CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2001 vulnerabilities reference this CWE, most recent first.
GHSA-XHHV-VJ84-84FM
Vulnerability from github – Published: 2024-02-28 09:30 – Updated: 2024-12-12 18:30In the Linux kernel, the following vulnerability has been resolved:
mt76: mt7615: fix tx skb dma unmap
The first pointer in the txp needs to be unmapped as well, otherwise it will leak DMA mapping entries
{
"affected": [],
"aliases": [
"CVE-2021-47033"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-28T09:15:39Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7615: fix tx skb dma unmap\n\nThe first pointer in the txp needs to be unmapped as well, otherwise it will\nleak DMA mapping entries",
"id": "GHSA-xhhv-vj84-84fm",
"modified": "2024-12-12T18:30:49Z",
"published": "2024-02-28T09:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47033"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/75bc5f779a7664d1fc19cb915039439c6e58bb94"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/821ae236ccea989a1fcc6abfc4d5b74ad4ba39d2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a025277a80add18c33d01042525a74fe5b875f25"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ebee7885bb12a8fe2c2f9bac87dbd87a05b645f9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XHJ3-66VG-P2C8
Vulnerability from github – Published: 2022-08-17 00:00 – Updated: 2022-08-19 00:00ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c.
{
"affected": [],
"aliases": [
"CVE-2022-35433"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-16T21:15:00Z",
"severity": "MODERATE"
},
"details": "ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c.",
"id": "GHSA-xhj3-66vg-p2c8",
"modified": "2022-08-19T00:00:38Z",
"published": "2022-08-17T00:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35433"
},
{
"type": "WEB",
"url": "https://github.com/rockcarry/ffjpeg/issues/52"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XJ33-WWM4-P8MW
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-31 21:30In the Linux kernel, the following vulnerability has been resolved:
bpf, s390: Fix potential memory leak about jit_data
Make sure to free jit_data through kfree() in the error path.
{
"affected": [],
"aliases": [
"CVE-2021-47426"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:28Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, s390: Fix potential memory leak about jit_data\n\nMake sure to free jit_data through kfree() in the error path.",
"id": "GHSA-xj33-wwm4-p8mw",
"modified": "2024-12-31T21:30:44Z",
"published": "2024-05-21T15:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47426"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/29fdb11ca88d3c490a3d56f0dc77eb9444d086be"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/686cb8b9f6b46787f035afe8fbd132a74e6b1bdd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a326f9c01cfbee4450ae49ce618ae6cbc0f76842"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d590a410e472417a22336c7c37685bfb38e801f2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XJF3-WCJC-6JQ8
Vulnerability from github – Published: 2022-05-13 01:18 – Updated: 2022-05-13 01:18The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0829 and CVE-2018-0830.
{
"affected": [],
"aliases": [
"CVE-2018-0832"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-15T02:29:00Z",
"severity": "MODERATE"
},
"details": "The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka \"Windows Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0829 and CVE-2018-0830.",
"id": "GHSA-xjf3-wcjc-6jq8",
"modified": "2022-05-13T01:18:32Z",
"published": "2022-05-13T01:18:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0832"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0832"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/44146"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102923"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040373"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XJM5-MRH5-2HC5
Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-11-12 21:31In the Linux kernel, the following vulnerability has been resolved:
scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
If alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not freed, which will cause following memleak:
unreferenced object 0xffff88810b2c6980 (size 32): comm "kworker/u16:2", pid 635322, jiffies 4355801099 (age 1216426.076s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$............. backtrace: [<0000000098f3a26d>] alua_activate+0xb0/0x320 [<000000003b529641>] scsi_dh_activate+0xb2/0x140 [<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath] [<000000007adc9ace>] process_one_work+0x3c5/0x730 [<00000000c457a985>] worker_thread+0x93/0x650 [<00000000cb80e628>] kthread+0x1ba/0x210 [<00000000a1e61077>] ret_from_fork+0x22/0x30
Fix the problem by freeing 'qdata' in error path.
{
"affected": [],
"aliases": [
"CVE-2023-53078"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-02T16:15:26Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_dh_alua: Fix memleak for \u0027qdata\u0027 in alua_activate()\n\nIf alua_rtpg_queue() failed from alua_activate(), then \u0027qdata\u0027 is not\nfreed, which will cause following memleak:\n\nunreferenced object 0xffff88810b2c6980 (size 32):\n comm \"kworker/u16:2\", pid 635322, jiffies 4355801099 (age 1216426.076s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$.............\n backtrace:\n [\u003c0000000098f3a26d\u003e] alua_activate+0xb0/0x320\n [\u003c000000003b529641\u003e] scsi_dh_activate+0xb2/0x140\n [\u003c000000007b296db3\u003e] activate_path_work+0xc6/0xe0 [dm_multipath]\n [\u003c000000007adc9ace\u003e] process_one_work+0x3c5/0x730\n [\u003c00000000c457a985\u003e] worker_thread+0x93/0x650\n [\u003c00000000cb80e628\u003e] kthread+0x1ba/0x210\n [\u003c00000000a1e61077\u003e] ret_from_fork+0x22/0x30\n\nFix the problem by freeing \u0027qdata\u0027 in error path.",
"id": "GHSA-xjm5-mrh5-2hc5",
"modified": "2025-11-12T21:31:00Z",
"published": "2025-05-02T18:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53078"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0d89254a4320eb7de0970c478172f764125c6355"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/123483df146492ca22b503ae6dacc2ce7c3a3974"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1c55982beb80c7d3c30278fc6cfda8496a31dbe6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5c4d71424df34fc23dc5336d09394ce68c849542"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9311e7a554dffd3823499e309a8b86a5cd1540e5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a13faca032acbf2699293587085293bdfaafc8ae"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c09cdf6eb815ee35e55d6c50ac7f63db58bd20b8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c110051d335ef7f62ad33474b0c23997fee5bfb5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XJMQ-X923-HRWQ
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2023-01-20 15:30A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.
{
"affected": [],
"aliases": [
"CVE-2019-18813"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-07T16:15:00Z",
"severity": "HIGH"
},
"details": "A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.",
"id": "GHSA-xjmq-x923-hrwq",
"modified": "2023-01-20T15:30:28Z",
"published": "2022-05-24T17:00:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18813"
},
{
"type": "WEB",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9bbfceea12a8f145097a27d7c7267af25893c060"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4225-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4225-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4226-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XM9J-X4HP-V2X3
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-30 21:30In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau/kms/nv50-: fix file release memory leak
When using single_open() for opening, single_release() should be called, otherwise the 'op' allocated in single_open() will be leaked.
{
"affected": [],
"aliases": [
"CVE-2021-47422"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/kms/nv50-: fix file release memory leak\n\nWhen using single_open() for opening, single_release() should be\ncalled, otherwise the \u0027op\u0027 allocated in single_open() will be leaked.",
"id": "GHSA-xm9j-x4hp-v2x3",
"modified": "2024-12-30T21:30:46Z",
"published": "2024-05-21T15:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47422"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b3d4945cc7e7ea1acd52cb06dfa83bfe265b6d5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b4e9fc14973a94ac0520f19b3633493ae13c912"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/65fff0a8efcdca8d84ffe3e23057c3b32403482d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XMFC-6X2R-FQV5
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-24 18:30In the Linux kernel, the following vulnerability has been resolved:
virtio-blk: Fix memory leak among suspend/resume procedure
The vblk->vqs should be freed before we call init_vqs() in virtblk_restore().
{
"affected": [],
"aliases": [
"CVE-2021-47319"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:19Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-blk: Fix memory leak among suspend/resume procedure\n\nThe vblk-\u003evqs should be freed before we call init_vqs()\nin virtblk_restore().",
"id": "GHSA-xmfc-6x2r-fqv5",
"modified": "2024-12-24T18:30:48Z",
"published": "2024-05-21T15:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47319"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/04c6e60b884cb5e94ff32af46867fb41d5848358"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/102d6bc6475ab09bab579c18704e6cf8d898e93c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/29a2f4a3214aa14d61cc9737c9f886dae9dbb710"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/381bde79d11e596002edfd914e6714291826967a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/600942d2fd49b90e44857d20c774b20d16f3130f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/863da837964c80c72e368a4f748c30d25daa1815"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b71ba22e7c6c6b279c66f53ee7818709774efa1f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca2b8ae93a6da9839dc7f9eb9199b18aa03c3dae"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cd24da0db9f75ca11eaf6060f0ccb90e2f3be3b0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XMJC-7969-FFGM
Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2025-09-19 18:31In the Linux kernel, the following vulnerability has been resolved:
xsk: recycle buffer in case Rx queue was full
Add missing xsk_buff_free() call when __xsk_rcv_zc() failed to produce descriptor to XSK Rx queue.
{
"affected": [],
"aliases": [
"CVE-2024-35834"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T14:15:20Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: recycle buffer in case Rx queue was full\n\nAdd missing xsk_buff_free() call when __xsk_rcv_zc() failed to produce\ndescriptor to XSK Rx queue.",
"id": "GHSA-xmjc-7969-ffgm",
"modified": "2025-09-19T18:31:17Z",
"published": "2024-05-17T15:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35834"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/269009893146c495f41e9572dd9319e787c2eba9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7b4d93d31aade99210d41cd9d4cbd2957c98bc8c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cce713664548284daf977739e7ff1cd59e84189c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XP5X-WR7X-FP9J
Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2026-05-12 12:32In the Linux kernel, the following vulnerability has been resolved:
netrom: Fix a memory leak in nr_heartbeat_expiry()
syzbot reported a memory leak in nr_create() 0.
Commit 409db27e3a2e ("netrom: Fix use-after-free of a listening socket.") added sock_hold() to the nr_heartbeat_expiry() function, where a) a socket has a SOCK_DESTROY flag or b) a listening socket has a SOCK_DEAD flag.
But in the case "a," when the SOCK_DESTROY flag is set, the file descriptor has already been closed and the nr_release() function has been called. So it makes no sense to hold the reference count because no one will call another nr_destroy_socket() and put it as in the case "b."
nr_connect nr_establish_data_link nr_start_heartbeat
nr_release switch (nr->state) case NR_STATE_3 nr->state = NR_STATE_2 sock_set_flag(sk, SOCK_DESTROY);
nr_rx_frame
nr_process_rx_frame
switch (nr->state)
case NR_STATE_2
nr_state2_machine()
nr_disconnect()
nr_sk(sk)->state = NR_STATE_0
sock_set_flag(sk, SOCK_DEAD)
nr_heartbeat_expiry
switch (nr->state)
case NR_STATE_0
if (sock_flag(sk, SOCK_DESTROY) ||
(sk->sk_state == TCP_LISTEN
&& sock_flag(sk, SOCK_DEAD)))
sock_hold() // ( !!! )
nr_destroy_socket()
To fix the memory leak, let's call sock_hold() only for a listening socket.
Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller.
{
"affected": [],
"aliases": [
"CVE-2024-41006"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-12T13:15:21Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: Fix a memory leak in nr_heartbeat_expiry()\n\nsyzbot reported a memory leak in nr_create() [0].\n\nCommit 409db27e3a2e (\"netrom: Fix use-after-free of a listening socket.\")\nadded sock_hold() to the nr_heartbeat_expiry() function, where\na) a socket has a SOCK_DESTROY flag or\nb) a listening socket has a SOCK_DEAD flag.\n\nBut in the case \"a,\" when the SOCK_DESTROY flag is set, the file descriptor\nhas already been closed and the nr_release() function has been called.\nSo it makes no sense to hold the reference count because no one will\ncall another nr_destroy_socket() and put it as in the case \"b.\"\n\nnr_connect\n nr_establish_data_link\n nr_start_heartbeat\n\nnr_release\n switch (nr-\u003estate)\n case NR_STATE_3\n nr-\u003estate = NR_STATE_2\n sock_set_flag(sk, SOCK_DESTROY);\n\n nr_rx_frame\n nr_process_rx_frame\n switch (nr-\u003estate)\n case NR_STATE_2\n nr_state2_machine()\n nr_disconnect()\n nr_sk(sk)-\u003estate = NR_STATE_0\n sock_set_flag(sk, SOCK_DEAD)\n\n nr_heartbeat_expiry\n switch (nr-\u003estate)\n case NR_STATE_0\n if (sock_flag(sk, SOCK_DESTROY) ||\n (sk-\u003esk_state == TCP_LISTEN\n \u0026\u0026 sock_flag(sk, SOCK_DEAD)))\n sock_hold() // ( !!! )\n nr_destroy_socket()\n\nTo fix the memory leak, let\u0027s call sock_hold() only for a listening socket.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with Syzkaller.\n\n[0]: https://syzkaller.appspot.com/bug?extid=d327a1f3b12e1e206c16",
"id": "GHSA-xp5x-wr7x-fp9j",
"modified": "2026-05-12T12:32:03Z",
"published": "2024-07-12T15:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41006"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b9130247f3b6a1122478471ff0e014ea96bb735"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/280cf1173726a7059b628c610c71050d5c0b6937"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5391f9db2cab5ef1cb411be1ab7dbec728078fba"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a02fd5d775cf9787ee7698c797e20f2fa13d2e2b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b6ebe4fed73eedeb73f4540f8edc4871945474c8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d377f5a28332954b19e373d36823e59830ab1712"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d616876256b38ecf9a1a1c7d674192c5346bc69c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e07a9c2a850cdebf625e7a1b8171bd23a8554313"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.