Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-V7QR-4H7W-77CM

Vulnerability from github – Published: 2024-06-20 12:31 – Updated: 2024-10-30 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2}

Free the "struct kvm_cpuid_entry2" array on successful post-KVM_RUN KVM_SET_CPUID{,2} to fix a memory leak, the callers of kvm_set_cpuid() free the array only on failure.

BUG: memory leak unreferenced object 0xffff88810963a800 (size 2048): comm "syz-executor025", pid 3610, jiffies 4294944928 (age 8.080s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 00 ................ 47 65 6e 75 6e 74 65 6c 69 6e 65 49 00 00 00 00 GenuntelineI.... backtrace: [] kmalloc_node include/linux/slab.h:604 [inline] [] kvmalloc_node+0x3e/0x100 mm/util.c:580 [] kvmalloc include/linux/slab.h:732 [inline] [] vmemdup_user+0x22/0x100 mm/util.c:199 [] kvm_vcpu_ioctl_set_cpuid2+0x8f/0xf0 arch/x86/kvm/cpuid.c:423 [] kvm_arch_vcpu_ioctl+0xb99/0x1e60 arch/x86/kvm/x86.c:5251 [] kvm_vcpu_ioctl+0x4ad/0x950 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4066 [] vfs_ioctl fs/ioctl.c:51 [inline] [] __do_sys_ioctl fs/ioctl.c:874 [inline] [] __se_sys_ioctl fs/ioctl.c:860 [inline] [] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:860 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x44/0xae

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48764"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-20T12:15:14Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2}\n\nFree the \"struct kvm_cpuid_entry2\" array on successful post-KVM_RUN\nKVM_SET_CPUID{,2} to fix a memory leak, the callers of kvm_set_cpuid()\nfree the array only on failure.\n\n BUG: memory leak\n unreferenced object 0xffff88810963a800 (size 2048):\n  comm \"syz-executor025\", pid 3610, jiffies 4294944928 (age 8.080s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 00  ................\n    47 65 6e 75 6e 74 65 6c 69 6e 65 49 00 00 00 00  GenuntelineI....\n  backtrace:\n    [\u003cffffffff814948ee\u003e] kmalloc_node include/linux/slab.h:604 [inline]\n    [\u003cffffffff814948ee\u003e] kvmalloc_node+0x3e/0x100 mm/util.c:580\n    [\u003cffffffff814950f2\u003e] kvmalloc include/linux/slab.h:732 [inline]\n    [\u003cffffffff814950f2\u003e] vmemdup_user+0x22/0x100 mm/util.c:199\n    [\u003cffffffff8109f5ff\u003e] kvm_vcpu_ioctl_set_cpuid2+0x8f/0xf0 arch/x86/kvm/cpuid.c:423\n    [\u003cffffffff810711b9\u003e] kvm_arch_vcpu_ioctl+0xb99/0x1e60 arch/x86/kvm/x86.c:5251\n    [\u003cffffffff8103e92d\u003e] kvm_vcpu_ioctl+0x4ad/0x950 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4066\n    [\u003cffffffff815afacc\u003e] vfs_ioctl fs/ioctl.c:51 [inline]\n    [\u003cffffffff815afacc\u003e] __do_sys_ioctl fs/ioctl.c:874 [inline]\n    [\u003cffffffff815afacc\u003e] __se_sys_ioctl fs/ioctl.c:860 [inline]\n    [\u003cffffffff815afacc\u003e] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:860\n    [\u003cffffffff844a3335\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n    [\u003cffffffff844a3335\u003e] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n    [\u003cffffffff84600068\u003e] entry_SYSCALL_64_after_hwframe+0x44/0xae",
  "id": "GHSA-v7qr-4h7w-77cm",
  "modified": "2024-10-30T18:30:45Z",
  "published": "2024-06-20T12:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48764"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/811f95ff95270e6048197821434d9301e3d7f07c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b9ee734a14bb685b2088f2176d82b34cb4e30dbc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V7XJ-X69J-92C7

Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35
VLAI
Details

in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27755"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-08T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0.",
  "id": "GHSA-v7xj-x69j-92c7",
  "modified": "2022-05-24T17:35:39Z",
  "published": "2022-05-24T17:35:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27755"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894232"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-V8F6-4VFF-JW8W

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-13 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

octeontx2-af: Fix mcam entry resource leak

The teardown sequence in FLR handler returns if no NIX LF is attached to PF/VF because it indicates that graceful shutdown of resources already happened. But there is a chance of all allocated MCAM entries not being freed by PF/VF. Hence free mcam entries even in case of detached LF.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50060"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:34Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Fix mcam entry resource leak\n\nThe teardown sequence in FLR handler returns if no NIX LF\nis attached to PF/VF because it indicates that graceful\nshutdown of resources already happened. But there is a\nchance of all allocated MCAM entries not being freed by\nPF/VF. Hence free mcam entries even in case of detached LF.",
  "id": "GHSA-v8f6-4vff-jw8w",
  "modified": "2025-11-13T18:31:00Z",
  "published": "2025-06-18T12:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50060"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3f8fe40ab7730cf8eb6f8b8ff412012f7f6f8f48"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cc32347f48111eea8d0165538c92aca92ede83f6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dc5be2d4f9285efe0d16f1bf00250df91d05d809"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V8FM-4CX6-7VH8

Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2025-09-19 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: fix potential sta-link leak

When a station is allocated, links are added but not set to valid yet (e.g. during connection to an AP MLD), we might remove the station without ever marking links valid, and leak them. Fix that.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35838"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T14:15:20Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix potential sta-link leak\n\nWhen a station is allocated, links are added but not\nset to valid yet (e.g. during connection to an AP MLD),\nwe might remove the station without ever marking links\nvalid, and leak them. Fix that.",
  "id": "GHSA-v8fm-4cx6-7vh8",
  "modified": "2025-09-19T21:31:15Z",
  "published": "2024-05-17T15:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35838"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/49aaeb8c539b1633b3bd7c2df131ec578aa1eae1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/587c5892976108674bbe61a8ff659de279318034"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b01a74b3ca6fd51b62c67733ba7c3280fa6c5d26"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e04bf59bdba0fa45d52160be676114e16be855a9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V8W5-GVPH-X6F3

Vulnerability from github – Published: 2025-07-04 21:30 – Updated: 2025-07-04 21:30
VLAI
Details

A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-7068"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-04T21:15:23Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-v8w5-gvph-x6f3",
  "modified": "2025-07-04T21:30:32Z",
  "published": "2025-07-04T21:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7068"
    },
    {
      "type": "WEB",
      "url": "https://github.com/HDFGroup/hdf5/issues/5578"
    },
    {
      "type": "WEB",
      "url": "https://github.com/user-attachments/files/20623530/hdf5_crash_10.txt"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.314903"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.314903"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.602537"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-V927-32PV-88X8

Vulnerability from github – Published: 2022-10-21 12:00 – Updated: 2022-10-24 19:00
VLAI
Details

A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211931.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3630"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401",
      "CWE-404"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-21T06:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211931.",
  "id": "GHSA-v927-32pv-88x8",
  "modified": "2022-10-24T19:00:23Z",
  "published": "2022-10-21T12:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3630"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=fb24771faf72a2fd62b3b6287af3c610c3ec9cf1"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.211931"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V965-8V6M-8C59

Vulnerability from github – Published: 2022-05-03 03:20 – Updated: 2022-05-03 03:20
VLAI
Details

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-1378"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-05-19T19:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka \"DTLS fragment handling memory leak.\"",
  "id": "GHSA-v965-8v6m-8c59",
  "modified": "2022-05-03T03:20:26Z",
  "published": "2022-05-03T03:20:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1378"
    },
    {
      "type": "WEB",
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.net/bugs/cve/2009-1378"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/8720"
    },
    {
      "type": "WEB",
      "url": "http://cvs.openssl.org/chngview?cn=18188"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=openssl-dev\u0026m=124247679213944\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=openssl-dev\u0026m=124263491424212\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://rt.openssl.org/Ticket/Display.html?id=1931\u0026user=guest\u0026pass=guest"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35128"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35416"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35461"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35571"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35729"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36533"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37003"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38761"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42724"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42733"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
    },
    {
      "type": "WEB",
      "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:120"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2009/05/18/1"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/35001"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022241"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-792-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1377"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-V972-H57Q-V8PW

Vulnerability from github – Published: 2023-05-16 00:30 – Updated: 2025-01-28 18:31
VLAI
Details

A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2700"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-15T22:15:12Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device\u0027s capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct\u0027s g_autoptr cleanup.",
  "id": "GHSA-v972-h57q-v8pw",
  "modified": "2025-01-28T18:31:20Z",
  "published": "2023-05-16T00:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2700"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-2700"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203653"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVK6JKP36CHE7YAFDJNPNLTW4OWJJ7TQ"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230706-0001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V99V-6WP3-34RF

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-05 17:48
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: Avoid memory leak while enabling statistics

Driver uses monitor destination rings for extended statistics mode and standalone monitor mode. In extended statistics mode, TLVs are parsed from the buffer received from the monitor destination ring and assigned to the ppdu_info structure to update per-packet statistics. In standalone monitor mode, along with per-packet statistics, the packet data (payload) is captured, and the driver updates per MSDU to mac80211.

When the AP interface is enabled, only extended statistics mode is activated. As part of enabling monitor rings for collecting statistics, the driver subscribes to HAL_RX_MPDU_START TLV in the filter configuration. This TLV is received from the monitor destination ring, and kzalloc for the mon_mpdu object occurs, which is not freed, leading to a memory leak. The kzalloc for the mon_mpdu object is only required while enabling the standalone monitor interface. This causes a memory leak while enabling extended statistics mode in the driver.

Fix this memory leak by removing the kzalloc for the mon_mpdu object in the HAL_RX_MPDU_START TLV handling. Additionally, remove the standalone monitor mode handlings in the HAL_MON_BUF_ADDR and HAL_RX_MSDU_END TLVs. These TLV tags will be handled properly when enabling standalone monitor mode in the future.

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37743"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T13:15:53Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Avoid memory leak while enabling statistics\n\nDriver uses monitor destination rings for extended statistics mode and\nstandalone monitor mode. In extended statistics mode, TLVs are parsed from\nthe buffer received from the monitor destination ring and assigned to the\nppdu_info structure to update per-packet statistics. In standalone monitor\nmode, along with per-packet statistics, the packet data (payload) is\ncaptured, and the driver updates per MSDU to mac80211.\n\nWhen the AP interface is enabled, only extended statistics mode is\nactivated. As part of enabling monitor rings for collecting statistics,\nthe driver subscribes to HAL_RX_MPDU_START TLV in the filter\nconfiguration. This TLV is received from the monitor destination ring, and\nkzalloc for the mon_mpdu object occurs, which is not freed, leading to a\nmemory leak. The kzalloc for the mon_mpdu object is only required while\nenabling the standalone monitor interface. This causes a memory leak while\nenabling extended statistics mode in the driver.\n\nFix this memory leak by removing the kzalloc for the mon_mpdu object in\nthe HAL_RX_MPDU_START TLV handling. Additionally, remove the standalone\nmonitor mode handlings in the HAL_MON_BUF_ADDR and HAL_RX_MSDU_END TLVs.\nThese TLV tags will be handled properly when enabling standalone monitor\nmode in the future.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3",
  "id": "GHSA-v99v-6wp3-34rf",
  "modified": "2025-11-05T17:48:22Z",
  "published": "2025-05-01T15:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37743"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/286bab0fc7b9db728dab8c63cadf6be9b3facf8c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ecfc131389923405be8e7a6f4408fd9321e4d19b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V9H5-MM27-9J99

Vulnerability from github – Published: 2022-05-24 17:12 – Updated: 2023-02-03 21:30
VLAI
Details

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-10593"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-03-23T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.",
  "id": "GHSA-v9h5-mm27-9j99",
  "modified": "2023-02-03T21:30:29Z",
  "published": "2022-05-24T17:12:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10593"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-50"
    },
    {
      "type": "WEB",
      "url": "https://trac.torproject.org/projects/tor/ticket/33619"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00045.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00052.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.