Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-37R4-CW3G-GH25

Vulnerability from github – Published: 2022-10-18 12:00 – Updated: 2022-10-18 12:00
VLAI
Details

An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privileged attacker to cause a Denial of Sevice (DoS). In a high-scaled BGP routing environment with rib-sharding enabled, two issues may occur when executing a specific CLI command. One is a memory leak issue with rpd where the leak rate is not constant, and the other is a temporary spike in rpd memory usage during command execution. This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R1-S2-EVO, 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22240"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-18T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privileged attacker to cause a Denial of Sevice (DoS). In a high-scaled BGP routing environment with rib-sharding enabled, two issues may occur when executing a specific CLI command. One is a memory leak issue with rpd where the leak rate is not constant, and the other is a temporary spike in rpd memory usage during command execution. This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R1-S2-EVO, 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1.",
  "id": "GHSA-37r4-cw3g-gh25",
  "modified": "2022-10-18T12:00:30Z",
  "published": "2022-10-18T12:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22240"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA69896"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3835-QHJH-269W

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-14 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix possible memory leak in btrfs_get_dev_args_from_path()

In btrfs_get_dev_args_from_path(), btrfs_get_bdev_and_sb() can fail if the path is invalid. In this case, btrfs_get_dev_args_from_path() returns directly without freeing args->uuid and args->fsid allocated before, which causes memory leak.

To fix these possible leaks, when btrfs_get_bdev_and_sb() fails, btrfs_put_dev_args_from_path() is called to clean up the memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49996"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:27Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix possible memory leak in btrfs_get_dev_args_from_path()\n\nIn btrfs_get_dev_args_from_path(), btrfs_get_bdev_and_sb() can fail if\nthe path is invalid. In this case, btrfs_get_dev_args_from_path()\nreturns directly without freeing args-\u003euuid and args-\u003efsid allocated\nbefore, which causes memory leak.\n\nTo fix these possible leaks, when btrfs_get_bdev_and_sb() fails,\nbtrfs_put_dev_args_from_path() is called to clean up the memory.",
  "id": "GHSA-3835-qhjh-269w",
  "modified": "2025-11-14T18:31:23Z",
  "published": "2025-06-18T12:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49996"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4b124ad87244cd7f0883c5eaa38d2326b2154cad"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5f52402c77013e4a826394b807dd5ea4dc83bd72"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9ea0106a7a3d8116860712e3f17cd52ce99f6707"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3884-HC6C-JWPV

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-03 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

orangefs: Fix kmemleak in orangefs_sysfs_init()

When insert and remove the orangefs module, there are kobjects memory leaked as below:

unreferenced object 0xffff88810f95af00 (size 64): comm "insmod", pid 783, jiffies 4294813439 (age 65.512s) hex dump (first 32 bytes): a0 83 af 01 81 88 ff ff 08 af 95 0f 81 88 ff ff ................ 08 af 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000031ab7788>] kmalloc_trace+0x27/0xa0 [<000000005a6e4dfe>] orangefs_sysfs_init+0x42/0x3a0 [<00000000722645ca>] 0xffffffffa02780fe [<000000004232d9f7>] do_one_initcall+0x87/0x2a0 [<0000000054f22384>] do_init_module+0xdf/0x320 [<000000003263bdea>] load_module+0x2f98/0x3330 [<0000000052cd4153>] __do_sys_finit_module+0x113/0x1b0 [<00000000250ae02b>] do_syscall_64+0x35/0x80 [<00000000f11c03c7>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

unreferenced object 0xffff88810f95ae80 (size 64): comm "insmod", pid 783, jiffies 4294813439 (age 65.512s) hex dump (first 32 bytes): c8 90 0f 02 81 88 ff ff 88 ae 95 0f 81 88 ff ff ................ 88 ae 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000031ab7788>] kmalloc_trace+0x27/0xa0 [<000000001a4841fa>] orangefs_sysfs_init+0xc7/0x3a0 [<00000000722645ca>] 0xffffffffa02780fe [<000000004232d9f7>] do_one_initcall+0x87/0x2a0 [<0000000054f22384>] do_init_module+0xdf/0x320 [<000000003263bdea>] load_module+0x2f98/0x3330 [<0000000052cd4153>] __do_sys_finit_module+0x113/0x1b0 [<00000000250ae02b>] do_syscall_64+0x35/0x80 [<00000000f11c03c7>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

unreferenced object 0xffff88810f95ae00 (size 64): comm "insmod", pid 783, jiffies 4294813440 (age 65.511s) hex dump (first 32 bytes): 60 87 a1 00 81 88 ff ff 08 ae 95 0f 81 88 ff ff `............... 08 ae 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000031ab7788>] kmalloc_trace+0x27/0xa0 [<000000005915e797>] orangefs_sysfs_init+0x12b/0x3a0 [<00000000722645ca>] 0xffffffffa02780fe [<000000004232d9f7>] do_one_initcall+0x87/0x2a0 [<0000000054f22384>] do_init_module+0xdf/0x320 [<000000003263bdea>] load_module+0x2f98/0x3330 [<0000000052cd4153>] __do_sys_finit_module+0x113/0x1b0 [<00000000250ae02b>] do_syscall_64+0x35/0x80 [<00000000f11c03c7>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

unreferenced object 0xffff88810f95ad80 (size 64): comm "insmod", pid 783, jiffies 4294813440 (age 65.511s) hex dump (first 32 bytes): 78 90 0f 02 81 88 ff ff 88 ad 95 0f 81 88 ff ff x............... 88 ad 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000031ab7788>] kmalloc_trace+0x27/0xa0 [<000000007a14eb35>] orangefs_sysfs_init+0x1ac/0x3a0 [<00000000722645ca>] 0xffffffffa02780fe [<000000004232d9f7>] do_one_initcall+0x87/0x2a0 [<0000000054f22384>] do_init_module+0xdf/0x320 [<000000003263bdea>] load_module+0x2f98/0x3330 [<0000000052cd4153>] __do_sys_finit_module+0x113/0x1b0 [<00000000250ae02b>] do_syscall_64+0x35/0x80 [<00000000f11c03c7>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

unreferenced object 0xffff88810f95ac00 (size 64): comm "insmod", pid 783, jiffies 4294813440 (age 65.531s) hex dump (first 32 bytes): e0 ff 67 02 81 88 ff ff 08 ac 95 0f 81 88 ff ff ..g............. 08 ac 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000031ab7788>] kmalloc_trace+0x27/0xa0 [<000000001f38adcb>] orangefs_sysfs_init+0x291/0x3a0 [<00000000722645ca>] 0xffffffffa02780fe [<000000004232d9f7>] do_one_initcall+0x87/0x2a0 [<0000000054f22384>] do_init_module+0xdf/0x320 [<000000003263bdea>] load_module+0x2f98/0x3330 [<0000000052cd4153>] __do_sys_finit_module+0x113/0x1b0 [<00000000250ae02b>] do_syscall_64+0x35/ ---truncated---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50316"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:43Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: Fix kmemleak in orangefs_sysfs_init()\n\nWhen insert and remove the orangefs module, there are kobjects memory\nleaked as below:\n\nunreferenced object 0xffff88810f95af00 (size 64):\n  comm \"insmod\", pid 783, jiffies 4294813439 (age 65.512s)\n  hex dump (first 32 bytes):\n    a0 83 af 01 81 88 ff ff 08 af 95 0f 81 88 ff ff  ................\n    08 af 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [\u003c0000000031ab7788\u003e] kmalloc_trace+0x27/0xa0\n    [\u003c000000005a6e4dfe\u003e] orangefs_sysfs_init+0x42/0x3a0\n    [\u003c00000000722645ca\u003e] 0xffffffffa02780fe\n    [\u003c000000004232d9f7\u003e] do_one_initcall+0x87/0x2a0\n    [\u003c0000000054f22384\u003e] do_init_module+0xdf/0x320\n    [\u003c000000003263bdea\u003e] load_module+0x2f98/0x3330\n    [\u003c0000000052cd4153\u003e] __do_sys_finit_module+0x113/0x1b0\n    [\u003c00000000250ae02b\u003e] do_syscall_64+0x35/0x80\n    [\u003c00000000f11c03c7\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nunreferenced object 0xffff88810f95ae80 (size 64):\n  comm \"insmod\", pid 783, jiffies 4294813439 (age 65.512s)\n  hex dump (first 32 bytes):\n    c8 90 0f 02 81 88 ff ff 88 ae 95 0f 81 88 ff ff  ................\n    88 ae 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [\u003c0000000031ab7788\u003e] kmalloc_trace+0x27/0xa0\n    [\u003c000000001a4841fa\u003e] orangefs_sysfs_init+0xc7/0x3a0\n    [\u003c00000000722645ca\u003e] 0xffffffffa02780fe\n    [\u003c000000004232d9f7\u003e] do_one_initcall+0x87/0x2a0\n    [\u003c0000000054f22384\u003e] do_init_module+0xdf/0x320\n    [\u003c000000003263bdea\u003e] load_module+0x2f98/0x3330\n    [\u003c0000000052cd4153\u003e] __do_sys_finit_module+0x113/0x1b0\n    [\u003c00000000250ae02b\u003e] do_syscall_64+0x35/0x80\n    [\u003c00000000f11c03c7\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nunreferenced object 0xffff88810f95ae00 (size 64):\n  comm \"insmod\", pid 783, jiffies 4294813440 (age 65.511s)\n  hex dump (first 32 bytes):\n    60 87 a1 00 81 88 ff ff 08 ae 95 0f 81 88 ff ff  `...............\n    08 ae 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [\u003c0000000031ab7788\u003e] kmalloc_trace+0x27/0xa0\n    [\u003c000000005915e797\u003e] orangefs_sysfs_init+0x12b/0x3a0\n    [\u003c00000000722645ca\u003e] 0xffffffffa02780fe\n    [\u003c000000004232d9f7\u003e] do_one_initcall+0x87/0x2a0\n    [\u003c0000000054f22384\u003e] do_init_module+0xdf/0x320\n    [\u003c000000003263bdea\u003e] load_module+0x2f98/0x3330\n    [\u003c0000000052cd4153\u003e] __do_sys_finit_module+0x113/0x1b0\n    [\u003c00000000250ae02b\u003e] do_syscall_64+0x35/0x80\n    [\u003c00000000f11c03c7\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nunreferenced object 0xffff88810f95ad80 (size 64):\n  comm \"insmod\", pid 783, jiffies 4294813440 (age 65.511s)\n  hex dump (first 32 bytes):\n    78 90 0f 02 81 88 ff ff 88 ad 95 0f 81 88 ff ff  x...............\n    88 ad 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [\u003c0000000031ab7788\u003e] kmalloc_trace+0x27/0xa0\n    [\u003c000000007a14eb35\u003e] orangefs_sysfs_init+0x1ac/0x3a0\n    [\u003c00000000722645ca\u003e] 0xffffffffa02780fe\n    [\u003c000000004232d9f7\u003e] do_one_initcall+0x87/0x2a0\n    [\u003c0000000054f22384\u003e] do_init_module+0xdf/0x320\n    [\u003c000000003263bdea\u003e] load_module+0x2f98/0x3330\n    [\u003c0000000052cd4153\u003e] __do_sys_finit_module+0x113/0x1b0\n    [\u003c00000000250ae02b\u003e] do_syscall_64+0x35/0x80\n    [\u003c00000000f11c03c7\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nunreferenced object 0xffff88810f95ac00 (size 64):\n  comm \"insmod\", pid 783, jiffies 4294813440 (age 65.531s)\n  hex dump (first 32 bytes):\n    e0 ff 67 02 81 88 ff ff 08 ac 95 0f 81 88 ff ff  ..g.............\n    08 ac 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [\u003c0000000031ab7788\u003e] kmalloc_trace+0x27/0xa0\n    [\u003c000000001f38adcb\u003e] orangefs_sysfs_init+0x291/0x3a0\n    [\u003c00000000722645ca\u003e] 0xffffffffa02780fe\n    [\u003c000000004232d9f7\u003e] do_one_initcall+0x87/0x2a0\n    [\u003c0000000054f22384\u003e] do_init_module+0xdf/0x320\n    [\u003c000000003263bdea\u003e] load_module+0x2f98/0x3330\n    [\u003c0000000052cd4153\u003e] __do_sys_finit_module+0x113/0x1b0\n    [\u003c00000000250ae02b\u003e] do_syscall_64+0x35/\n---truncated---",
  "id": "GHSA-3884-hc6c-jwpv",
  "modified": "2025-12-03T21:30:59Z",
  "published": "2025-09-15T15:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50316"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1f2c0e8a587bcafad85019a2d80f158d8d41a868"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/22409490294180c39be7dd0e5b2667d41556307d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9ce4ba7fff5af36da82dc5964221367630621b99"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3886-873F-6XPF

Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-02 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/vc4: fix krealloc() memory leak

Don't just overwrite the original pointer passed to krealloc() with its return value without checking latter:

MEM = krealloc(MEM, SZ, GFP);

If krealloc() returns NULL, that erases the pointer to the still allocated memory, hence leaks this memory. Instead, use a temporary variable, check it's not NULL and only then assign it to the original pointer:

TMP = krealloc(MEM, SZ, GFP);
if (!TMP) return;
MEM = TMP;

While on it, use krealloc_array().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53213"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T09:16:38Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: fix krealloc() memory leak\n\nDon\u0027t just overwrite the original pointer passed to krealloc()\nwith its return value without checking latter:\n\n    MEM = krealloc(MEM, SZ, GFP);\n\nIf krealloc() returns NULL, that erases the pointer\nto the still allocated memory, hence leaks this memory.\nInstead, use a temporary variable, check it\u0027s not NULL\nand only then assign it to the original pointer:\n\n    TMP = krealloc(MEM, SZ, GFP);\n    if (!TMP) return;\n    MEM = TMP;\n\nWhile on it, use krealloc_array().",
  "id": "GHSA-3886-873f-6xpf",
  "modified": "2026-07-02T21:32:05Z",
  "published": "2026-06-25T09:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53213"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/02f5e4db57c0cdd7bac89d503b301a093a0fa95c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/30165a09f76eaf34951c818eb5d9d6e4771d76f6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4fc692dc6df5bc777cc1bcebf95179e28594875f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5d563a5da8717629ae72f9eadf1e0e340bd1658b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c034aa0b1ba5f49cbdf8ef193d6ec714d74aac27"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e0ce103e89d61eef70edc1d1ae3bfd4c0aacbc2e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fd87d6966041e33ef7d2e5dc59f9a52b71c6ae5f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-388X-F5QM-FVJG

Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14
VLAI
Details

Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33365"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-13T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.",
  "id": "GHSA-388x-f5qm-fvjg",
  "modified": "2022-05-24T19:14:15Z",
  "published": "2022-05-24T19:14:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33365"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/1784"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/984787de3d414a5f7d43d0b4584d9469dff2a5a5"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5411"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-398V-CX4G-HHXC

Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2025-01-07 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: msft: Fix memory leak

Fix leaking buffer allocated to send MSFT_OP_LE_MONITOR_ADVERTISEMENT.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26888"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-17T11:15:10Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: msft: Fix memory leak\n\nFix leaking buffer allocated to send MSFT_OP_LE_MONITOR_ADVERTISEMENT.",
  "id": "GHSA-398v-cx4g-hhxc",
  "modified": "2025-01-07T18:30:42Z",
  "published": "2024-04-17T12:32:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26888"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5987b9f7d9314c7411136005b3a52f61a8cc0911"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5cb93417c93716a5404f762f331f5de3653fd952"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/98e9920c75e0790bff947a00d192d24bf1c724e0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a6e06258f4c31eba0fcd503e19828b5f8fe7b08b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-39MW-228P-WR6V

Vulnerability from github – Published: 2025-09-09 12:30 – Updated: 2026-05-19 15:31
VLAI
Details

A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-8277"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-09T12:15:30Z",
    "severity": "LOW"
  },
  "details": "A flaw was found in libssh\u0027s handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.",
  "id": "GHSA-39mw-228p-wr6v",
  "modified": "2026-05-19T15:31:19Z",
  "published": "2025-09-09T12:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8277"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:18683"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-8277"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383888"
    },
    {
      "type": "WEB",
      "url": "https://www.libssh.org/security/advisories/CVE-2025-8277.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-39RF-5F5G-VGX4

Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-08-03 00:00
VLAI
Details

A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information, causing a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1651"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-26T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information, causing a denial of service.",
  "id": "GHSA-39rf-5f5g-vgx4",
  "modified": "2022-08-03T00:00:54Z",
  "published": "2022-07-27T00:00:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1651"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecd1735f14d6ac868ae5d8b7a2bf193fa11f388b"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220901-0008"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3C3R-RM96-X7CW

Vulnerability from github – Published: 2025-03-18 21:32 – Updated: 2025-03-18 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mt76: mt7921s: fix a possible memory leak in mt7921_load_patch

Always release fw data at the end of mt7921_load_patch routine.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49225"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:59Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7921s: fix a possible memory leak in mt7921_load_patch\n\nAlways release fw data at the end of mt7921_load_patch routine.",
  "id": "GHSA-3c3r-rm96-x7cw",
  "modified": "2025-03-18T21:32:00Z",
  "published": "2025-03-18T21:32:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49225"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/11005b18f453aa192d035d410c11d07edcba5a45"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b301043384c5c2447357952be9a536c2026d8ad0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3CCX-358P-C5MM

Vulnerability from github – Published: 2022-08-27 00:00 – Updated: 2022-09-01 00:00
VLAI
Details

A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3574"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-26T16:15:00Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.",
  "id": "GHSA-3ccx-358p-c5mm",
  "modified": "2022-09-01T00:00:17Z",
  "published": "2022-08-27T00:00:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3574"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/3540"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/commit/c6ad94fbb7b280f39c2fbbdc1c140e51b1b466e9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick6/commit/cd7f9fb7751b0d59d5a74b12d971155caad5a792"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4Q6MJAMGHGB552KSFTQKXEKJVQNM4MCT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5C6XAGUFPUF4SNVCI2T4OJK3EFIENBGP"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNVDNM4ZEIYPT3SLZHPYN7OG4CZLEXZJ"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.