Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2001 vulnerabilities reference this CWE, most recent first.

GHSA-XHHV-VJ84-84FM

Vulnerability from github – Published: 2024-02-28 09:30 – Updated: 2024-12-12 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mt76: mt7615: fix tx skb dma unmap

The first pointer in the txp needs to be unmapped as well, otherwise it will leak DMA mapping entries

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47033"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-28T09:15:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7615: fix tx skb dma unmap\n\nThe first pointer in the txp needs to be unmapped as well, otherwise it will\nleak DMA mapping entries",
  "id": "GHSA-xhhv-vj84-84fm",
  "modified": "2024-12-12T18:30:49Z",
  "published": "2024-02-28T09:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47033"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/75bc5f779a7664d1fc19cb915039439c6e58bb94"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/821ae236ccea989a1fcc6abfc4d5b74ad4ba39d2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a025277a80add18c33d01042525a74fe5b875f25"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ebee7885bb12a8fe2c2f9bac87dbd87a05b645f9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHJ3-66VG-P2C8

Vulnerability from github – Published: 2022-08-17 00:00 – Updated: 2022-08-19 00:00
VLAI
Details

ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-35433"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-16T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c.",
  "id": "GHSA-xhj3-66vg-p2c8",
  "modified": "2022-08-19T00:00:38Z",
  "published": "2022-08-17T00:00:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35433"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rockcarry/ffjpeg/issues/52"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJ33-WWM4-P8MW

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-31 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf, s390: Fix potential memory leak about jit_data

Make sure to free jit_data through kfree() in the error path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47426"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:28Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, s390: Fix potential memory leak about jit_data\n\nMake sure to free jit_data through kfree() in the error path.",
  "id": "GHSA-xj33-wwm4-p8mw",
  "modified": "2024-12-31T21:30:44Z",
  "published": "2024-05-21T15:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47426"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/29fdb11ca88d3c490a3d56f0dc77eb9444d086be"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/686cb8b9f6b46787f035afe8fbd132a74e6b1bdd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a326f9c01cfbee4450ae49ce618ae6cbc0f76842"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d590a410e472417a22336c7c37685bfb38e801f2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJF3-WCJC-6JQ8

Vulnerability from github – Published: 2022-05-13 01:18 – Updated: 2022-05-13 01:18
VLAI
Details

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0829 and CVE-2018-0830.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-0832"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-15T02:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka \"Windows Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0829 and CVE-2018-0830.",
  "id": "GHSA-xjf3-wcjc-6jq8",
  "modified": "2022-05-13T01:18:32Z",
  "published": "2022-05-13T01:18:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0832"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0832"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/44146"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102923"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040373"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJM5-MRH5-2HC5

Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-11-12 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()

If alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not freed, which will cause following memleak:

unreferenced object 0xffff88810b2c6980 (size 32): comm "kworker/u16:2", pid 635322, jiffies 4355801099 (age 1216426.076s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$............. backtrace: [<0000000098f3a26d>] alua_activate+0xb0/0x320 [<000000003b529641>] scsi_dh_activate+0xb2/0x140 [<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath] [<000000007adc9ace>] process_one_work+0x3c5/0x730 [<00000000c457a985>] worker_thread+0x93/0x650 [<00000000cb80e628>] kthread+0x1ba/0x210 [<00000000a1e61077>] ret_from_fork+0x22/0x30

Fix the problem by freeing 'qdata' in error path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53078"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-02T16:15:26Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_dh_alua: Fix memleak for \u0027qdata\u0027 in alua_activate()\n\nIf alua_rtpg_queue() failed from alua_activate(), then \u0027qdata\u0027 is not\nfreed, which will cause following memleak:\n\nunreferenced object 0xffff88810b2c6980 (size 32):\n  comm \"kworker/u16:2\", pid 635322, jiffies 4355801099 (age 1216426.076s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff  @9$.............\n  backtrace:\n    [\u003c0000000098f3a26d\u003e] alua_activate+0xb0/0x320\n    [\u003c000000003b529641\u003e] scsi_dh_activate+0xb2/0x140\n    [\u003c000000007b296db3\u003e] activate_path_work+0xc6/0xe0 [dm_multipath]\n    [\u003c000000007adc9ace\u003e] process_one_work+0x3c5/0x730\n    [\u003c00000000c457a985\u003e] worker_thread+0x93/0x650\n    [\u003c00000000cb80e628\u003e] kthread+0x1ba/0x210\n    [\u003c00000000a1e61077\u003e] ret_from_fork+0x22/0x30\n\nFix the problem by freeing \u0027qdata\u0027 in error path.",
  "id": "GHSA-xjm5-mrh5-2hc5",
  "modified": "2025-11-12T21:31:00Z",
  "published": "2025-05-02T18:31:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53078"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d89254a4320eb7de0970c478172f764125c6355"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/123483df146492ca22b503ae6dacc2ce7c3a3974"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1c55982beb80c7d3c30278fc6cfda8496a31dbe6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5c4d71424df34fc23dc5336d09394ce68c849542"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9311e7a554dffd3823499e309a8b86a5cd1540e5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a13faca032acbf2699293587085293bdfaafc8ae"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c09cdf6eb815ee35e55d6c50ac7f63db58bd20b8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c110051d335ef7f62ad33474b0c23997fee5bfb5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJMQ-X923-HRWQ

Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2023-01-20 15:30
VLAI
Details

A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-18813"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-07T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.",
  "id": "GHSA-xjmq-x923-hrwq",
  "modified": "2023-01-20T15:30:28Z",
  "published": "2022-05-24T17:00:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18813"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9bbfceea12a8f145097a27d7c7267af25893c060"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20191205-0001"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4225-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4225-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4226-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XM9J-X4HP-V2X3

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-30 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/nouveau/kms/nv50-: fix file release memory leak

When using single_open() for opening, single_release() should be called, otherwise the 'op' allocated in single_open() will be leaked.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47422"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:27Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/kms/nv50-: fix file release memory leak\n\nWhen using single_open() for opening, single_release() should be\ncalled, otherwise the \u0027op\u0027 allocated in single_open() will be leaked.",
  "id": "GHSA-xm9j-x4hp-v2x3",
  "modified": "2024-12-30T21:30:46Z",
  "published": "2024-05-21T15:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47422"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b3d4945cc7e7ea1acd52cb06dfa83bfe265b6d5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b4e9fc14973a94ac0520f19b3633493ae13c912"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/65fff0a8efcdca8d84ffe3e23057c3b32403482d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XMFC-6X2R-FQV5

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-24 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

virtio-blk: Fix memory leak among suspend/resume procedure

The vblk->vqs should be freed before we call init_vqs() in virtblk_restore().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47319"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:19Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-blk: Fix memory leak among suspend/resume procedure\n\nThe vblk-\u003evqs should be freed before we call init_vqs()\nin virtblk_restore().",
  "id": "GHSA-xmfc-6x2r-fqv5",
  "modified": "2024-12-24T18:30:48Z",
  "published": "2024-05-21T15:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47319"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/04c6e60b884cb5e94ff32af46867fb41d5848358"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/102d6bc6475ab09bab579c18704e6cf8d898e93c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/29a2f4a3214aa14d61cc9737c9f886dae9dbb710"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/381bde79d11e596002edfd914e6714291826967a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/600942d2fd49b90e44857d20c774b20d16f3130f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/863da837964c80c72e368a4f748c30d25daa1815"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b71ba22e7c6c6b279c66f53ee7818709774efa1f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ca2b8ae93a6da9839dc7f9eb9199b18aa03c3dae"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cd24da0db9f75ca11eaf6060f0ccb90e2f3be3b0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XMJC-7969-FFGM

Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2025-09-19 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

xsk: recycle buffer in case Rx queue was full

Add missing xsk_buff_free() call when __xsk_rcv_zc() failed to produce descriptor to XSK Rx queue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35834"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T14:15:20Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: recycle buffer in case Rx queue was full\n\nAdd missing xsk_buff_free() call when __xsk_rcv_zc() failed to produce\ndescriptor to XSK Rx queue.",
  "id": "GHSA-xmjc-7969-ffgm",
  "modified": "2025-09-19T18:31:17Z",
  "published": "2024-05-17T15:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35834"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/269009893146c495f41e9572dd9319e787c2eba9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7b4d93d31aade99210d41cd9d4cbd2957c98bc8c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cce713664548284daf977739e7ff1cd59e84189c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XP5X-WR7X-FP9J

Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2026-05-12 12:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

netrom: Fix a memory leak in nr_heartbeat_expiry()

syzbot reported a memory leak in nr_create() 0.

Commit 409db27e3a2e ("netrom: Fix use-after-free of a listening socket.") added sock_hold() to the nr_heartbeat_expiry() function, where a) a socket has a SOCK_DESTROY flag or b) a listening socket has a SOCK_DEAD flag.

But in the case "a," when the SOCK_DESTROY flag is set, the file descriptor has already been closed and the nr_release() function has been called. So it makes no sense to hold the reference count because no one will call another nr_destroy_socket() and put it as in the case "b."

nr_connect nr_establish_data_link nr_start_heartbeat

nr_release switch (nr->state) case NR_STATE_3 nr->state = NR_STATE_2 sock_set_flag(sk, SOCK_DESTROY);

                    nr_rx_frame
                      nr_process_rx_frame
                        switch (nr->state)
                        case NR_STATE_2
                          nr_state2_machine()
                            nr_disconnect()
                              nr_sk(sk)->state = NR_STATE_0
                              sock_set_flag(sk, SOCK_DEAD)

                    nr_heartbeat_expiry
                      switch (nr->state)
                      case NR_STATE_0
                        if (sock_flag(sk, SOCK_DESTROY) ||
                           (sk->sk_state == TCP_LISTEN
                             && sock_flag(sk, SOCK_DEAD)))
                           sock_hold()  // ( !!! )
                           nr_destroy_socket()

To fix the memory leak, let's call sock_hold() only for a listening socket.

Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41006"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-12T13:15:21Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: Fix a memory leak in nr_heartbeat_expiry()\n\nsyzbot reported a memory leak in nr_create() [0].\n\nCommit 409db27e3a2e (\"netrom: Fix use-after-free of a listening socket.\")\nadded sock_hold() to the nr_heartbeat_expiry() function, where\na) a socket has a SOCK_DESTROY flag or\nb) a listening socket has a SOCK_DEAD flag.\n\nBut in the case \"a,\" when the SOCK_DESTROY flag is set, the file descriptor\nhas already been closed and the nr_release() function has been called.\nSo it makes no sense to hold the reference count because no one will\ncall another nr_destroy_socket() and put it as in the case \"b.\"\n\nnr_connect\n  nr_establish_data_link\n    nr_start_heartbeat\n\nnr_release\n  switch (nr-\u003estate)\n  case NR_STATE_3\n    nr-\u003estate = NR_STATE_2\n    sock_set_flag(sk, SOCK_DESTROY);\n\n                        nr_rx_frame\n                          nr_process_rx_frame\n                            switch (nr-\u003estate)\n                            case NR_STATE_2\n                              nr_state2_machine()\n                                nr_disconnect()\n                                  nr_sk(sk)-\u003estate = NR_STATE_0\n                                  sock_set_flag(sk, SOCK_DEAD)\n\n                        nr_heartbeat_expiry\n                          switch (nr-\u003estate)\n                          case NR_STATE_0\n                            if (sock_flag(sk, SOCK_DESTROY) ||\n                               (sk-\u003esk_state == TCP_LISTEN\n                                 \u0026\u0026 sock_flag(sk, SOCK_DEAD)))\n                               sock_hold()  // ( !!! )\n                               nr_destroy_socket()\n\nTo fix the memory leak, let\u0027s call sock_hold() only for a listening socket.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with Syzkaller.\n\n[0]: https://syzkaller.appspot.com/bug?extid=d327a1f3b12e1e206c16",
  "id": "GHSA-xp5x-wr7x-fp9j",
  "modified": "2026-05-12T12:32:03Z",
  "published": "2024-07-12T15:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41006"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b9130247f3b6a1122478471ff0e014ea96bb735"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/280cf1173726a7059b628c610c71050d5c0b6937"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5391f9db2cab5ef1cb411be1ab7dbec728078fba"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a02fd5d775cf9787ee7698c797e20f2fa13d2e2b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b6ebe4fed73eedeb73f4540f8edc4871945474c8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d377f5a28332954b19e373d36823e59830ab1712"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d616876256b38ecf9a1a1c7d674192c5346bc69c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e07a9c2a850cdebf625e7a1b8171bd23a8554313"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.