Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-3CM3-4557-5H5H

Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-20 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtw89: fix potential leak in rtw89_append_probe_req_ie()

Do kfree_skb(new) before goto out to prevent potential leak.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53467"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T12:15:48Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix potential leak in rtw89_append_probe_req_ie()\n\nDo `kfree_skb(new)` before `goto out` to prevent potential leak.",
  "id": "GHSA-3cm3-4557-5h5h",
  "modified": "2026-01-20T18:31:51Z",
  "published": "2025-10-01T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53467"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1e336d6bab68973084a18c1e4bd78cd0bbbdcacd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4a0e218cc9c42d1903ade8b5a371dcf48cf918c5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a10b6d73123bd480751d916575835abb615072fd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3FJ6-MR6M-6XVW

Vulnerability from github – Published: 2023-01-13 00:30 – Updated: 2023-01-24 21:30
VLAI
Details

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In an MPLS scenario specific packets destined to an Integrated Routing and Bridging (irb) interface of the device will cause a buffer (mbuf) to leak. Continued receipt of these specific packets will eventually cause a loss of connectivity to and from the device, and requires a reboot to recover. These mbufs can be monitored by using the CLI command 'show system buffers': user@host> show system buffers 783/1497/2280 mbufs in use (current/cache/total) user@host> show system buffers 793/1487/2280 mbufs in use (current/cache/total) <<<<<< mbuf usage increased This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-22395"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-13T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In an MPLS scenario specific packets destined to an Integrated Routing and Bridging (irb) interface of the device will cause a buffer (mbuf) to leak. Continued receipt of these specific packets will eventually cause a loss of connectivity to and from the device, and requires a reboot to recover. These mbufs can be monitored by using the CLI command \u0027show system buffers\u0027: user@host\u003e show system buffers 783/1497/2280 mbufs in use (current/cache/total) user@host\u003e show system buffers 793/1487/2280 mbufs in use (current/cache/total) \u003c\u003c\u003c\u003c\u003c\u003c mbuf usage increased This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.",
  "id": "GHSA-3fj6-mr6m-6xvw",
  "modified": "2023-01-24T21:30:37Z",
  "published": "2023-01-13T00:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22395"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA70191"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3FW5-3PQR-8C82

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2026-02-06 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

espintcp: fix skb leaks

A few error paths are missing a kfree_skb.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38057"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T10:15:38Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nespintcp: fix skb leaks\n\nA few error paths are missing a kfree_skb.",
  "id": "GHSA-3fw5-3pqr-8c82",
  "modified": "2026-02-06T18:30:27Z",
  "published": "2025-06-18T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38057"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/05db2b850a2b8b17f3d1799f563ea1d550e05ed5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/28756f22de48d25256ed89234b66b9037a3f0157"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/63c1f19a3be3169e51a5812d22a6d0c879414076"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d8d79cf8c2b7475c22f9874eb844bcc80f858b13"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e2e1f50fc5ebd2826c4e8c558dc65434382d0c0b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb058693dfc93ed7a9c365adb899fedd648b9d9f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3G4Q-2F67-2GVH

Vulnerability from github – Published: 2026-07-07 20:04 – Updated: 2026-07-07 20:04
VLAI
Summary
netfoil has a resource leak in LRU cache
Details

Summary

When an entry was removed from the LRU cache, a pointer to the removed element was not properly cleaned up.

Impact

A local attacker can get netfoil to use more memory. By default this is limited to 100MB via systemd, which would trigger service restarts when reached.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/tinfoil-factory/netfoil"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-07T20:04:01Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Summary\nWhen an entry was removed from the LRU cache, a pointer to the removed element was not properly cleaned up.\n\n### Impact\nA local attacker can get netfoil to use more memory. By default this is limited to 100MB via systemd, which would trigger service restarts when reached.",
  "id": "GHSA-3g4q-2f67-2gvh",
  "modified": "2026-07-07T20:04:01Z",
  "published": "2026-07-07T20:04:01Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tinfoil-factory/netfoil/security/advisories/GHSA-3g4q-2f67-2gvh"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tinfoil-factory/netfoil"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "netfoil has a resource leak in LRU cache"
}

GHSA-3G9V-MX9V-WMWV

Vulnerability from github – Published: 2025-07-25 15:30 – Updated: 2025-11-19 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ice: fix eswitch code memory leak in reset scenario

Add simple eswitch mode checker in attaching VF procedure and allocate required port representor memory structures only in switchdev mode. The reset flows triggers VF (if present) detach/attach procedure. It might involve VF port representor(s) re-creation if the device is configured is switchdev mode (not legacy one). The memory was blindly allocated in current implementation, regardless of the mode and not freed if in legacy mode.

Kmemeleak trace: unreferenced object (percpu) 0x7e3bce5b888458 (size 40): comm "bash", pid 1784, jiffies 4295743894 hex dump (first 32 bytes on cpu 45): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 0): pcpu_alloc_noprof+0x4c4/0x7c0 ice_repr_create+0x66/0x130 [ice] ice_repr_create_vf+0x22/0x70 [ice] ice_eswitch_attach_vf+0x1b/0xa0 [ice] ice_reset_all_vfs+0x1dd/0x2f0 [ice] ice_pci_err_resume+0x3b/0xb0 [ice] pci_reset_function+0x8f/0x120 reset_store+0x56/0xa0 kernfs_fop_write_iter+0x120/0x1b0 vfs_write+0x31c/0x430 ksys_write+0x61/0xd0 do_syscall_64+0x5b/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e

Testing hints (ethX is PF netdev): - create at least one VF echo 1 > /sys/class/net/ethX/device/sriov_numvfs - trigger the reset echo 1 > /sys/class/net/ethX/device/reset

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38417"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-25T14:15:33Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix eswitch code memory leak in reset scenario\n\nAdd simple eswitch mode checker in attaching VF procedure and allocate\nrequired port representor memory structures only in switchdev mode.\nThe reset flows triggers VF (if present) detach/attach procedure.\nIt might involve VF port representor(s) re-creation if the device is\nconfigured is switchdev mode (not legacy one).\nThe memory was blindly allocated in current implementation,\nregardless of the mode and not freed if in legacy mode.\n\nKmemeleak trace:\nunreferenced object (percpu) 0x7e3bce5b888458 (size 40):\n  comm \"bash\", pid 1784, jiffies 4295743894\n  hex dump (first 32 bytes on cpu 45):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 0):\n    pcpu_alloc_noprof+0x4c4/0x7c0\n    ice_repr_create+0x66/0x130 [ice]\n    ice_repr_create_vf+0x22/0x70 [ice]\n    ice_eswitch_attach_vf+0x1b/0xa0 [ice]\n    ice_reset_all_vfs+0x1dd/0x2f0 [ice]\n    ice_pci_err_resume+0x3b/0xb0 [ice]\n    pci_reset_function+0x8f/0x120\n    reset_store+0x56/0xa0\n    kernfs_fop_write_iter+0x120/0x1b0\n    vfs_write+0x31c/0x430\n    ksys_write+0x61/0xd0\n    do_syscall_64+0x5b/0x180\n    entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nTesting hints (ethX is PF netdev):\n- create at least one VF\n    echo 1 \u003e /sys/class/net/ethX/device/sriov_numvfs\n- trigger the reset\n    echo 1 \u003e /sys/class/net/ethX/device/reset",
  "id": "GHSA-3g9v-mx9v-wmwv",
  "modified": "2025-11-19T21:31:16Z",
  "published": "2025-07-25T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38417"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/48c8b214974dc55283bd5f12e3a483b27c403bbc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d6715193de439b79f1d6a4c03593c7529239b545"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e97a7a051b55f55f276c1568491d0ed7f890ee94"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3GGX-9863-FXCM

Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-04-24 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

x86/efi: defer freeing of boot services memory

efi_free_boot_services() frees memory occupied by EFI_BOOT_SERVICES_CODE and EFI_BOOT_SERVICES_DATA using memblock_free_late().

There are two issue with that: memblock_free_late() should be used for memory allocated with memblock_alloc() while the memory reserved with memblock_reserve() should be freed with free_reserved_area().

More acutely, with CONFIG_DEFERRED_STRUCT_PAGE_INIT=y efi_free_boot_services() is called before deferred initialization of the memory map is complete.

Benjamin Herrenschmidt reports that this causes a leak of ~140MB of RAM on EC2 t3a.nano instances which only have 512MB or RAM.

If the freed memory resides in the areas that memory map for them is still uninitialized, they won't be actually freed because memblock_free_late() calls memblock_free_pages() and the latter skips uninitialized pages.

Using free_reserved_area() at this point is also problematic because __free_page() accesses the buddy of the freed page and that again might end up in uninitialized part of the memory map.

Delaying the entire efi_free_boot_services() could be problematic because in addition to freeing boot services memory it updates efi.memmap without any synchronization and that's undesirable late in boot when there is concurrency.

More robust approach is to only defer freeing of the EFI boot services memory.

Split efi_free_boot_services() in two. First efi_unmap_boot_services() collects ranges that should be freed into an array then efi_free_boot_services() later frees them after deferred init is complete.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23352"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T11:16:33Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/efi: defer freeing of boot services memory\n\nefi_free_boot_services() frees memory occupied by EFI_BOOT_SERVICES_CODE\nand EFI_BOOT_SERVICES_DATA using memblock_free_late().\n\nThere are two issue with that: memblock_free_late() should be used for\nmemory allocated with memblock_alloc() while the memory reserved with\nmemblock_reserve() should be freed with free_reserved_area().\n\nMore acutely, with CONFIG_DEFERRED_STRUCT_PAGE_INIT=y\nefi_free_boot_services() is called before deferred initialization of the\nmemory map is complete.\n\nBenjamin Herrenschmidt reports that this causes a leak of ~140MB of\nRAM on EC2 t3a.nano instances which only have 512MB or RAM.\n\nIf the freed memory resides in the areas that memory map for them is\nstill uninitialized, they won\u0027t be actually freed because\nmemblock_free_late() calls memblock_free_pages() and the latter skips\nuninitialized pages.\n\nUsing free_reserved_area() at this point is also problematic because\n__free_page() accesses the buddy of the freed page and that again might\nend up in uninitialized part of the memory map.\n\nDelaying the entire efi_free_boot_services() could be problematic\nbecause in addition to freeing boot services memory it updates\nefi.memmap without any synchronization and that\u0027s undesirable late in\nboot when there is concurrency.\n\nMore robust approach is to only defer freeing of the EFI boot services\nmemory.\n\nSplit efi_free_boot_services() in two. First efi_unmap_boot_services()\ncollects ranges that should be freed into an array then\nefi_free_boot_services() later frees them after deferred init is complete.",
  "id": "GHSA-3ggx-9863-fxcm",
  "modified": "2026-04-24T18:30:40Z",
  "published": "2026-03-25T12:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23352"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/227688312fece0026fc67a00ba9a0b3611ebe95d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/399da820ecfe6f4f10c143e5c453d3559a04db9c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4a2cb90c538f06c873a187aa743575d48685d7a6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6a25e25279282c5c8ade554c04c6ab9dc7902c64"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6d8ba221e7aafaa2f284b7d22faee814c28e009d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7131bd1fecc749bc94fb44aae217bbd8a8a85264"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7dcf59422a3b0d20ddda844f856b4a1e0608a326"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a4b0bf6a40f3c107c67a24fbc614510ef5719980"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f9e9cc320854a76a39e7bc92d144554f3a727fad"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3GRP-CVXG-88G7

Vulnerability from github – Published: 2022-02-11 00:00 – Updated: 2022-02-15 00:02
VLAI
Details

In Bluetooth, there is a possible memory corruption due to a logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06142410; Issue ID: ALPS06142410.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20046"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-09T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Bluetooth, there is a possible memory corruption due to a logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06142410; Issue ID: ALPS06142410.",
  "id": "GHSA-3grp-cvxg-88g7",
  "modified": "2022-02-15T00:02:58Z",
  "published": "2022-02-11T00:00:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20046"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/February-2022"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3H89-J8RF-VQ88

Vulnerability from github – Published: 2025-10-16 21:31 – Updated: 2025-10-17 15:31
VLAI
Details

radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-60358"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-16T20:15:33Z",
    "severity": "HIGH"
  },
  "details": "radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations.",
  "id": "GHSA-3h89-j8rf-vq88",
  "modified": "2025-10-17T15:31:02Z",
  "published": "2025-10-16T21:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60358"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radareorg/radare2/pull/24224"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3HM2-VM5H-2P2M

Vulnerability from github – Published: 2024-07-16 12:30 – Updated: 2025-09-24 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: ieee802154: at86rf230: Stop leaking skb's

Upon error the ieee802154_xmit_complete() helper is not called. Only ieee802154_wake_queue() is called manually. In the Tx case we then leak the skb structure.

Free the skb structure upon error before returning when appropriate.

As the 'is_tx = 0' cannot be moved in the complete handler because of a possible race between the delay in switching to STATE_RX_AACK_ON and a new interrupt, we introduce an intermediate 'was_tx' boolean just for this purpose.

There is no Fixes tag applying here, many changes have been made on this area and the issue kind of always existed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48794"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-16T12:15:04Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ieee802154: at86rf230: Stop leaking skb\u0027s\n\nUpon error the ieee802154_xmit_complete() helper is not called. Only\nieee802154_wake_queue() is called manually. In the Tx case we then leak\nthe skb structure.\n\nFree the skb structure upon error before returning when appropriate.\n\nAs the \u0027is_tx = 0\u0027 cannot be moved in the complete handler because of a\npossible race between the delay in switching to STATE_RX_AACK_ON and a\nnew interrupt, we introduce an intermediate \u0027was_tx\u0027 boolean just for\nthis purpose.\n\nThere is no Fixes tag applying here, many changes have been made on this\narea and the issue kind of always existed.",
  "id": "GHSA-3hm2-vm5h-2p2m",
  "modified": "2025-09-24T18:30:23Z",
  "published": "2024-07-16T12:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48794"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0fd484644c68897c490a3307bfcc8bf767df5a43"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1c72f04d52b7200bb83426a9bed378668271ea4a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/23b2a25382400168427ea278f3d8bf4ecfd333bf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/455ef08d6e5473526fa6763f75a93f7198206966"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6312f6a53fd3ea38125dcaca5e3c9aa7d8a60cf7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/af649e5c95f56df64363bc46f6746b87819f9c0d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d2a1eaf51b7d4412319adb6acef114ba472d1692"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e5ce576d45bf72fd0e3dc37eff897bfcc488f6a9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3HQ4-XVV4-32RV

Vulnerability from github – Published: 2022-04-30 18:16 – Updated: 2022-04-30 18:16
VLAI
Details

Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2001-0543"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2001-09-20T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.",
  "id": "GHSA-3hq4-xvv4-32rv",
  "modified": "2022-04-30T18:16:15Z",
  "published": "2022-04-30T18:16:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-0543"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-043"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6977"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A334"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/3183"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.