Common Weakness Enumeration

CWE-459

Allowed

Incomplete Cleanup

Abstraction: Base · Status: Draft

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

223 vulnerabilities reference this CWE, most recent first.

GHSA-4PGG-95H7-RQC6

Vulnerability from github – Published: 2023-02-13 12:30 – Updated: 2023-02-23 06:30
VLAI
Details

Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-45455"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-13T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.",
  "id": "GHSA-4pgg-95h7-rqc6",
  "modified": "2023-02-23T06:30:17Z",
  "published": "2023-02-13T12:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45455"
    },
    {
      "type": "WEB",
      "url": "https://security-advisory.acronis.com/advisories/SEC-4459"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4RMQ-MC2C-R495

Vulnerability from github – Published: 2025-12-09 14:25 – Updated: 2025-12-09 14:25
VLAI
Summary
Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond
Details

Summary

A state consistency bug in x/costaking can leave a BTC delegator with non-zero ActiveSatoshis (Phatom Stake) even after they have fully unbonded their BTC delegation, if their Finality Provider (FP) drops out of the active set in the exact same babylon block height. This creates a “phantom stake”: the delegator’s BTC capital is withdrawn, the FP is inactive, but costaking continues to treat the delegation as active BTC stake allowing ongoing rewards accrual without backing BTC.

Impact

An address can keep earning costaking rewards with zero BTC staked.

Reported by @BottyBott.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/babylonlabs-io/babylon/v4"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/babylonlabs-io/babylon/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "3.0.0-snapshot.250805a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/babylonlabs-io/babylon/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/babylonlabs-io/babylon"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-09T14:25:03Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nA state consistency bug in `x/costaking` can leave a BTC delegator with non-zero `ActiveSatoshis` (Phatom Stake) even after they have fully unbonded their BTC delegation, if their Finality Provider (FP) drops out of the active set in the exact same babylon block height. This creates a \u201cphantom stake\u201d: the delegator\u2019s BTC capital is withdrawn, the FP is inactive, but costaking continues to treat the delegation as active BTC stake allowing ongoing rewards accrual without backing BTC.\n\n### Impact\n\nAn address can keep earning costaking rewards with zero BTC staked.\n\nReported by @BottyBott.",
  "id": "GHSA-4rmq-mc2c-r495",
  "modified": "2025-12-09T14:25:03Z",
  "published": "2025-12-09T14:25:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/babylonlabs-io/babylon/security/advisories/GHSA-4rmq-mc2c-r495"
    },
    {
      "type": "WEB",
      "url": "https://github.com/babylonlabs-io/babylon/commit/e65c3a55a398a403103f1b089cf76f0d4befc7a0"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/babylonlabs-io/babylon"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Babylon Incorrect FP inactive accounting in costaking creates \u201cphantom stake\u201d that earns rewards after BTC unbond"
}

GHSA-4VFX-XRP7-4C4H

Vulnerability from github – Published: 2025-01-16 15:32 – Updated: 2025-05-07 18:30
VLAI
Details

Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the ‘/pmb/authorities/import/iimport_authorities’ endpoint. When a file is uploaded via this resource, the server will create a temporary file that will be deleted after the client sends a POST request to ‘/pmb/authorities/import/iimport_authorities’. This workflow is automated by the web client, however an attacker can trap and launch the second POST request to prevent the temporary file from being deleted.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0473"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-16T13:15:07Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the \u2018/pmb/authorities/import/iimport_authorities\u2019 endpoint. When a file is uploaded via this resource, the server will create a temporary file that will be deleted after the client sends a POST request to \u2018/pmb/authorities/import/iimport_authorities\u2019. This workflow is automated by the web client, however an attacker can trap and launch the second POST request to prevent the temporary file from being deleted.",
  "id": "GHSA-4vfx-xrp7-4c4h",
  "modified": "2025-05-07T18:30:41Z",
  "published": "2025-01-16T15:32:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0473"
    },
    {
      "type": "WEB",
      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-pmb-platform"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4X44-GF2F-7MH8

Vulnerability from github – Published: 2026-02-25 15:31 – Updated: 2026-02-25 15:31
VLAI
Details

In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-28196"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-25T14:16:21Z",
    "severity": "LOW"
  },
  "details": "In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk",
  "id": "GHSA-4x44-gf2f-7mh8",
  "modified": "2026-02-25T15:31:40Z",
  "published": "2026-02-25T15:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28196"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-55C6-R3WH-X7CJ

Vulnerability from github – Published: 2022-04-30 18:13 – Updated: 2024-02-08 21:30
VLAI
Details

ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2000-0552"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2000-06-06T04:00:00Z",
    "severity": "LOW"
  },
  "details": "ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.",
  "id": "GHSA-55c6-r3wh-x7cj",
  "modified": "2024-02-08T21:30:28Z",
  "published": "2022-04-30T18:13:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2000-0552"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4607"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0237.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/1307"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-59FP-J85Q-63J4

Vulnerability from github – Published: 2024-09-04 21:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails

If the dpu_format_populate_layout() fails, then FB is prepared, but not cleaned up. This ends up leaking the pin_count on the GEM object and causes a splat during DRM file closure:

msm_obj->pin_count WARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc [...] Call trace: update_lru_locked+0xc4/0xcc put_pages+0xac/0x100 msm_gem_free_object+0x138/0x180 drm_gem_object_free+0x1c/0x30 drm_gem_object_handle_put_unlocked+0x108/0x10c drm_gem_object_release_handle+0x58/0x70 idr_for_each+0x68/0xec drm_gem_release+0x28/0x40 drm_file_free+0x174/0x234 drm_release+0xb0/0x160 __fput+0xc0/0x2c8 __fput_sync+0x50/0x5c __arm64_sys_close+0x38/0x7c invoke_syscall+0x48/0x118 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x4c/0x120 el0t_64_sync_handler+0x100/0x12c el0t_64_sync+0x190/0x194 irq event stamp: 129818 hardirqs last enabled at (129817): [] console_unlock+0x118/0x124 hardirqs last disabled at (129818): [] el1_dbg+0x24/0x8c softirqs last enabled at (129808): [] handle_softirqs+0x4c8/0x4e8 softirqs last disabled at (129785): [] __do_softirq+0x14/0x20

Patchwork: https://patchwork.freedesktop.org/patch/600714/

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-44982"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-04T20:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: cleanup FB if dpu_format_populate_layout fails\n\nIf the dpu_format_populate_layout() fails, then FB is prepared, but not\ncleaned up. This ends up leaking the pin_count on the GEM object and\ncauses a splat during DRM file closure:\n\nmsm_obj-\u003epin_count\nWARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc\n[...]\nCall trace:\n update_lru_locked+0xc4/0xcc\n put_pages+0xac/0x100\n msm_gem_free_object+0x138/0x180\n drm_gem_object_free+0x1c/0x30\n drm_gem_object_handle_put_unlocked+0x108/0x10c\n drm_gem_object_release_handle+0x58/0x70\n idr_for_each+0x68/0xec\n drm_gem_release+0x28/0x40\n drm_file_free+0x174/0x234\n drm_release+0xb0/0x160\n __fput+0xc0/0x2c8\n __fput_sync+0x50/0x5c\n __arm64_sys_close+0x38/0x7c\n invoke_syscall+0x48/0x118\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x4c/0x120\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194\nirq event stamp: 129818\nhardirqs last  enabled at (129817): [\u003cffffa5f6d953fcc0\u003e] console_unlock+0x118/0x124\nhardirqs last disabled at (129818): [\u003cffffa5f6da7dcf04\u003e] el1_dbg+0x24/0x8c\nsoftirqs last  enabled at (129808): [\u003cffffa5f6d94afc18\u003e] handle_softirqs+0x4c8/0x4e8\nsoftirqs last disabled at (129785): [\u003cffffa5f6d94105e4\u003e] __do_softirq+0x14/0x20\n\nPatchwork: https://patchwork.freedesktop.org/patch/600714/",
  "id": "GHSA-59fp-j85q-63j4",
  "modified": "2025-11-04T00:31:22Z",
  "published": "2024-09-04T21:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44982"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/02193c70723118889281f75b88722b26b58bf4ae"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7ecf85542169012765e4c2817cd3be6c2e009962"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9b8b65211a880af8fe8330a101e1e239a2d4008f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a3c5815b07f4ee19d0b7e2ddf91ff9f03ecbf27d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bfa1a6283be390947d3649c482e5167186a37016"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-59XC-99WG-3HGF

Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40
VLAI
Details

There is an unsafe incomplete reset of PATH in OpenDoas 6.6 through 6.8 when changing the user context.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-25016"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459",
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-28T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is an unsafe incomplete reset of PATH in OpenDoas 6.6 through 6.8 when changing the user context.",
  "id": "GHSA-59xc-99wg-3hgf",
  "modified": "2022-05-24T17:40:29Z",
  "published": "2022-05-24T17:40:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25016"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Duncaen/OpenDoas/issues/45"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Duncaen/OpenDoas/commit/01c658f8c45cb92a343be5f32aa6da70b2032168"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Duncaen/OpenDoas/commit/d5acd52e2a15c36a8e06f9103d35622933aa422d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Duncaen/OpenDoas/releases/tag/v6.8.1"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202107-11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5R2R-XPFW-PMXC

Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2025-03-27 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

nfc: nci: free rx_data_reassembly skb on NCI device cleanup

rx_data_reassembly skb is stored during NCI data exchange for processing fragmented packets. It is dropped only when the last fragment is processed or when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received. However, the NCI device may be deallocated before that which leads to skb leak.

As by design the rx_data_reassembly skb is bound to the NCI device and nothing prevents the device to be freed before the skb is processed in some way and cleaned, free it on the NCI device cleanup.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26825"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-17T10:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: free rx_data_reassembly skb on NCI device cleanup\n\nrx_data_reassembly skb is stored during NCI data exchange for processing\nfragmented packets. It is dropped only when the last fragment is processed\nor when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received.\nHowever, the NCI device may be deallocated before that which leads to skb\nleak.\n\nAs by design the rx_data_reassembly skb is bound to the NCI device and\nnothing prevents the device to be freed before the skb is processed in\nsome way and cleaned, free it on the NCI device cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
  "id": "GHSA-5r2r-xpfw-pmxc",
  "modified": "2025-03-27T21:31:09Z",
  "published": "2024-04-17T12:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26825"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/16d3f507b0fa70453dc54550df093d6e9ac630c1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2f6d16f0520d6505241629ee2f5c131b547d5f9d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/471c9ede8061357b43a116fa692e70d91941ac23"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5c0c5ffaed73cbae6c317374dc32ba6cacc60895"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/71349abe3aba7fedcab5b3fcd7aa82371fb5ccbf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7e9a8498658b398bf11b8e388005fa54e40aed81"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a3d90fb5c23f29ba59c04005ae76c5228cef2be9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bfb007aebe6bff451f7f3a4be19f4f286d0d5d9c"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5R67-W9X9-QVV7

Vulnerability from github – Published: 2025-09-22 21:30 – Updated: 2025-09-22 21:30
VLAI
Details

CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file deletion in database_admin.php.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-55910"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-19T16:15:45Z",
    "severity": "MODERATE"
  },
  "details": "CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file deletion in database_admin.php.",
  "id": "GHSA-5r67-w9x9-qvv7",
  "modified": "2025-09-22T21:30:18Z",
  "published": "2025-09-22T21:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55910"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Y4y17/CVE/blob/main/CMSEasy/Arbitrary%20file%20deletion%20vulnerability.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5X5Q-FCW5-7FRV

Vulnerability from github – Published: 2022-01-26 00:01 – Updated: 2022-03-26 00:01
VLAI
Details

Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23035"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-25T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest\u0027s use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid.",
  "id": "GHSA-5x5q-fcw5-7frv",
  "modified": "2022-03-26T00:01:03Z",
  "published": "2022-01-26T00:01:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23035"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMR6UBGJW6JKND7IILGQ2CU35EQPF3E3"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-23"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5117"
    },
    {
      "type": "WEB",
      "url": "https://xenbits.xenproject.org/xsa/advisory-395.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/01/25/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Temporary files and other supporting resources should be deleted/released immediately after they are no longer needed.

No CAPEC attack patterns related to this CWE.