create+0x4e7/0x7d0 net/tipc/group.c:190\n   tipc_sk_join+0x2a8/0x770 net/tipc/socket.c:3084\n   tipc_setsockopt+0xae5/0xe40 net/tipc/socket.c:3201\n   __sys_setsockopt+0x87f/0xdc0 net/socket.c:2252\n   __do_sys_setsockopt net/socket.c:2263\n   __se_sys_setsockopt net/socket.c:2260\n   __x64_sys_setsockopt+0xe0/0x160 net/socket.c:2260\n   do_syscall_x64 arch/x86/entry/common.c:50\n   do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n   entry_SYSCALL_64_after_hwframe+0x63/0xcd arch/x86/entry/entry_64.S:120\n\n  Local variable sub created at:\n   tipc_topsrv_kern_subscr+0x57/0x400 net/tipc/topsrv.c:562\n   tipc_group_create+0x4e7/0x7d0 net/tipc/group.c:190\n\n  Bytes 84-87 of 88 are uninitialized\n  Memory access of size 88 starts at ffff88801ed57cd0\n  Data copied to user address 0000000020000400\n  ...\n  =====================================================",
  "id": "GHSA-rf5c-crcv-v9wg",
  "modified": "2026-02-05T15:31:08Z",
  "published": "2025-10-07T18:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50531"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3d1b83ff7b6575a4e41283203e6b2e25ea700cd7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/567f8de358b61015dcfb8878a1f06c5369a45f54"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/777ecaabd614d47c482a5c9031579e66da13989a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dbc01c0a4e202a7e925dad1d4b7c1d6eb0c81154"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e558e148938442dd49628cd7ef61c360832bef31"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fef70f978bc289642501d88d2a3f5e841bd31a67"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RF6C-WW9J-GX78

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41
VLAI
Details

Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1313"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-04T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
  "id": "GHSA-rf6c-ww9j-gx78",
  "modified": "2022-05-24T17:41:01Z",
  "published": "2022-05-24T17:41:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1313"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dos-WwDdghs2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.