CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-349W-CGP3-287R
Vulnerability from github – Published: 2022-09-22 00:00 – Updated: 2025-05-28 18:33By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
{
"affected": [],
"aliases": [
"CVE-2022-38178"
],
"database_specific": {
"cwe_ids": [
"CWE-347",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-21T11:15:00Z",
"severity": "HIGH"
},
"details": "By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.",
"id": "GHSA-349w-cgp3-287r",
"modified": "2025-05-28T18:33:05Z",
"published": "2022-09-22T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38178"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/cve-2022-38178"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-25"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20221228-0009"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5235"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-35RF-7VHX-9PHR
Vulnerability from github – Published: 2022-06-24 00:00 – Updated: 2022-06-30 00:00Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.
{
"affected": [],
"aliases": [
"CVE-2022-33105"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-23T17:15:00Z",
"severity": "HIGH"
},
"details": "Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.",
"id": "GHSA-35rf-7vhx-9phr",
"modified": "2022-06-30T00:00:34Z",
"published": "2022-06-24T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33105"
},
{
"type": "WEB",
"url": "https://github.com/redis/redis/pull/10753"
},
{
"type": "WEB",
"url": "https://github.com/redis/redis/pull/10829"
},
{
"type": "WEB",
"url": "https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/redis/redis/7.0.1/00-RELEASENOTES"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202209-17"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220729-0005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-36M3-C68M-7673
Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-12 21:31In the Linux kernel, the following vulnerability has been resolved:
USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup()
When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.
{
"affected": [],
"aliases": [
"CVE-2023-53406"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T14:15:44Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time. To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once.",
"id": "GHSA-36m3-c68m-7673",
"modified": "2025-12-12T21:31:31Z",
"published": "2025-09-18T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53406"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6236a6d2cdfb710bd8a82c4b179d0a034d0d99cb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/78d9586d8e728be1e360d3d0da7170c791d1d55e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7a038a681b7df78362d9fc7013e5395a694a9d3a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8d48a7887dbca22e064c20caf20ae7949019fe9b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-36QF-2Q77-7JH9
Vulnerability from github – Published: 2026-06-24 18:32 – Updated: 2026-06-28 09:31In the Linux kernel, the following vulnerability has been resolved:
neigh: let neigh_xmit take skb ownership
neigh_xmit always releases the skb, except when no neighbour table is found. But even the first added user of neigh_xmit (mpls) relied on neigh_xmit to release the skb (or queue it for tx).
sashiko reported: If neigh_xmit() is called with an uninitialized neighbor table (for example, NEIGH_ND_TABLE when IPv6 is disabled), it returns -EAFNOSUPPORT and bypasses its internal out_kfree_skb error path. Because the return value of neigh_xmit() is ignored here, does this leak the SKB?
Assume full ownership and remove the last code path that doesn't xmit or free skb.
{
"affected": [],
"aliases": [
"CVE-2026-52981"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-24T17:17:08Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nneigh: let neigh_xmit take skb ownership\n\nneigh_xmit always releases the skb, except when no neighbour table is\nfound. But even the first added user of neigh_xmit (mpls) relied on\nneigh_xmit to release the skb (or queue it for tx).\n\nsashiko reported:\n If neigh_xmit() is called with an uninitialized neighbor table (for\n example, NEIGH_ND_TABLE when IPv6 is disabled), it returns -EAFNOSUPPORT\n and bypasses its internal out_kfree_skb error path. Because the return\n value of neigh_xmit() is ignored here, does this leak the SKB?\n\nAssume full ownership and remove the last code path that doesn\u0027t\nxmit or free skb.",
"id": "GHSA-36qf-2q77-7jh9",
"modified": "2026-06-28T09:31:37Z",
"published": "2026-06-24T18:32:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52981"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0084712e0bee204b284510cdb63182fd5a30c2b7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4438113be604ee67a7bf4f81da6e1cca41332ce4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/445e45a2c3a078316a62d2d331a570cf34ef5079"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/63063ba60d2dc334e34f1e3f9271d7f3f6f30307"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8a89054a1ec0767aec25ed2bbac933da6ba3cf5a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9247d59ca15bf60a57dca08103f055d8a4340877"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-36R9-GJ33-8P48
Vulnerability from github – Published: 2024-12-29 12:30 – Updated: 2025-01-08 00:30In the Linux kernel, the following vulnerability has been resolved:
apparmor: test: Fix memory leak for aa_unpack_strdup()
The string allocated by kmemdup() in aa_unpack_strdup() is not freed and cause following memory leaks, free them to fix it.
unreferenced object 0xffffff80c6af8a50 (size 8):
comm "kunit_try_catch", pid 225, jiffies 4294894407
hex dump (first 8 bytes):
74 65 73 74 69 6e 67 00 testing.
backtrace (crc 5eab668b):
[<0000000001e3714d>] kmemleak_alloc+0x34/0x40
[<000000006e6c7776>] __kmalloc_node_track_caller_noprof+0x300/0x3e0
[<000000006870467c>] kmemdup_noprof+0x34/0x60
[<000000001176bb03>] aa_unpack_strdup+0xd0/0x18c
[<000000008ecde918>] policy_unpack_test_unpack_strdup_with_null_name+0xf8/0x3ec
[<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac
[<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec
[<00000000adf936cf>] kthread+0x2e8/0x374
[<0000000041bb1628>] ret_from_fork+0x10/0x20
unreferenced object 0xffffff80c2a29090 (size 8):
comm "kunit_try_catch", pid 227, jiffies 4294894409
hex dump (first 8 bytes):
74 65 73 74 69 6e 67 00 testing.
backtrace (crc 5eab668b):
[<0000000001e3714d>] kmemleak_alloc+0x34/0x40
[<000000006e6c7776>] __kmalloc_node_track_caller_noprof+0x300/0x3e0
[<000000006870467c>] kmemdup_noprof+0x34/0x60
[<000000001176bb03>] aa_unpack_strdup+0xd0/0x18c
[<0000000046a45c1a>] policy_unpack_test_unpack_strdup_with_name+0xd0/0x3c4
[<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac
[<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec
[<00000000adf936cf>] kthread+0x2e8/0x374
[<0000000041bb1628>] ret_from_fork+0x10/0x20
{
"affected": [],
"aliases": [
"CVE-2024-56741"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-29T12:15:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: test: Fix memory leak for aa_unpack_strdup()\n\nThe string allocated by kmemdup() in aa_unpack_strdup() is not\nfreed and cause following memory leaks, free them to fix it.\n\n\tunreferenced object 0xffffff80c6af8a50 (size 8):\n\t comm \"kunit_try_catch\", pid 225, jiffies 4294894407\n\t hex dump (first 8 bytes):\n\t 74 65 73 74 69 6e 67 00 testing.\n\t backtrace (crc 5eab668b):\n\t [\u003c0000000001e3714d\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c000000006e6c7776\u003e] __kmalloc_node_track_caller_noprof+0x300/0x3e0\n\t [\u003c000000006870467c\u003e] kmemdup_noprof+0x34/0x60\n\t [\u003c000000001176bb03\u003e] aa_unpack_strdup+0xd0/0x18c\n\t [\u003c000000008ecde918\u003e] policy_unpack_test_unpack_strdup_with_null_name+0xf8/0x3ec\n\t [\u003c0000000032ef8f77\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c00000000f3edea23\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000adf936cf\u003e] kthread+0x2e8/0x374\n\t [\u003c0000000041bb1628\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80c2a29090 (size 8):\n\t comm \"kunit_try_catch\", pid 227, jiffies 4294894409\n\t hex dump (first 8 bytes):\n\t 74 65 73 74 69 6e 67 00 testing.\n\t backtrace (crc 5eab668b):\n\t [\u003c0000000001e3714d\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c000000006e6c7776\u003e] __kmalloc_node_track_caller_noprof+0x300/0x3e0\n\t [\u003c000000006870467c\u003e] kmemdup_noprof+0x34/0x60\n\t [\u003c000000001176bb03\u003e] aa_unpack_strdup+0xd0/0x18c\n\t [\u003c0000000046a45c1a\u003e] policy_unpack_test_unpack_strdup_with_name+0xd0/0x3c4\n\t [\u003c0000000032ef8f77\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c00000000f3edea23\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000adf936cf\u003e] kthread+0x2e8/0x374\n\t [\u003c0000000041bb1628\u003e] ret_from_fork+0x10/0x20",
"id": "GHSA-36r9-gj33-8p48",
"modified": "2025-01-08T00:30:48Z",
"published": "2024-12-29T12:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56741"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2a9b68f2dc6812bd1b8880b5c00e60203d6f61f6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5354599855a9b5568e05ce686119ee3ff8b19bd5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/59a149e7c38e7b76616c8b333fc6aa5b6fb2293c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7290f59231910ccba427d441a6e8b8c6f6112448"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/89265f88701e54dde255ddf862093baeca57548c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d62ee5739a66644b0e7f11e657d562458cdcdea3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f856246ff6da25c4f8fdd73a9c875e878b085e9f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-374J-38XH-4WR2
Vulnerability from github – Published: 2026-03-26 09:30 – Updated: 2026-03-26 15:30When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf.
If an attacker is either on path with an established TCP connection, or can themselves establish a TCP connection, to an affected FreeBSD machine, they can easily craft and send packets which meet the challenge ACK criteria and cause the FreeBSD host to leak an mbuf for each crafted packet in excess of the configured rate limit settings i.e. with default settings, crafted packets in excess of the first 5 sent within a 1s period will leak an mbuf.
Technically, off-path attackers can also exploit this problem by guessing the IP addresses, TCP port numbers and in some cases the sequence numbers of established connections and spoofing packets towards a FreeBSD machine, but this is harder to do effectively.
{
"affected": [],
"aliases": [
"CVE-2026-4247"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-26T07:16:20Z",
"severity": "HIGH"
},
"details": "When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf.\n\nIf an attacker is either on path with an established TCP connection, or can themselves establish a TCP connection, to an affected FreeBSD machine, they can easily craft and send packets which meet the challenge ACK criteria and cause the FreeBSD host to leak an mbuf for each crafted packet in excess of the configured rate limit settings i.e. with default settings, crafted packets in excess of the first 5 sent within a 1s period will leak an mbuf.\n\nTechnically, off-path attackers can also exploit this problem by guessing the IP addresses, TCP port numbers and in some cases the sequence numbers of established connections and spoofing packets towards a FreeBSD machine, but this is harder to do effectively.",
"id": "GHSA-374j-38xh-4wr2",
"modified": "2026-03-26T15:30:36Z",
"published": "2026-03-26T09:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4247"
},
{
"type": "WEB",
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-26:06.tcp.asc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-377P-XR9W-8773
Vulnerability from github – Published: 2026-07-10 15:31 – Updated: 2026-07-10 15:31ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion.
{
"affected": [],
"aliases": [
"CVE-2026-56366"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-10T15:16:43Z",
"severity": "MODERATE"
},
"details": "ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion.",
"id": "GHSA-377p-xr9w-8773",
"modified": "2026-07-10T15:31:40Z",
"published": "2026-07-10T15:31:40Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9r56-3gjq-hqf7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56366"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-meta-reader-app1jpeg-error-path"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-378Q-GQ6Q-WJHH
Vulnerability from github – Published: 2022-11-01 12:00 – Updated: 2022-11-02 12:00timg v1.4.4 was discovered to contain a memory leak via the function timg::QueryBackgroundColor() at /timg/src/term-query.cc.
{
"affected": [],
"aliases": [
"CVE-2022-43151"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-31T19:15:00Z",
"severity": "MODERATE"
},
"details": "timg v1.4.4 was discovered to contain a memory leak via the function timg::QueryBackgroundColor() at /timg/src/term-query.cc.",
"id": "GHSA-378q-gq6q-wjhh",
"modified": "2022-11-02T12:00:37Z",
"published": "2022-11-01T12:00:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43151"
},
{
"type": "WEB",
"url": "https://github.com/hzeller/timg/issues/92"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3797-G9F6-3QF2
Vulnerability from github – Published: 2023-04-14 00:31 – Updated: 2024-04-04 03:27Baidu braft 1.1.2 has a memory leak related to use of the new operator in example/atomic/atomic_server. NOTE: installations with brpc-0.14.0 and later are unaffected.
{
"affected": [],
"aliases": [
"CVE-2023-30637"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-13T23:15:00Z",
"severity": "HIGH"
},
"details": "Baidu braft 1.1.2 has a memory leak related to use of the new operator in example/atomic/atomic_server. NOTE: installations with brpc-0.14.0 and later are unaffected.",
"id": "GHSA-3797-g9f6-3qf2",
"modified": "2024-04-04T03:27:31Z",
"published": "2023-04-14T00:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30637"
},
{
"type": "WEB",
"url": "https://github.com/baidu/braft/issues/393"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-37HW-M3RC-6WW4
Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2024-03-21 03:33A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a.
{
"affected": [],
"aliases": [
"CVE-2019-19049"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-18T06:15:00Z",
"severity": "HIGH"
},
"details": "A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a.",
"id": "GHSA-37hw-m3rc-6ww4",
"modified": "2024-03-21T03:33:48Z",
"published": "2022-05-24T17:01:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19049"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/e13de8fe0d6a51341671bbe384826d527afe8d44"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1157173"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.