Common Weakness Enumeration

CWE-459

Allowed

Incomplete Cleanup

Abstraction: Base · Status: Draft

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

223 vulnerabilities reference this CWE, most recent first.

GHSA-MMPF-H3X8-V558

Vulnerability from github – Published: 2024-01-12 03:30 – Updated: 2024-01-12 03:30
VLAI
Details

An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS).

On all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services.

The memory usage can be monitored using the below commands.

user@host> show chassis routing-engine no-forwarding user@host> show system memory | no-more This issue affects:

Juniper Networks Junos OS

  • 21.2 versions earlier than 21.2R3-S5;
  • 21.3 versions earlier than 21.3R3-S4;
  • 21.4 versions earlier than 21.4R3-S4;
  • 22.1 versions earlier than 22.1R3-S2;
  • 22.2 versions earlier than 22.2R3-S2;
  • 22.3 versions earlier than 22.3R2-S1, 22.3R3;
  • 22.4 versions earlier than 22.4R1-S2, 22.4R2.

This issue does not affect Junos OS versions earlier than 20.4R3-S7.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21617"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-12T01:15:50Z",
    "severity": "MODERATE"
  },
  "details": "\nAn Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS).\n\nOn all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services.\n\nThe memory usage can be monitored using the below commands.\n\nuser@host\u003e show chassis routing-engine no-forwarding\nuser@host\u003e show system memory | no-more\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n  *  21.2 versions earlier than 21.2R3-S5;\n  *  21.3 versions earlier than 21.3R3-S4;\n  *  21.4 versions earlier than 21.4R3-S4;\n  *  22.1 versions earlier than 22.1R3-S2;\n  *  22.2 versions earlier than 22.2R3-S2;\n  *  22.3 versions earlier than 22.3R2-S1, 22.3R3;\n  *  22.4 versions earlier than 22.4R1-S2, 22.4R2.\n\n\n\n\nThis issue does not affect Junos OS versions earlier than 20.4R3-S7.\n\n\n\n",
  "id": "GHSA-mmpf-h3x8-v558",
  "modified": "2024-01-12T03:30:49Z",
  "published": "2024-01-12T03:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21617"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA75758"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P263-3P34-M82M

Vulnerability from github – Published: 2022-11-01 19:00 – Updated: 2022-11-03 19:00
VLAI
Details

Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42320"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-01T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0.",
  "id": "GHSA-p263-3p34-m82m",
  "modified": "2022-11-03T19:00:27Z",
  "published": "2022-11-01T19:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42320"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202402-07"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5272"
    },
    {
      "type": "WEB",
      "url": "https://xenbits.xenproject.org/xsa/advisory-417.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/11/01/7"
    },
    {
      "type": "WEB",
      "url": "http://xenbits.xen.org/xsa/advisory-417.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P2CJ-86V4-7782

Vulnerability from github – Published: 2024-06-18 21:30 – Updated: 2025-05-01 13:31
VLAI
Summary
Moodle HTTP authorization header is preserved between "emulated redirects"
Details

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.4.0-beta"
            },
            {
              "fixed": "4.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.3.0-beta"
            },
            {
              "fixed": "4.3.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.2.0-beta"
            },
            {
              "fixed": "4.2.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-38275"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-226",
      "CWE-459"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-18T22:45:35Z",
    "nvd_published_at": "2024-06-18T20:15:13Z",
    "severity": "MODERATE"
  },
  "details": "The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.",
  "id": "GHSA-p2cj-86v4-7782",
  "modified": "2025-05-01T13:31:07Z",
  "published": "2024-06-18T21:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38275"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/0df3c5837a592e6663c4d531ff6a1f776bc2f785"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/3e38c84315a7991ce5ef5f241f5e873b5ca24f01"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/836b2c23a210317d130017d77bb64e3b510869a9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/f7988538b2208c55f2c40ce4f0815901dc88049b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/moodle/moodle"
    },
    {
      "type": "WEB",
      "url": "https://moodle.org/mod/forum/discuss.php?d=459500"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Moodle HTTP authorization header is preserved between \"emulated redirects\""
}

GHSA-P7CC-J2XJ-7XP5

Vulnerability from github – Published: 2021-12-09 00:00 – Updated: 2021-12-10 00:00
VLAI
Details

There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-37092"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-08T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected.",
  "id": "GHSA-p7cc-j2xj-7xp5",
  "modified": "2021-12-10T00:00:51Z",
  "published": "2021-12-09T00:00:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37092"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2021/10"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PC4G-VW4W-2PMH

Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2024-04-04 03:11
VLAI
Details

The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close Port 1947.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-32928"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-16T13:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named \u201cSentinel License Manager\u201d that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close Port 1947.",
  "id": "GHSA-pc4g-vw4w-2pmh",
  "modified": "2024-04-04T03:11:07Z",
  "published": "2022-05-24T22:28:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32928"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-06"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PH6F-29XM-4M8P

Vulnerability from github – Published: 2022-11-11 19:00 – Updated: 2022-11-16 19:00
VLAI
Details

Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27639"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-11T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access.",
  "id": "GHSA-ph6f-29xm-4m8p",
  "modified": "2022-11-16T19:00:29Z",
  "published": "2022-11-11T19:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27639"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00683.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PHVX-V9J2-6WFR

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47
VLAI
Details

An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36322"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-14T06:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.",
  "id": "GHSA-phvx-v9j2-6wfr",
  "modified": "2022-05-24T17:47:32Z",
  "published": "2022-05-24T17:47:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36322"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d069dbe8aaf2a197142558b6fb2978189ba3454"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5096"
    },
    {
      "type": "WEB",
      "url": "https://www.starwindsoftware.com/security/sw-20220816-0001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q38Q-HVV8-223H

Vulnerability from github – Published: 2025-10-15 15:30 – Updated: 2025-10-15 15:30
VLAI
Details

When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59781"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-15T14:15:55Z",
    "severity": "HIGH"
  },
  "details": "When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization.\u00a0\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-q38q-hvv8-223h",
  "modified": "2025-10-15T15:30:28Z",
  "published": "2025-10-15T15:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59781"
    },
    {
      "type": "WEB",
      "url": "https://my.f5.com/manage/s/article/K000150637"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q4G7-PM99-9F7G

Vulnerability from github – Published: 2026-07-10 21:32 – Updated: 2026-07-13 21:31
VLAI
Details

Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code.

Triggering failure path in the MMU mapping logic by a malicious code could lead to incomplete cleanup of an internal driver state, allowing for future unauthorized access to the contents of the physical memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-7639"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-10T21:17:00Z",
    "severity": "HIGH"
  },
  "details": "Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code.\n\n\n\nTriggering failure path in the MMU mapping logic by a malicious code could lead to incomplete cleanup of an internal driver state, allowing for future unauthorized access to the contents of the physical memory.",
  "id": "GHSA-q4g7-pm99-9f7g",
  "modified": "2026-07-13T21:31:17Z",
  "published": "2026-07-10T21:32:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7639"
    },
    {
      "type": "WEB",
      "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q55G-J56Q-R6FQ

Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2025-11-17 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mm, slab: clean up slab->obj_exts always

When memory allocation profiling is disabled at runtime or due to an error, shutdown_mem_profiling() is called: slab->obj_exts which previously allocated remains. It won't be cleared by unaccount_slab() because of mem_alloc_profiling_enabled() not true. It's incorrect, slab->obj_exts should always be cleaned up in unaccount_slab() to avoid following error:

[...]BUG: Bad page state in process... .. [...]page dumped because: page still charged to cgroup

[andriy.shevchenko@linux.intel.com: fold need_slab_obj_ext() into its only user]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37908"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-20T16:15:27Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm, slab: clean up slab-\u003eobj_exts always\n\nWhen memory allocation profiling is disabled at runtime or due to an\nerror, shutdown_mem_profiling() is called: slab-\u003eobj_exts which\npreviously allocated remains.\nIt won\u0027t be cleared by unaccount_slab() because of\nmem_alloc_profiling_enabled() not true. It\u0027s incorrect, slab-\u003eobj_exts\nshould always be cleaned up in unaccount_slab() to avoid following error:\n\n[...]BUG: Bad page state in process...\n..\n[...]page dumped because: page still charged to cgroup\n\n[andriy.shevchenko@linux.intel.com: fold need_slab_obj_ext() into its only user]",
  "id": "GHSA-q55g-j56q-r6fq",
  "modified": "2025-11-17T15:30:31Z",
  "published": "2025-05-20T18:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37908"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/01db0e1a48345aa1937f3bdfc7c7108d03ebcf7e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/be8250786ca94952a19ce87f98ad9906448bc9ef"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dab2a13059a475b6392550f882276e170fe2fcff"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Temporary files and other supporting resources should be deleted/released immediately after they are no longer needed.

No CAPEC attack patterns related to this CWE.