CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-XFV3-JP8H-Q7V6
Vulnerability from github – Published: 2023-04-06 18:30 – Updated: 2025-10-22 00:32Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
{
"affected": [],
"aliases": [
"CVE-2023-26083"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-06T16:15:00Z",
"severity": "MODERATE"
},
"details": "Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.",
"id": "GHSA-xfv3-jp8h-q7v6",
"modified": "2025-10-22T00:32:43Z",
"published": "2023-04-06T18:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26083"
},
{
"type": "WEB",
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-26083"
},
{
"type": "WEB",
"url": "https://www.cybersecurity-help.cz/vdb/SB2023033049"
},
{
"type": "WEB",
"url": "https://www.cybersecurity-help.cz/vulnerabilities/74210"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XG2H-7HCM-PH87
Vulnerability from github – Published: 2025-07-14 18:30 – Updated: 2025-07-15 18:31NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.
{
"affected": [],
"aliases": [
"CVE-2024-42649"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-14T17:15:32Z",
"severity": "MODERATE"
},
"details": "NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.",
"id": "GHSA-xg2h-7hcm-ph87",
"modified": "2025-07-15T18:31:25Z",
"published": "2025-07-14T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42649"
},
{
"type": "WEB",
"url": "https://github.com/nanomq/nanomq"
},
{
"type": "WEB",
"url": "https://github.com/songxpu/bug_report/blob/master/MQTT/NanoMQ/CVE-2024-42649.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XG3F-PH47-C5JV
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-13 21:31In the Linux kernel, the following vulnerability has been resolved:
misc: ti_fpc202: fix a potential memory leak in probe function
Use for_each_child_of_node_scoped() to simplify the code and ensure the device node reference is automatically released when the loop scope ends.
{
"affected": [],
"aliases": [
"CVE-2025-71290"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T12:16:28Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: ti_fpc202: fix a potential memory leak in probe function\n\nUse for_each_child_of_node_scoped() to simplify the code and ensure the\ndevice node reference is automatically released when the loop scope\nends.",
"id": "GHSA-xg3f-ph47-c5jv",
"modified": "2026-05-13T21:31:56Z",
"published": "2026-05-06T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71290"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d2975604bf1ba36ffc5a08fe8da97fd63b91c4f1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dad9f13d967b4e53e8eaf5f9c690f8e778ad9802"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dd16f314cb10e6807c74402efdfa2cccc1f15907"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XG42-33MC-4587
Vulnerability from github – Published: 2025-04-14 21:32 – Updated: 2025-04-14 21:32In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: memleak flow rule from commit path
Abort path release flow rule object, however, commit path does not. Update code to destroy these objects before releasing the transaction.
{
"affected": [],
"aliases": [
"CVE-2022-49358"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: memleak flow rule from commit path\n\nAbort path release flow rule object, however, commit path does not.\nUpdate code to destroy these objects before releasing the transaction.",
"id": "GHSA-xg42-33mc-4587",
"modified": "2025-04-14T21:32:22Z",
"published": "2025-04-14T21:32:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49358"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/330c0c6cd2150a2d7f47af16aa590078b0d2f736"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5b8d63489c3b701eb2a76f848ec94d8cbc9373b9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/80de9ea1f5b808a6601e91111fae601df2b26369"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9dd732e0bdf538b1b76dc7c157e2b5e560ff30d3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ab9f34a30c23f656e76f4c5b83125a4e7b53c86e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e33d9bd563e71f6c6528b96008d65524a459c4dc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XG4Q-G85W-X6X5
Vulnerability from github – Published: 2026-01-27 09:30 – Updated: 2026-01-27 09:30Missing Release of Memory after Effective Lifetime vulnerability in ydb-platform ydb (contrib/libs/yajl modules). This vulnerability is associated with program files yail_tree.C.
This issue affects ydb: through 24.4.4.2.
{
"affected": [],
"aliases": [
"CVE-2026-24825"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-27T09:15:53Z",
"severity": "MODERATE"
},
"details": "Missing Release of Memory after Effective Lifetime vulnerability in ydb-platform ydb (contrib/libs/yajl modules). This vulnerability is associated with program files yail_tree.C.\n\nThis issue affects ydb: through 24.4.4.2.",
"id": "GHSA-xg4q-g85w-x6x5",
"modified": "2026-01-27T09:30:31Z",
"published": "2026-01-27T09:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24825"
},
{
"type": "WEB",
"url": "https://github.com/ydb-platform/ydb/pull/17570"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-XGC5-8P66-2HP3
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows an adjacent attacker to cause a Denial of Service (DoS) by sending genuine BGP flowspec packets which cause an FPC heap memory leak. Once having run out of memory the FPC will crash and restart along with a core dump. Continued receipted of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos Evolved is not affected.
{
"affected": [],
"aliases": [
"CVE-2021-31367"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-19T19:15:00Z",
"severity": "MODERATE"
},
"details": "A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows an adjacent attacker to cause a Denial of Service (DoS) by sending genuine BGP flowspec packets which cause an FPC heap memory leak. Once having run out of memory the FPC will crash and restart along with a core dump. Continued receipted of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos Evolved is not affected.",
"id": "GHSA-xgc5-8p66-2hp3",
"modified": "2022-05-24T19:17:52Z",
"published": "2022-05-24T19:17:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31367"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA11229"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XGM3-V4R9-WFGM
Vulnerability from github – Published: 2026-02-24 15:43 – Updated: 2026-02-24 15:43Memory leak exists in coders/ashlar.c. The WriteASHLARImage allocates a structure. However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak.
```bash
==78968== Memcheck, a memory error detector
==78968== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==78968== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info
==78968==
==78968== HEAP SUMMARY:
==78968== in use at exit: 17,232 bytes in 4 blocks
==78968== total heap usage: 4,781 allocs, 4,777 frees, 785,472 bytes allocated
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25969"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-24T15:43:28Z",
"nvd_published_at": "2026-02-24T02:16:01Z",
"severity": "MODERATE"
},
"details": "Memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure. However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak.\n\n```\n```bash\n==78968== Memcheck, a memory error detector\n==78968== Copyright (C) 2002-2022, and GNU GPL\u0027d, by Julian Seward et al.\n==78968== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info\n==78968== \n==78968== HEAP SUMMARY:\n==78968== in use at exit: 17,232 bytes in 4 blocks\n==78968== total heap usage: 4,781 allocs, 4,777 frees, 785,472 bytes allocated\n```",
"id": "GHSA-xgm3-v4r9-wfgm",
"modified": "2026-02-24T15:43:28Z",
"published": "2026-02-24T15:43:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xgm3-v4r9-wfgm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25969"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/a253d1b124ebdcc2832daac6f9a35c362635b40e"
},
{
"type": "PACKAGE",
"url": "https://github.com/ImageMagick/ImageMagick"
},
{
"type": "WEB",
"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Image Magick has a Memory Leak in coders/ashlar.c"
}
GHSA-XGVM-JCP3-352M
Vulnerability from github – Published: 2024-11-09 12:30 – Updated: 2024-11-13 18:31In the Linux kernel, the following vulnerability has been resolved:
drm/connector: hdmi: Fix memory leak in drm_display_mode_from_cea_vic()
modprobe drm_connector_test and then rmmod drm_connector_test, the following memory leak occurs.
The mode allocated in drm_mode_duplicate() called by
drm_display_mode_from_cea_vic() is not freed, which cause the memory leak:
unreferenced object 0xffffff80cb0ee400 (size 128):
comm "kunit_try_catch", pid 1948, jiffies 4294950339
hex dump (first 32 bytes):
14 44 02 00 80 07 d8 07 04 08 98 08 00 00 38 04 .D............8.
3c 04 41 04 65 04 00 00 05 00 00 00 00 00 00 00 <.A.e...........
backtrace (crc 90e9585c):
[<00000000ec42e3d7>] kmemleak_alloc+0x34/0x40
[<00000000d0ef055a>] __kmalloc_cache_noprof+0x26c/0x2f4
[<00000000c2062161>] drm_mode_duplicate+0x44/0x19c
[<00000000f96c74aa>] drm_display_mode_from_cea_vic+0x88/0x98
[<00000000d8f2c8b4>] 0xffffffdc982a4868
[<000000005d164dbc>] kunit_try_run_case+0x13c/0x3ac
[<000000006fb23398>] kunit_generic_run_threadfn_adapter+0x80/0xec
[<000000006ea56ca0>] kthread+0x2e8/0x374
[<000000000676063f>] ret_from_fork+0x10/0x20
......
Free mode by using drm_kunit_display_mode_from_cea_vic()
to fix it.
{
"affected": [],
"aliases": [
"CVE-2024-50214"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-09T11:15:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/connector: hdmi: Fix memory leak in drm_display_mode_from_cea_vic()\n\nmodprobe drm_connector_test and then rmmod drm_connector_test,\nthe following memory leak occurs.\n\nThe `mode` allocated in drm_mode_duplicate() called by\ndrm_display_mode_from_cea_vic() is not freed, which cause the memory leak:\n\n\tunreferenced object 0xffffff80cb0ee400 (size 128):\n\t comm \"kunit_try_catch\", pid 1948, jiffies 4294950339\n\t hex dump (first 32 bytes):\n\t 14 44 02 00 80 07 d8 07 04 08 98 08 00 00 38 04 .D............8.\n\t 3c 04 41 04 65 04 00 00 05 00 00 00 00 00 00 00 \u003c.A.e...........\n\t backtrace (crc 90e9585c):\n\t [\u003c00000000ec42e3d7\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c00000000d0ef055a\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c00000000c2062161\u003e] drm_mode_duplicate+0x44/0x19c\n\t [\u003c00000000f96c74aa\u003e] drm_display_mode_from_cea_vic+0x88/0x98\n\t [\u003c00000000d8f2c8b4\u003e] 0xffffffdc982a4868\n\t [\u003c000000005d164dbc\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c000000006fb23398\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c000000006ea56ca0\u003e] kthread+0x2e8/0x374\n\t [\u003c000000000676063f\u003e] ret_from_fork+0x10/0x20\n\t......\n\nFree `mode` by using drm_kunit_display_mode_from_cea_vic()\nto fix it.",
"id": "GHSA-xgvm-jcp3-352m",
"modified": "2024-11-13T18:31:53Z",
"published": "2024-11-09T12:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50214"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/926163342a2e7595d950e84c17c693b1272bd491"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/df2b00685cd33cd85be8910c7d6d22c4ebbf18bb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XGXR-3384-47XM
Vulnerability from github – Published: 2023-06-15 21:30 – Updated: 2024-04-04 04:53A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error.
{
"affected": [],
"aliases": [
"CVE-2023-2683"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-15T20:15:09Z",
"severity": "MODERATE"
},
"details": "\nA memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error.\n\n",
"id": "GHSA-xgxr-3384-47xm",
"modified": "2024-04-04T04:53:07Z",
"published": "2023-06-15T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2683"
},
{
"type": "WEB",
"url": "https://github.com/SiliconLabs"
},
{
"type": "WEB",
"url": "https://https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000U2U1QQAV?operationContext=S1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XH29-JPW9-PV7C
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-03 15:30In the Linux kernel, the following vulnerability has been resolved:
iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
If iio_trigger_register() returns error, it should call iio_trigger_free() to give up the reference that hold in iio_trigger_alloc(), so that it can call iio_trig_release() to free memory when the refcount hit to 0.
{
"affected": [],
"aliases": [
"CVE-2022-49794"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T15:16:02Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()\n\nIf iio_trigger_register() returns error, it should call iio_trigger_free()\nto give up the reference that hold in iio_trigger_alloc(), so that it can\ncall iio_trig_release() to free memory when the refcount hit to 0.",
"id": "GHSA-xh29-jpw9-pv7c",
"modified": "2025-11-03T15:30:27Z",
"published": "2025-05-01T15:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49794"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1bf8c0aff8fb5c4edf3ba6728e6bedbd610d7f4b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2b29a7f2d52fb5281b30cf61c947d88bab18a29b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/65f20301607d07ee279b0804d11a05a62a6c1a1c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7b75515728b628a9a7540f201efdeb8ca7299385"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/85d2a8b287a89853c0dcfc5a97b5e9d36376fe37"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a0d98ae5a62a7bbad8fcf9fa22e0a1274197bbc4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c27a3b6ba23350708cf5ab9962337447b51eb76d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c3ce73f60599a483dca7becd4112508833a40ef9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.