Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-3P9R-X2JJ-QM7X

Vulnerability from github – Published: 2022-10-04 00:00 – Updated: 2022-10-06 00:00
VLAI
Details

Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_Processor::Process function in the mp4encrypt binary.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-41419"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-03T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_Processor::Process function in the mp4encrypt binary.",
  "id": "GHSA-3p9r-x2jj-qm7x",
  "modified": "2022-10-06T00:00:58Z",
  "published": "2022-10-04T00:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41419"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/766"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3PMH-J798-6MXC

Vulnerability from github – Published: 2025-03-18 21:31 – Updated: 2025-03-18 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: venus: vdec: fixed possible memory leak issue

The venus_helper_alloc_dpb_bufs() implementation allows an early return on an error path when checking the id from ida_alloc_min() which would not release the earlier buffer allocation.

Move the direct kfree() from the error checking of dma_alloc_attrs() to the common fail path to ensure that allocations are released on all error paths in this function.

Addresses-Coverity: 1494120 ("Resource leak")

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47655"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T06:37:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: vdec: fixed possible memory leak issue\n\nThe venus_helper_alloc_dpb_bufs() implementation allows an early return\non an error path when checking the id from ida_alloc_min() which would\nnot release the earlier buffer allocation.\n\nMove the direct kfree() from the error checking of dma_alloc_attrs() to\nthe common fail path to ensure that allocations are released on all\nerror paths in this function.\n\nAddresses-Coverity: 1494120 (\"Resource leak\")",
  "id": "GHSA-3pmh-j798-6mxc",
  "modified": "2025-03-18T21:31:59Z",
  "published": "2025-03-18T21:31:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47655"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/55bccafc246b2e64763a155ec454470c07a54a6e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5cedfe8aaf1875a5305897107b7f298db4260019"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5f89d05ba93df9c2cdfe493843f93288e55e99eb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8403fdd775858a7bf04868d43daea0acbe49ddfc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3PQF-HWQX-7C78

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-18 03:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

memstick/ms_block: Fix a memory leak

'erased_blocks_bitmap' is never freed. As it is allocated at the same time as 'used_blocks_bitmap', it is likely that it should be freed also at the same time.

Add the corresponding bitmap_free() in msb_data_clear().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50140"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:43Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemstick/ms_block: Fix a memory leak\n\n\u0027erased_blocks_bitmap\u0027 is never freed. As it is allocated at the same time\nas \u0027used_blocks_bitmap\u0027, it is likely that it should be freed also at the\nsame time.\n\nAdd the corresponding bitmap_free() in msb_data_clear().",
  "id": "GHSA-3pqf-hwqx-7c78",
  "modified": "2025-11-18T03:31:14Z",
  "published": "2025-06-18T12:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50140"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/16e07966638717416abf45393d6a80a5a1034429"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/37958980eb4cd71ae594ace093c11b6a91e165e8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/39be95d1ff7b44c1e969af72ba9da7332dfcc1da"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/54eb7a55be6779c4d0c25eaf5056498a28595049"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9260a154b3b5e387dbceec7c0ac441470646bc6f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/961d7d12080fe70847f944d656e36cd0dd0214ba"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9d8b911fe3c3ed788c66edba7c90e32a4a7a5f53"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/efd675246aec045507b9425c67b548cc2d782d8f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3Q2V-922F-6RC3

Vulnerability from github – Published: 2024-03-25 12:30 – Updated: 2025-03-17 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Fix sysfs leak in alloc_iommu()

iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent errors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47177"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-25T10:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix sysfs leak in alloc_iommu()\n\niommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent\nerrors.",
  "id": "GHSA-3q2v-922f-6rc3",
  "modified": "2025-03-17T15:31:35Z",
  "published": "2024-03-25T12:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47177"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/044bbe8b92ab4e542de7f6c93c88ea65cccd8e29"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0ee74d5a48635c848c20f152d0d488bf84641304"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/22da9f4978381a99f1abaeaf6c9b83be6ab5ddd8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2ec5e9bb6b0560c90d315559c28a99723c80b996"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ca466561eef36d1ec657673e3944eb6340bddb5b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f01134321d04f47c718bb41b799bcdeda27873d2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3Q5F-GMJC-38R8

Vulnerability from github – Published: 2026-02-25 19:13 – Updated: 2026-02-25 19:13
VLAI
Summary
ImageMagick: Memory leak in coders/txt.c without freetype
Details

If a texture attribute is specified for a TXT file, an attempt will be made to read it via texture=ReadImage(read_info,exception);. Later, when retrieving metrics via the GetTypeMetrics function, if this function fails (i.e., status == MagickFalse), the calling function will exit immediately but fail to release the texture object, leading to memory leakage.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-AnyCPU"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-AnyCPU"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-OpenMP-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-OpenMP-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-OpenMP-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-OpenMP-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-AnyCPU"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-OpenMP-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-OpenMP-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-25T19:13:08Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "If a `texture` attribute is specified for a TXT file, an attempt will be made to read it via `texture=ReadImage(read_info,exception);`. Later, when retrieving metrics via the `GetTypeMetrics` function, if this function fails (i.e., `status == MagickFalse`), the calling function will exit immediately but fail to release the texture object, leading to memory leakage.",
  "id": "GHSA-3q5f-gmjc-38r8",
  "modified": "2026-02-25T19:13:08Z",
  "published": "2026-02-25T19:13:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3q5f-gmjc-38r8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/commit/e6394098af39a9689bb5f0b4eb6a9968e449a8d3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ImageMagick/ImageMagick"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ImageMagick: Memory leak in coders/txt.c without freetype"
}

GHSA-3QJW-6F5J-X29C

Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-05-24 17:01
VLAI
Details

A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19066"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-18T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.",
  "id": "GHSA-3qjw-6f5j-x29c",
  "modified": "2022-05-24T17:01:31Z",
  "published": "2022-05-24T17:01:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19066"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/0e62395da2bd5166d7c9e14cbc7503b256a34cb0"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20191205-0001"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4286-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4286-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4300-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4301-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4302-1"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3QPR-RXGF-WXQ6

Vulnerability from github – Published: 2025-04-07 15:31 – Updated: 2025-04-07 15:31
VLAI
Details

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-25057"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-07T03:15:21Z",
    "severity": "LOW"
  },
  "details": "in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.",
  "id": "GHSA-3qpr-rxgf-wxq6",
  "modified": "2025-04-07T15:31:15Z",
  "published": "2025-04-07T15:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25057"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-04.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3QVJ-8QWQ-5JXJ

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-24 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

tty: serial: 8250: serial_cs: Fix a memory leak in error handling path

In the probe function, if the final 'serial_config()' fails, 'info' is leaking.

Add a resource handling path to free this memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47330"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:19Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: 8250: serial_cs: Fix a memory leak in error handling path\n\nIn the probe function, if the final \u0027serial_config()\u0027 fails, \u0027info\u0027 is\nleaking.\n\nAdd a resource handling path to free this memory.",
  "id": "GHSA-3qvj-8qwq-5jxj",
  "modified": "2024-12-24T18:30:48Z",
  "published": "2024-05-21T15:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47330"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/331f5923fce4f45b8170ccf06c529e8eb28f37bc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/34f4590f5ec9859ea9136249f528173d150bd584"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7a80f71601af015856a0aeb1e3c294037ac3dd32"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b2ef1f5de40342de44fc5355321595f91774dab5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b5a2799cd62ed30c81b22c23028d9ee374e2138c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c39cf4df19acf0133fa284a8cd83fad42cd13cc2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cddee5c287e26f6b2ba5c0ffdfc3a846f2f10461"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ee16bed959862a6de2913f71a04cb563d7237b67"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fad92b11047a748c996ebd6cfb164a63814eeb2e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3R4W-F43V-9FPG

Vulnerability from github – Published: 2025-09-22 21:30 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()

Define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() to ensure page tables are properly synchronized when calling p*d_populate_kernel().

For 5-level paging, synchronization is performed via pgd_populate_kernel(). In 4-level paging, pgd_populate() is a no-op, so synchronization is instead performed at the P4D level via p4d_populate_kernel().

This fixes intermittent boot failures on systems using 4-level paging and a large amount of persistent memory:

BUG: unable to handle page fault for address: ffffe70000000034 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP NOPTI RIP: 0010:__init_single_page+0x9/0x6d Call Trace: __init_zone_device_page+0x17/0x5d memmap_init_zone_device+0x154/0x1bb pagemap_range+0x2e0/0x40f memremap_pages+0x10b/0x2f0 devm_memremap_pages+0x1e/0x60 dev_dax_probe+0xce/0x2ec [device_dax] dax_bus_probe+0x6d/0xc9 [... snip ...]

It also fixes a crash in vmemmap_set_pmd() caused by accessing vmemmap before sync_global_pgds() [1]:

BUG: unable to handle page fault for address: ffffeb3ff1200000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI Tainted: [W]=WARN RIP: 0010:vmemmap_set_pmd+0xff/0x230 vmemmap_populate_hugepages+0x176/0x180 vmemmap_populate+0x34/0x80 __populate_section_memmap+0x41/0x90 sparse_add_section+0x121/0x3e0 __add_pages+0xba/0x150 add_pages+0x1d/0x70 memremap_pages+0x3dc/0x810 devm_memremap_pages+0x1c/0x60 xe_devm_add+0x8b/0x100 [xe] xe_tile_init_noalloc+0x6a/0x70 [xe] xe_device_probe+0x48c/0x740 [xe] [... snip ...]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-39845"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-19T16:15:43Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()\n\nDefine ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() to ensure\npage tables are properly synchronized when calling p*d_populate_kernel().\n\nFor 5-level paging, synchronization is performed via\npgd_populate_kernel().  In 4-level paging, pgd_populate() is a no-op, so\nsynchronization is instead performed at the P4D level via\np4d_populate_kernel().\n\nThis fixes intermittent boot failures on systems using 4-level paging and\na large amount of persistent memory:\n\n  BUG: unable to handle page fault for address: ffffe70000000034\n  #PF: supervisor write access in kernel mode\n  #PF: error_code(0x0002) - not-present page\n  PGD 0 P4D 0\n  Oops: 0002 [#1] SMP NOPTI\n  RIP: 0010:__init_single_page+0x9/0x6d\n  Call Trace:\n   \u003cTASK\u003e\n   __init_zone_device_page+0x17/0x5d\n   memmap_init_zone_device+0x154/0x1bb\n   pagemap_range+0x2e0/0x40f\n   memremap_pages+0x10b/0x2f0\n   devm_memremap_pages+0x1e/0x60\n   dev_dax_probe+0xce/0x2ec [device_dax]\n   dax_bus_probe+0x6d/0xc9\n   [... snip ...]\n   \u003c/TASK\u003e\n\nIt also fixes a crash in vmemmap_set_pmd() caused by accessing vmemmap\nbefore sync_global_pgds() [1]:\n\n  BUG: unable to handle page fault for address: ffffeb3ff1200000\n  #PF: supervisor write access in kernel mode\n  #PF: error_code(0x0002) - not-present page\n  PGD 0 P4D 0\n  Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI\n  Tainted: [W]=WARN\n  RIP: 0010:vmemmap_set_pmd+0xff/0x230\n   \u003cTASK\u003e\n   vmemmap_populate_hugepages+0x176/0x180\n   vmemmap_populate+0x34/0x80\n   __populate_section_memmap+0x41/0x90\n   sparse_add_section+0x121/0x3e0\n   __add_pages+0xba/0x150\n   add_pages+0x1d/0x70\n   memremap_pages+0x3dc/0x810\n   devm_memremap_pages+0x1c/0x60\n   xe_devm_add+0x8b/0x100 [xe]\n   xe_tile_init_noalloc+0x6a/0x70 [xe]\n   xe_device_probe+0x48c/0x740 [xe]\n   [... snip ...]",
  "id": "GHSA-3r4w-f43v-9fpg",
  "modified": "2026-07-14T15:31:27Z",
  "published": "2025-09-22T21:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39845"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/26ff568f390a531d1bd792e49f1a401849921960"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5f761d40ee95d2624f839c90ebeef2d5c55007f5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6659d027998083fbb6d42a165b0c90dc2e8ba989"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6bf9473727569e8283c1e2445c7ac42cf4fc9fa9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/744ff519c72de31344a627eaf9b24e9595aae554"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b7f4051dd3388edd30e9a6077c05c486aa31e0d4"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3R5P-QHF8-8XC9

Vulnerability from github – Published: 2022-06-03 00:01 – Updated: 2022-06-10 00:00
VLAI
Details

Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-29693"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-02T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c.",
  "id": "GHSA-3r5p-qhf8-8xc9",
  "modified": "2022-06-10T00:00:48Z",
  "published": "2022-06-03T00:01:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29693"
    },
    {
      "type": "WEB",
      "url": "https://github.com/unicorn-engine/unicorn/issues/1586"
    },
    {
      "type": "WEB",
      "url": "https://github.com/unicorn-engine/unicorn/commit/469fc4c35a0cfabdbefb158e22d145f4ee6f77b9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.