CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-X893-HX2H-44HG
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-03 21:30In the Linux kernel, the following vulnerability has been resolved:
ipc: fix memory leak in init_mqueue_fs()
When setup_mq_sysctls() failed in init_mqueue_fs(), mqueue_inode_cachep is not released. In order to fix this issue, the release path is reordered.
{
"affected": [],
"aliases": [
"CVE-2022-50284"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T15:15:39Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipc: fix memory leak in init_mqueue_fs()\n\nWhen setup_mq_sysctls() failed in init_mqueue_fs(), mqueue_inode_cachep is\nnot released. In order to fix this issue, the release path is reordered.",
"id": "GHSA-x893-hx2h-44hg",
"modified": "2025-12-03T21:30:59Z",
"published": "2025-09-15T15:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50284"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/12b677f2c697d61e5ddbcb6c1650050a39392f54"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/28dad915abe46d38c5799a0c8130e9a2a1540385"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/86273624a68d07f129dc182b8394f487ed4de484"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X8P2-4P73-PR84
Vulnerability from github – Published: 2025-09-05 18:31 – Updated: 2025-11-25 21:32In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor().
When the nvif_vmm_type is invalid, we will return error directly without freeing the args in nvif_vmm_ctor(), which leading a memory leak. Fix it by setting the ret -EINVAL and goto done.
{
"affected": [],
"aliases": [
"CVE-2025-39679"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-05T18:15:44Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor().\n\nWhen the nvif_vmm_type is invalid, we will return error directly\nwithout freeing the args in nvif_vmm_ctor(), which leading a memory\nleak. Fix it by setting the ret -EINVAL and goto done.",
"id": "GHSA-x8p2-4p73-pr84",
"modified": "2025-11-25T21:32:03Z",
"published": "2025-09-05T18:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39679"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/72553fe19317fe93cb8591c83095c446bc7fe292"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7d9110e3b35d08832661da1a1fc2d24455981a04"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bb8aeaa3191b617c6faf8ae937252e059673b7ea"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cabcb52d76d3d42f16c344a96e098dd9d18602f8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X928-4434-CRQJ
Vulnerability from github – Published: 2026-04-14 23:32 – Updated: 2026-04-16 15:49When the PNG encoder fails to write an MNG image it can leak memory.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.12.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.12.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.12.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.12.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.12.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.12.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.12.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.12.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.12.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.12.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.12.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.12.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.12.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.12.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.12.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.12.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.12.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.12.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-14T23:32:44Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "When the PNG encoder fails to write an MNG image it can leak memory.",
"id": "GHSA-x928-4434-crqj",
"modified": "2026-04-16T15:49:58Z",
"published": "2026-04-14T23:32:44Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x928-4434-crqj"
},
{
"type": "PACKAGE",
"url": "https://github.com/ImageMagick/ImageMagick"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "ImageMagick has a memory leak in PNG encoder when writing a MNG image"
}
GHSA-X97Q-XC6X-VXW7
Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-23 21:30In the Linux kernel, the following vulnerability has been resolved:
PM / devfreq: Fix leak in devfreq_dev_release()
srcu_init_notifier_head() allocates resources that need to be released with a srcu_cleanup_notifier_head() call.
Reported by kmemleak.
{
"affected": [],
"aliases": [
"CVE-2023-53518"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T12:15:56Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM / devfreq: Fix leak in devfreq_dev_release()\n\nsrcu_init_notifier_head() allocates resources that need to be released\nwith a srcu_cleanup_notifier_head() call.\n\nReported by kmemleak.",
"id": "GHSA-x97q-xc6x-vxw7",
"modified": "2026-01-23T21:30:36Z",
"published": "2025-10-01T12:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53518"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/111bafa210ae546bee7644be730c42df9c35b66e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1640e9c72173911ad0fddb05012c01eafe082c4e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/29811f4b8255d4238cf326f3bb7129784766beab"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3354c401c68d70567d1ef25d12f4e22a7813a3c6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5693d077595de721f9ddbf9d37f40e5409707dfe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/64e6e0dc2d578c0a9e31cb4edd719f0a3ed98f6d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7462483446cb9986568ad7adae746ce5f18d2968"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8918025feb2f5f7c73f2495c158f22997e25cb02"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ab192e5e5d3b48415909a8408acfd007a607bcc0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X9F2-9H6W-H8JQ
Vulnerability from github – Published: 2023-01-20 21:30 – Updated: 2023-02-01 15:30GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function.
{
"affected": [],
"aliases": [
"CVE-2023-23145"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-20T19:15:00Z",
"severity": "HIGH"
},
"details": "GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function.",
"id": "GHSA-x9f2-9h6w-h8jq",
"modified": "2023-02-01T15:30:20Z",
"published": "2023-01-20T21:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23145"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/4ade98128cbc41d5115b97a41ca2e59529c8dd5f"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5411"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X9HV-97WR-X4J8
Vulnerability from github – Published: 2023-10-13 00:30 – Updated: 2024-04-04 08:36An Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series devices allows an unauthenticated, adjacent attacker, sending two or more genuine packets in the same VxLAN topology to possibly cause a DMA memory leak to occur under various specific operational conditions. The scenario described here is the worst-case scenario. There are other scenarios that require operator action to occur.
An indicator of compromise may be seen when multiple devices indicate that FPC0 has gone missing when issuing a show chassis fpc command for about 10 to 20 minutes, and a number of interfaces have also gone missing.
Use the following command to determine if FPC0 has gone missing from the device.
show chassis fpc detail This issue affects:
Juniper Networks Junos OS on QFX5000 Series, EX4600 Series:
- 18.4 version 18.4R2 and later versions prior to 20.4R3-S8;
- 21.1 version 21.1R1 and later versions prior to 21.2R3-S6;
- 21.3 versions prior to 21.3R3-S5;
- 21.4 versions prior to 21.4R3-S4;
- 22.1 versions prior to 22.1R3-S3;
- 22.2 versions prior to 22.2R3-S1;
- 22.3 versions prior to 22.3R2-S2, 22.3R3;
- 22.4 versions prior to 22.4R2.
{
"affected": [],
"aliases": [
"CVE-2023-44183"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-13T00:15:11Z",
"severity": "MODERATE"
},
"details": "\nAn Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series devices allows an unauthenticated, adjacent attacker, sending two or more genuine packets in the same VxLAN topology to possibly cause a DMA memory leak to occur under various specific operational conditions. The scenario described here is the worst-case scenario. There are other scenarios that require operator action to occur.\n\nAn indicator of compromise may be seen when multiple devices indicate that FPC0 has gone missing when issuing a show chassis fpc command for about 10 to 20 minutes, and a number of interfaces have also gone missing.\n\nUse the following command to determine if FPC0 has gone missing from the device.\n\nshow chassis fpc detail\nThis issue affects:\n\nJuniper Networks Junos OS on QFX5000 Series, EX4600 Series:\n\n\n\n * 18.4 version 18.4R2 and later versions prior to 20.4R3-S8;\n * 21.1 version 21.1R1 and later versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S3;\n * 22.2 versions prior to 22.2R3-S1;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3;\n * 22.4 versions prior to 22.4R2.\n\n\n\n\n\n\n",
"id": "GHSA-x9hv-97wr-x4j8",
"modified": "2024-04-04T08:36:48Z",
"published": "2023-10-13T00:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44183"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA73148"
},
{
"type": "WEB",
"url": "https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/topic-map/sdn-vxlan.html"
},
{
"type": "WEB",
"url": "https://www.juniper.net/documentation/us/en/software/junos/multicast-l2/topics/topic-map/redundant-trunk-groups.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XC2C-WJ2F-564W
Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-11-10 18:30In the Linux kernel, the following vulnerability has been resolved:
scsi: mpi3mr: Fix config page DMA memory leak
A fix for:
DMA-API: pci 0000:83:00.0: device driver has pending DMA allocations while released from device [count=1]
{
"affected": [],
"aliases": [
"CVE-2023-53120"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-02T16:15:31Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix config page DMA memory leak\n\nA fix for:\n\nDMA-API: pci 0000:83:00.0: device driver has pending DMA allocations while released from device [count=1]",
"id": "GHSA-xc2c-wj2f-564w",
"modified": "2025-11-10T18:30:29Z",
"published": "2025-05-02T18:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53120"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5fc4d698ed4b6507be2eb36d040a678adcb89da4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7d2b02172b6a2ae6aecd7ef6480b9c4bf3dc59f4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dca06ccf13de14e144d34f158f73ae0032f80e63"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XC3G-CM27-MCMG
Vulnerability from github – Published: 2024-03-03 00:30 – Updated: 2024-12-11 15:31In the Linux kernel, the following vulnerability has been resolved:
erofs: fix memory leak of LZMA global compressed deduplication
When stressing microLZMA EROFS images with the new global compressed
deduplication feature enabled (-Ededupe), I found some short-lived
temporary pages weren't properly released, which could slowly cause
unexpected OOMs hours later.
Let's fix it now (LZ4 and DEFLATE don't have this issue.)
{
"affected": [],
"aliases": [
"CVE-2023-52526"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-02T22:15:48Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix memory leak of LZMA global compressed deduplication\n\nWhen stressing microLZMA EROFS images with the new global compressed\ndeduplication feature enabled (`-Ededupe`), I found some short-lived\ntemporary pages weren\u0027t properly released, which could slowly cause\nunexpected OOMs hours later.\n\nLet\u0027s fix it now (LZ4 and DEFLATE don\u0027t have this issue.)",
"id": "GHSA-xc3g-cm27-mcmg",
"modified": "2024-12-11T15:31:14Z",
"published": "2024-03-03T00:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52526"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6a5a8f0a9740f865693d5aa97a42cc4504538e18"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/75a5221630fe5aa3fedba7a06be618db0f79ba1e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c955751cbf864cf2055117dd3fe7f780d2a57b56"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XCXP-6M6X-8JPJ
Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-11 15:30In the Linux kernel, the following vulnerability has been resolved:
USB: ULPI: fix memory leak with using debugfs_lookup()
When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.
{
"affected": [],
"aliases": [
"CVE-2023-53410"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T14:15:44Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: ULPI: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time. To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once.",
"id": "GHSA-xcxp-6m6x-8jpj",
"modified": "2025-12-11T15:30:30Z",
"published": "2025-09-18T15:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53410"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2b8aa879e28df11e45855b04788050c61fb6b02a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8f4d25eba599c4bd4b5ea8ae8752cda480a9d563"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dcbe69f4f743a938344b32e60531ea55355e0c08"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XFFQ-295C-GMG5
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-05 17:48In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix memory leak in ath12k_pci_remove()
Kmemleak reported this error:
unreferenced object 0xffff1c165cec3060 (size 32): comm "insmod", pid 560, jiffies 4296964570 (age 235.596s) backtrace: [<000000005434db68>] __kmem_cache_alloc_node+0x1f4/0x2c0 [<000000001203b155>] kmalloc_trace+0x40/0x88 [<0000000028adc9c8>] _request_firmware+0xb8/0x608 [<00000000cad1aef7>] firmware_request_nowarn+0x50/0x80 [<000000005011a682>] local_pci_probe+0x48/0xd0 [<00000000077cd295>] pci_device_probe+0xb4/0x200 [<0000000087184c94>] really_probe+0x150/0x2c0
The firmware memory was allocated in ath12k_pci_probe(), but not freed in ath12k_pci_remove() in case ATH12K_FLAG_QMI_FAIL bit is set. So call ath12k_fw_unmap() to free the memory.
Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.2.0-02280-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1
{
"affected": [],
"aliases": [
"CVE-2025-37744"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T13:15:53Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix memory leak in ath12k_pci_remove()\n\nKmemleak reported this error:\n\n unreferenced object 0xffff1c165cec3060 (size 32):\n comm \"insmod\", pid 560, jiffies 4296964570 (age 235.596s)\n backtrace:\n [\u003c000000005434db68\u003e] __kmem_cache_alloc_node+0x1f4/0x2c0\n [\u003c000000001203b155\u003e] kmalloc_trace+0x40/0x88\n [\u003c0000000028adc9c8\u003e] _request_firmware+0xb8/0x608\n [\u003c00000000cad1aef7\u003e] firmware_request_nowarn+0x50/0x80\n [\u003c000000005011a682\u003e] local_pci_probe+0x48/0xd0\n [\u003c00000000077cd295\u003e] pci_device_probe+0xb4/0x200\n [\u003c0000000087184c94\u003e] really_probe+0x150/0x2c0\n\nThe firmware memory was allocated in ath12k_pci_probe(), but not\nfreed in ath12k_pci_remove() in case ATH12K_FLAG_QMI_FAIL bit is\nset. So call ath12k_fw_unmap() to free the memory.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.2.0-02280-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1",
"id": "GHSA-xffq-295c-gmg5",
"modified": "2025-11-05T17:48:22Z",
"published": "2025-05-01T15:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37744"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1b24394ed5c8a8d8f7b9e3aa9044c31495d46f2e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3cb47b50926a5b9eef8c06506a14cdc0f3d95c53"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/52e3132e62c31b5ade43dc4495fa81175e6e8398"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cb8f4c5f9c487d82a566672b5ed0c9f05e40659b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.