Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-RR4H-G2X9-F96P

Vulnerability from github – Published: 2026-04-01 09:31 – Updated: 2026-04-24 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

apparmor: fix memory leak in verify_header

The function sets *ns = NULL on every call, leaking the namespace string allocated in previous iterations when multiple profiles are unpacked. This also breaks namespace consistency checking since *ns is always NULL when the comparison is made.

Remove the incorrect assignment. The caller (aa_unpack) initializes *ns to NULL once before the loop, which is sufficient.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23403"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-01T09:16:15Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix memory leak in verify_header\n\nThe function sets `*ns = NULL` on every call, leaking the namespace\nstring allocated in previous iterations when multiple profiles are\nunpacked. This also breaks namespace consistency checking since *ns\nis always NULL when the comparison is made.\n\nRemove the incorrect assignment.\nThe caller (aa_unpack) initializes *ns to NULL once before the loop,\nwhich is sufficient.",
  "id": "GHSA-rr4h-g2x9-f96p",
  "modified": "2026-04-24T21:31:57Z",
  "published": "2026-04-01T09:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23403"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/42fd831abfc15d0643c14688f0522556b347e7e6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4f0889f2df1ab99224a5e1ac4e20437eea5fe38e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/663ce34786e759ebcbeb3060685c20bcc886d51a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6b79abcb3c985e153fcf9d395e1d4336081aabc2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/786e2c2a87d9c505f33321d1fd23a176aa8ddeb1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9d678eb0fe55c9195d9a253e8c5b82a87b930737"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bcf82c0c5a8b383fd2d5d8f3fd880cdcab2ac557"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e38c55d9f834e5b848bfed0f5c586aaf45acb825"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RR4X-CRHF-8886

Vulnerability from github – Published: 2023-10-10 21:29 – Updated: 2025-02-20 22:50
VLAI
Summary
Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation
Details

When you have transforms on the root level or single source with transforms, and the client sends the same query with different variables, the initial variables are used in all following requests until the cache evicts DocumentNode.

Let's say if a token is sent via variables, the following requests will act like the same token is sent even if the following requests have different tokens.

This can cause a short memory leak but it won't grow per each request but per different operation until the cache evicts DocumentNode by LRU mechanism.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@graphql-mesh/runtime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.96.5"
            },
            {
              "fixed": "0.96.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-27097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-401"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-10T21:29:50Z",
    "nvd_published_at": "2025-02-20T21:15:26Z",
    "severity": "MODERATE"
  },
  "details": "When you have transforms on the root level or single source with transforms, and the client sends the same query with different variables, the initial variables are used in all following requests until the cache evicts DocumentNode.\n\nLet\u0027s say if a token is sent via variables, the following requests will act like the same token is sent even if the following requests have different tokens.\n\nThis can cause a short memory leak but it won\u0027t grow per each request but per different operation until the cache evicts DocumentNode by LRU mechanism.",
  "id": "GHSA-rr4x-crhf-8886",
  "modified": "2025-02-20T22:50:52Z",
  "published": "2023-10-10T21:29:50Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Urigo/graphql-mesh/security/advisories/GHSA-rr4x-crhf-8886"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ardatan/graphql-mesh/security/advisories/GHSA-rr4x-crhf-8886"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27097"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Urigo/graphql-mesh/commit/482d813a9f75935024aa77872125d197f5fca3d0"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Urigo/graphql-mesh"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Urigo/graphql-mesh/releases/tag/release-1696859949678"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation"
}

GHSA-RRGM-7P6P-PRM6

Vulnerability from github – Published: 2026-05-01 15:30 – Updated: 2026-05-08 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

gpib: lpvo_usb: fix memory leak on disconnect

The driver iterates over the registered USB interfaces during GPIB attach and takes a reference to their USB devices until a match is found. These references are never released which leads to a memory leak when devices are disconnected.

Fix the leak by dropping the unnecessary references.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31760"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-01T15:16:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpib: lpvo_usb: fix memory leak on disconnect\n\nThe driver iterates over the registered USB interfaces during GPIB\nattach and takes a reference to their USB devices until a match is\nfound. These references are never released which leads to a memory leak\nwhen devices are disconnected.\n\nFix the leak by dropping the unnecessary references.",
  "id": "GHSA-rrgm-7p6p-prm6",
  "modified": "2026-05-08T18:31:26Z",
  "published": "2026-05-01T15:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31760"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/21f942879f86108b300a23683e67483f8c358fc7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5cefb52c1af6f69ea719e42788f6ec6a087eb74c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/706f4fe2dacc95d65e7c8dff321711f024bb8d20"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RRR4-G4Q4-HGR3

Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22
VLAI
Details

** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-6129"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-11T05:29:00Z",
    "severity": "MODERATE"
  },
  "details": "** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated \"I don\u0027t think it is libpng\u0027s job to free this buffer.\"",
  "id": "GHSA-rrr4-g4q4-hgr3",
  "modified": "2022-05-13T01:22:35Z",
  "published": "2022-05-13T01:22:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6129"
    },
    {
      "type": "WEB",
      "url": "https://github.com/glennrp/libpng/issues/269"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RV3Q-W2VV-WGF5

Vulnerability from github – Published: 2025-10-07 18:31 – Updated: 2026-02-04 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

blk-iolatency: Fix memory leak on add_disk() failures

When a gendisk is successfully initialized but add_disk() fails such as when a loop device has invalid number of minor device numbers specified, blkcg_init_disk() is called during init and then blkcg_exit_disk() during error handling. Unfortunately, iolatency gets initialized in the former but doesn't get cleaned up in the latter.

This is because, in non-error cases, the cleanup is performed by del_gendisk() calling rq_qos_exit(), the assumption being that rq_qos policies, iolatency being one of them, can only be activated once the disk is fully registered and visible. That assumption is true for wbt and iocost, but not so for iolatency as it gets initialized before add_disk() is called.

It is desirable to lazy-init rq_qos policies because they are optional features and add to hot path overhead once initialized - each IO has to walk all the registered rq_qos policies. So, we want to switch iolatency to lazy init too. However, that's a bigger change. As a fix for the immediate problem, let's just add an extra call to rq_qos_exit() in blkcg_exit_disk(). This is safe because duplicate calls to rq_qos_exit() become noop's.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50550"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-07T16:15:40Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iolatency: Fix memory leak on add_disk() failures\n\nWhen a gendisk is successfully initialized but add_disk() fails such as when\na loop device has invalid number of minor device numbers specified,\nblkcg_init_disk() is called during init and then blkcg_exit_disk() during\nerror handling. Unfortunately, iolatency gets initialized in the former but\ndoesn\u0027t get cleaned up in the latter.\n\nThis is because, in non-error cases, the cleanup is performed by\ndel_gendisk() calling rq_qos_exit(), the assumption being that rq_qos\npolicies, iolatency being one of them, can only be activated once the disk\nis fully registered and visible. That assumption is true for wbt and iocost,\nbut not so for iolatency as it gets initialized before add_disk() is called.\n\nIt is desirable to lazy-init rq_qos policies because they are optional\nfeatures and add to hot path overhead once initialized - each IO has to walk\nall the registered rq_qos policies. So, we want to switch iolatency to lazy\ninit too. However, that\u0027s a bigger change. As a fix for the immediate\nproblem, let\u0027s just add an extra call to rq_qos_exit() in blkcg_exit_disk().\nThis is safe because duplicate calls to rq_qos_exit() become noop\u0027s.",
  "id": "GHSA-rv3q-w2vv-wgf5",
  "modified": "2026-02-04T21:30:24Z",
  "published": "2025-10-07T18:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50550"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/215f9437dda09531bcb80605298a24219f01cec5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2a126e1db5553ce4498290df019866952f858954"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/813e693023ba10da9e75067780f8378465bf27cc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RV45-G592-F3P6

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-24 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

spi: ch341: fix memory leaks on probe failures

Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect and avoid memory leaks and use-after-free.

Also add an explicit URB kill on disconnect for symmetry (even if that is not strictly required as USB core would have stopped it in the current setup).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46074"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:28Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: ch341: fix memory leaks on probe failures\n\nMake sure to deregister the controller, disable pins, and kill and free\nthe RX URB on probe failures to mirror disconnect and avoid memory\nleaks and use-after-free.\n\nAlso add an explicit URB kill on disconnect for symmetry (even if that\nis not strictly required as USB core would have stopped it in the\ncurrent setup).",
  "id": "GHSA-rv45-g592-f3p6",
  "modified": "2026-06-24T18:32:29Z",
  "published": "2026-05-27T15:33:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46074"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5c6518633702d7f7b1153e9d8e042af847f11ef3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9bee2faf9e21c796d0d222c9d84a98f41bd303a0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b99e3ddb91b499d920e63a2daff8880be68cfe9e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ff8a7996dc8bf433efe2126ffdaee5b374a89e30"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RV46-HCFV-QPVX

Vulnerability from github – Published: 2025-07-03 09:30 – Updated: 2025-12-18 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: phy: mscc: Fix memory leak when using one step timestamping

Fix memory leak when running one-step timestamping. When running one-step sync timestamping, the HW is configured to insert the TX time into the frame, so there is no reason to keep the skb anymore. As in this case the HW will never generate an interrupt to say that the frame was timestamped, then the frame will never released. Fix this by freeing the frame in case of one-step timestamping.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38148"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-03T09:15:29Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: mscc: Fix memory leak when using one step timestamping\n\nFix memory leak when running one-step timestamping. When running\none-step sync timestamping, the HW is configured to insert the TX time\ninto the frame, so there is no reason to keep the skb anymore. As in\nthis case the HW will never generate an interrupt to say that the frame\nwas timestamped, then the frame will never released.\nFix this by freeing the frame in case of one-step timestamping.",
  "id": "GHSA-rv46-hcfv-qpvx",
  "modified": "2025-12-18T21:31:33Z",
  "published": "2025-07-03T09:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38148"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b40aeaf83ca04d4c9801e235b7533400c8b5f17"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/24b24295464f25fb771d36ed558c7cd942119361"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/66abe22017522dd56b820e41ca3a5b131a637001"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/846992645b25ec4253167e3f931e4597eb84af56"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cdbabd316c5a4a9b0fda6aafe491e2db17fbb95d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/db2a12ddd3a31f668137ff6a4befc1343c79cbc4"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RV69-7F4R-R2GG

Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-11-08 12:00
VLAI
Details

A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19052"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-18T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.",
  "id": "GHSA-rv69-7f4r-r2gg",
  "modified": "2022-11-08T12:00:22Z",
  "published": "2022-05-24T17:01:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19052"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20191205-0001"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4225-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4225-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4226-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4227-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4227-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4228-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4228-2"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RV96-Q2G6-R95W

Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

xfrm_user: fix info leak in build_report()

struct xfrm_user_report is a __u8 proto field followed by a struct xfrm_selector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace. Fix that up by zeroing the structure before setting individual member variables.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31671"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-24T15:16:46Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm_user: fix info leak in build_report()\n\nstruct xfrm_user_report is a __u8 proto field followed by a struct\nxfrm_selector which means there is three \"empty\" bytes of padding, but\nthe padding is never zeroed before copying to userspace.  Fix that up by\nzeroing the structure before setting individual member variables.",
  "id": "GHSA-rv96-q2g6-r95w",
  "modified": "2026-07-14T15:31:55Z",
  "published": "2026-04-24T15:32:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31671"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0616314b3b34f24cbb91da8c6bd8bcdc4c8592f9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0a30dceb0e1f0c480d2482e6d7cebf8aebb6eb72"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6c55714c931051cd7f4839c19ce0867179fd22fe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/716c546e88cfe49d841658240e10cb57bc50a2cc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d10119968d0e1f2b669604baf2a8b5fdb72fa6b4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d27c02eec529f78055a46a5c9e6c62684382b2d8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e0c8542c3d097ed4205ded51868195d5d6ddac62"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ff5ee507302303b15859753c3e0d67d38fd12c88"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RVG6-V4XX-QVV4

Vulnerability from github – Published: 2025-07-25 18:30 – Updated: 2025-11-19 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.

sof_pdata->tplg_filename can have address allocated by kstrdup() and can be overwritten. Memory leak was detected with kmemleak:

unreferenced object 0xffff88812391ff60 (size 16): comm "kworker/4:1", pid 161, jiffies 4294802931 hex dump (first 16 bytes): 73 6f 66 2d 68 64 61 2d 67 65 6e 65 72 69 63 00 sof-hda-generic. backtrace (crc 4bf1675c): __kmalloc_node_track_caller_noprof+0x49c/0x6b0 kstrdup+0x46/0xc0 hda_machine_select.cold+0x1de/0x12cf [snd_sof_intel_hda_generic] sof_init_environment+0x16f/0xb50 [snd_sof] sof_probe_continue+0x45/0x7c0 [snd_sof] sof_probe_work+0x1e/0x40 [snd_sof] process_one_work+0x894/0x14b0 worker_thread+0x5e5/0xfb0 kthread+0x39d/0x760 ret_from_fork+0x31/0x70 ret_from_fork_asm+0x1a/0x30

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38438"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-25T16:15:29Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.\n\nsof_pdata-\u003etplg_filename can have address allocated by kstrdup()\nand can be overwritten. Memory leak was detected with kmemleak:\n\nunreferenced object 0xffff88812391ff60 (size 16):\n  comm \"kworker/4:1\", pid 161, jiffies 4294802931\n  hex dump (first 16 bytes):\n    73 6f 66 2d 68 64 61 2d 67 65 6e 65 72 69 63 00  sof-hda-generic.\n  backtrace (crc 4bf1675c):\n    __kmalloc_node_track_caller_noprof+0x49c/0x6b0\n    kstrdup+0x46/0xc0\n    hda_machine_select.cold+0x1de/0x12cf [snd_sof_intel_hda_generic]\n    sof_init_environment+0x16f/0xb50 [snd_sof]\n    sof_probe_continue+0x45/0x7c0 [snd_sof]\n    sof_probe_work+0x1e/0x40 [snd_sof]\n    process_one_work+0x894/0x14b0\n    worker_thread+0x5e5/0xfb0\n    kthread+0x39d/0x760\n    ret_from_fork+0x31/0x70\n    ret_from_fork_asm+0x1a/0x30",
  "id": "GHSA-rvg6-v4xx-qvv4",
  "modified": "2025-11-19T18:31:16Z",
  "published": "2025-07-25T18:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38438"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/58ecf51af12cb32b890858b52b2c34e80590c74a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/68397fda2caa90e99a7c0bcb2cf604e42ef3b91f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6c038b58a2dc5a008c7e7a1297f5aaa4deaaaa7e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.