CWE-459
AllowedIncomplete Cleanup
Abstraction: Base · Status: Draft
The product does not properly "clean up" and remove temporary or supporting resources after they have been used.
223 vulnerabilities reference this CWE, most recent first.
GHSA-8GVR-7C6P-JFWG
Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
{
"affected": [],
"aliases": [
"CVE-2020-0543"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-15T14:15:00Z",
"severity": "LOW"
},
"details": "Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"id": "GHSA-8gvr-7c6p-jfwg",
"modified": "2022-05-24T17:20:28Z",
"published": "2022-05-24T17:20:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GRFC7UAPKAFFH5WX3AMDUBVHLKYQA2NZ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQZMOSHLTBBIECENNXA6M7DN5FEED4KI"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4385-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4387-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4388-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4389-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4390-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4391-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4392-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4393-1"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00025.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/07/14/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8J66-R7FP-95MX
Vulnerability from github – Published: 2025-04-01 18:30 – Updated: 2025-11-03 21:33In the Linux kernel, the following vulnerability has been resolved:
net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error
During the initialization of ptp, hclge_ptp_get_cycle might return an error and returned directly without unregister clock and free it. To avoid that, call hclge_ptp_destroy_clock to unregist and free clock if hclge_ptp_get_cycle failed.
{
"affected": [],
"aliases": [
"CVE-2025-21924"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-01T16:15:23Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error\n\nDuring the initialization of ptp, hclge_ptp_get_cycle might return an error\nand returned directly without unregister clock and free it. To avoid that,\ncall hclge_ptp_destroy_clock to unregist and free clock if\nhclge_ptp_get_cycle failed.",
"id": "GHSA-8j66-r7fp-95mx",
"modified": "2025-11-03T21:33:23Z",
"published": "2025-04-01T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21924"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/21dba813d9821687a7f9aff576798ba21a859a32"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2c04e507f3a5c5dc6e2b9ab37d8cdedee1ef1a37"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/33244e98aa9503585e585335fe2ceb4492630949"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9cfc43c0e6e6a31122b4008d763a2960c206aa2d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b7365eab39831487a84e63a9638209b68dc54008"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b7d8d4529984e2d4a72a6d552fb886233e8e83cb"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8Q9Q-R9V2-644M
Vulnerability from github – Published: 2023-06-30 20:42 – Updated: 2023-06-30 20:42Impact
When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it's still possible to exploit the vulnerability that was fixed in the new version. The severity of this depends on the fixed vulnerability, for the purpose of this advisory take CVE-2022-36100 as example - it is easily exploitable with just view rights and critical. When XWiki is upgraded from a version before the fix for it (e.g., 14.3) to a version including the fix (e.g., 14.4), the vulnerability can still be reproduced by adding rev=1.1 to the URL used in the reproduction steps so remote code execution is possible even after upgrading. Therefore, this affects the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability also affects manually added script macros that contained security vulnerabilities that were later fixed by changing the script macro without deleting the versions with the security vulnerability from the history.
This vulnerability doesn't affect freshly installed versions of XWiki. Further, this vulnerability doesn't affect content that is only loaded from the current version of a document like the code of wiki macros or UI extensions.
Patches
This vulnerability has been patched in XWiki 14.10.7 and 15.2RC1 by forcing old revisions to be executed in a restricted mode that disables all script macros.
Workarounds
As a workaround, admins can manually delete old revisions of affected documents. A script could be used to identify all installed documents and delete the history for them. However, also manually added and later corrected code may be affected by this vulnerability so it is easy to miss documents.
References
- https://jira.xwiki.org/browse/XWIKI-20594
- https://github.com/xwiki/xwiki-platform/commit/15a6f845d8206b0ae97f37aa092ca43d4f9d6e59
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-oldcore"
},
"ranges": [
{
"events": [
{
"introduced": "2.0"
},
{
"fixed": "14.10.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-oldcore"
},
"ranges": [
{
"events": [
{
"introduced": "15.0-rc-1"
},
{
"fixed": "15.2-rc-1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-36468"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": true,
"github_reviewed_at": "2023-06-30T20:42:07Z",
"nvd_published_at": "2023-06-29T21:15:09Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\nWhen an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it\u0027s still possible to exploit the vulnerability that was fixed in the new version. The severity of this depends on the fixed vulnerability, for the purpose of this advisory take [CVE-2022-36100](https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x) as example - it is easily exploitable with just view rights and critical. When XWiki is upgraded from a version before the fix for it (e.g., 14.3) to a version including the fix (e.g., 14.4), the vulnerability can still be reproduced by adding `rev=1.1` to the URL used in the reproduction steps so remote code execution is possible even after upgrading. Therefore, this affects the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability also affects manually added script macros that contained security vulnerabilities that were later fixed by changing the script macro without deleting the versions with the security vulnerability from the history.\n\nThis vulnerability doesn\u0027t affect freshly installed versions of XWiki. Further, this vulnerability doesn\u0027t affect content that is only loaded from the current version of a document like the code of wiki macros or UI extensions.\n\n### Patches\n\nThis vulnerability has been patched in XWiki 14.10.7 and 15.2RC1 by forcing old revisions to be executed in a restricted mode that disables all script macros.\n\n### Workarounds\n\nAs a workaround, admins can manually delete old revisions of affected documents. A script could be used to identify all installed documents and delete the history for them. However, also manually added and later corrected code may be affected by this vulnerability so it is easy to miss documents.\n\n### References\n\n* https://jira.xwiki.org/browse/XWIKI-20594\n* https://github.com/xwiki/xwiki-platform/commit/15a6f845d8206b0ae97f37aa092ca43d4f9d6e59",
"id": "GHSA-8q9q-r9v2-644m",
"modified": "2023-06-30T20:42:07Z",
"published": "2023-06-30T20:42:07Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x"
},
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8q9q-r9v2-644m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36468"
},
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/commit/15a6f845d8206b0ae97f37aa092ca43d4f9d6e59"
},
{
"type": "PACKAGE",
"url": "https://github.com/xwiki/xwiki-platform"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-20594"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Upgrading doesn\u0027t prevent exploiting vulnerable XWiki documents"
}
GHSA-8VQP-74W3-MG32
Vulnerability from github – Published: 2024-10-21 15:32 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error
For all non-tracing helpers which formerly had ARG_PTR_TO_{LONG,INT} as input arguments, zero the value for the case of an error as otherwise it could leak memory. For tracing, it is not needed given CAP_PERFMON can already read all kernel memory anyway hence bpf_get_func_arg() and bpf_get_func_ret() is skipped in here.
Also, the MTU helpers mtu_len pointer value is being written but also read. Technically, the MEM_UNINIT should not be there in order to always force init. Removing MEM_UNINIT needs more verifier rework though: MEM_UNINIT right now implies two things actually: i) write into memory, ii) memory does not have to be initialized. If we lift MEM_UNINIT, it then becomes: i) read into memory, ii) memory must be initialized. This means that for bpf__check_mtu() we're readding the issue we're trying to fix, that is, it would then be able to write back into things like .rodata BPF maps. Follow-up work will rework the MEM_UNINIT semantics such that the intent can be better expressed. For now just clear the mtu_len on error path which can be lifted later again.
{
"affected": [],
"aliases": [
"CVE-2024-47728"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T13:15:02Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error\n\nFor all non-tracing helpers which formerly had ARG_PTR_TO_{LONG,INT} as input\narguments, zero the value for the case of an error as otherwise it could leak\nmemory. For tracing, it is not needed given CAP_PERFMON can already read all\nkernel memory anyway hence bpf_get_func_arg() and bpf_get_func_ret() is skipped\nin here.\n\nAlso, the MTU helpers mtu_len pointer value is being written but also read.\nTechnically, the MEM_UNINIT should not be there in order to always force init.\nRemoving MEM_UNINIT needs more verifier rework though: MEM_UNINIT right now\nimplies two things actually: i) write into memory, ii) memory does not have\nto be initialized. If we lift MEM_UNINIT, it then becomes: i) read into memory,\nii) memory must be initialized. This means that for bpf_*_check_mtu() we\u0027re\nreadding the issue we\u0027re trying to fix, that is, it would then be able to\nwrite back into things like .rodata BPF maps. Follow-up work will rework the\nMEM_UNINIT semantics such that the intent can be better expressed. For now\njust clear the *mtu_len on error path which can be lifted later again.",
"id": "GHSA-8vqp-74w3-mg32",
"modified": "2025-11-04T00:31:38Z",
"published": "2024-10-21T15:32:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47728"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b3786a6c5397dc220b1483d8e2f4867743e966f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/594a9f5a8d2de2573a856e506f77ba7dd2cefc6a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/599d15b6d03356a97bff7a76155c5604c42a2962"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8397bf78988f3ae9dbebb0200189a62a57264980"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a634fa8e480ac2423f86311a602f6295df2c8ed0"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8XX8-72Q4-M3HG
Vulnerability from github – Published: 2022-04-30 00:02 – Updated: 2022-04-30 00:02An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.
{
"affected": [],
"aliases": [
"CVE-2019-5011"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-21T16:01:00Z",
"severity": "MODERATE"
},
"details": "An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.",
"id": "GHSA-8xx8-72q4-m3hg",
"modified": "2022-04-30T00:02:15Z",
"published": "2022-04-30T00:02:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5011"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0759"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9298-29XJ-7998
Vulnerability from github – Published: 2024-10-21 15:32 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
drivers/perf: Fix ali_drw_pmu driver interrupt status clearing
The alibaba_uncore_pmu driver forgot to clear all interrupt status in the interrupt processing function. After the PMU counter overflow interrupt occurred, an interrupt storm occurred, causing the system to hang.
Therefore, clear the correct interrupt status in the interrupt handling function to fix it.
{
"affected": [],
"aliases": [
"CVE-2024-47731"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T13:15:03Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: Fix ali_drw_pmu driver interrupt status clearing\n\nThe alibaba_uncore_pmu driver forgot to clear all interrupt status\nin the interrupt processing function. After the PMU counter overflow\ninterrupt occurred, an interrupt storm occurred, causing the system\nto hang.\n\nTherefore, clear the correct interrupt status in the interrupt handling\nfunction to fix it.",
"id": "GHSA-9298-29xj-7998",
"modified": "2025-11-04T00:31:38Z",
"published": "2024-10-21T15:32:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47731"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/062b7176e484678b2c9072d28fbecea47846b274"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/24f30b34ff76648d26872dd4eaa002f074225058"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3b839d4619042b02eecdfc986484ac6e6be6acbf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/85702fddba70d2b63f5646793d77de2ad4fc3784"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a3dd920977dccc453c550260c4b7605b280b79c3"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-92F3-R9R6-RRFR
Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2022-05-24 22:28Beckhoff’s TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device.
{
"affected": [],
"aliases": [
"CVE-2020-12494"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-16T14:15:00Z",
"severity": "MODERATE"
},
"details": "Beckhoff\u00e2\u20ac\u2122s TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device.",
"id": "GHSA-92f3-r9r6-rrfr",
"modified": "2022-05-24T22:28:28Z",
"published": "2022-05-24T22:28:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12494"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-019"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-95JQ-X6Q9-C9CQ
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2025-05-12 21:30In the Linux kernel, the following vulnerability has been resolved:
afs: Fix page leak
There's a loop in afs_extend_writeback() that adds extra pages to a write we want to make to improve the efficiency of the writeback by making it larger. This loop stops, however, if we hit a page we can't write back from immediately, but it doesn't get rid of the page ref we speculatively acquired.
This was caused by the removal of the cleanup loop when the code switched from using find_get_pages_contig() to xarray scanning as the latter only gets a single page at a time, not a batch.
Fix this by putting the page on a ref on an early break from the loop. Unfortunately, we can't just add that page to the pagevec we're employing as we'll go through that and add those pages to the RPC call.
This was found by the generic/074 test. It leaks ~4GiB of RAM each time it is run - which can be observed with "top".
{
"affected": [],
"aliases": [
"CVE-2021-47365"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:22Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix page leak\n\nThere\u0027s a loop in afs_extend_writeback() that adds extra pages to a write\nwe want to make to improve the efficiency of the writeback by making it\nlarger. This loop stops, however, if we hit a page we can\u0027t write back\nfrom immediately, but it doesn\u0027t get rid of the page ref we speculatively\nacquired.\n\nThis was caused by the removal of the cleanup loop when the code switched\nfrom using find_get_pages_contig() to xarray scanning as the latter only\ngets a single page at a time, not a batch.\n\nFix this by putting the page on a ref on an early break from the loop.\nUnfortunately, we can\u0027t just add that page to the pagevec we\u0027re employing\nas we\u0027ll go through that and add those pages to the RPC call.\n\nThis was found by the generic/074 test. It leaks ~4GiB of RAM each time it\nis run - which can be observed with \"top\".",
"id": "GHSA-95jq-x6q9-c9cq",
"modified": "2025-05-12T21:30:55Z",
"published": "2024-05-21T15:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47365"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/581b2027af0018944ba301d68e7af45c6d1128b5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d130b5fdd42254d92948d06347940276140c927e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-963W-7FRP-MF37
Vulnerability from github – Published: 2022-08-27 00:00 – Updated: 2022-09-02 00:01A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).
{
"affected": [],
"aliases": [
"CVE-2022-0171"
],
"database_specific": {
"cwe_ids": [
"CWE-212",
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-26T18:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).",
"id": "GHSA-963w-7frp-mf37",
"modified": "2022-09-02T00:01:10Z",
"published": "2022-08-27T00:00:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0171"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-0171"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2038940"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=683412ccf61294d727ead4a73d97397396e69a6b"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5257"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9PJQ-R2XC-HGWC
Vulnerability from github – Published: 2025-07-04 15:31 – Updated: 2025-12-18 18:30In the Linux kernel, the following vulnerability has been resolved:
sch_hfsc: make hfsc_qlen_notify() idempotent
hfsc_qlen_notify() is not idempotent either and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() callers' life:
-
update_vf() decreases cl->cl_nactive, so we can check whether it is non-zero before calling it.
-
eltree_remove() always removes RB node cl->el_node, but we can use RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe.
{
"affected": [],
"aliases": [
"CVE-2025-38177"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-04T13:15:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch_hfsc: make hfsc_qlen_notify() idempotent\n\nhfsc_qlen_notify() is not idempotent either and not friendly\nto its callers, like fq_codel_dequeue(). Let\u0027s make it idempotent\nto ease qdisc_tree_reduce_backlog() callers\u0027 life:\n\n1. update_vf() decreases cl-\u003ecl_nactive, so we can check whether it is\nnon-zero before calling it.\n\n2. eltree_remove() always removes RB node cl-\u003eel_node, but we can use\n RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe.",
"id": "GHSA-9pjq-r2xc-hgwc",
"modified": "2025-12-18T18:30:27Z",
"published": "2025-07-04T15:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38177"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0475c85426b18eccdcb7f9fb58d8f8e9c6c58c87"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/51eb3b65544c9efd6a1026889ee5fb5aa62da3bb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/72c61ffbeeb8c50f6d4d70c65d3283aa1bac57a7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9030a91235ae4845ec71902c3e0cecfc9ed1f2df"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9a5fd5c2f4d4afdd5e405083ee53e0789ce76956"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a5efc95a33bd4fcb879250852828cc58c7862970"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c1175c4ad01dbc9c979d099861fa90a754f72059"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d06476714d2819b550e0cc39222347e2c8941c9d"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Temporary files and other supporting resources should be deleted/released immediately after they are no longer needed.
No CAPEC attack patterns related to this CWE.