CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-MMCP-JRF9-G4J3
Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2025-12-16 21:30In the Linux kernel, the following vulnerability has been resolved:
qibfs: fix another leak
failure to allocate inode => leaked dentry...
this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low...
{
"affected": [],
"aliases": [
"CVE-2025-37983"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-20T18:15:45Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nqibfs: fix _another_ leak\n\nfailure to allocate inode =\u003e leaked dentry...\n\nthis one had been there since the initial merge; to be fair,\nif we are that far OOM, the odds of failing at that particular\nallocation are low...",
"id": "GHSA-mmcp-jrf9-g4j3",
"modified": "2025-12-16T21:30:49Z",
"published": "2025-05-20T18:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37983"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/24faa6ea274a2b96d0a78a0996c3137c2b2a65f0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3c2fde33e3e505dfd1a895d1f24bad650c655e14"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/47ab2caba495c1d6a899d284e541a8df656dcfe9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/545defa656568c74590317cd30068f85134a8216"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5d53e88d8370b9ab14dd830abb410d9a2671edb6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5e280cce3a29b7fe7b828c6ccd5aa5ba87ceb6b6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5fe708c5e3c8b2152c6caaa67243e431a5d6cca3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bdb43af4fdb39f844ede401bdb1258f67a580a27"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MMCW-F5QH-65Q3
Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2025-04-02 15:30In the Linux kernel, the following vulnerability has been resolved:
net/handshake: Fix handshake_req_destroy_test1
Recently, handshake_req_destroy_test1 started failing:
Expected handshake_req_destroy_test == req, but handshake_req_destroy_test == 0000000000000000 req == 0000000060f99b40 not ok 11 req_destroy works
This is because "sock_release(sock)" was replaced with "fput(filp)" to address a memory leak. Note that sock_release() is synchronous but fput() usually delays the final close and clean-up.
The delay is not consequential in the other cases that were changed but handshake_req_destroy_test1 is testing that handshake_req_cancel() followed by closing the file actually does call the ->hp_destroy method. Thus the PTR_EQ test at the end has to be sure that the final close is complete before it checks the pointer.
We cannot use a completion here because if ->hp_destroy is never called (ie, there is an API bug) then the test will hang.
Reported by: Guenter Roeck linux@roeck-us.net
{
"affected": [],
"aliases": [
"CVE-2024-26831"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T10:15:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/handshake: Fix handshake_req_destroy_test1\n\nRecently, handshake_req_destroy_test1 started failing:\n\nExpected handshake_req_destroy_test == req, but\n handshake_req_destroy_test == 0000000000000000\n req == 0000000060f99b40\nnot ok 11 req_destroy works\n\nThis is because \"sock_release(sock)\" was replaced with \"fput(filp)\"\nto address a memory leak. Note that sock_release() is synchronous\nbut fput() usually delays the final close and clean-up.\n\nThe delay is not consequential in the other cases that were changed\nbut handshake_req_destroy_test1 is testing that handshake_req_cancel()\nfollowed by closing the file actually does call the -\u003ehp_destroy\nmethod. Thus the PTR_EQ test at the end has to be sure that the\nfinal close is complete before it checks the pointer.\n\nWe cannot use a completion here because if -\u003ehp_destroy is never\ncalled (ie, there is an API bug) then the test will hang.\n\nReported by: Guenter Roeck \u003clinux@roeck-us.net\u003e",
"id": "GHSA-mmcw-f5qh-65q3",
"modified": "2025-04-02T15:30:50Z",
"published": "2024-04-17T12:32:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26831"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4e1d71cabb19ec2586827adfc60d68689c68c194"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7f97805b8df6e33850e225e6bd3ebd9e246920af"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d74226e03df1bf19848f18344401f254345af912"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MMVQ-WVQC-3Q85
Vulnerability from github – Published: 2026-05-01 15:30 – Updated: 2026-05-07 21:30In the Linux kernel, the following vulnerability has been resolved:
comedi: runflags cannot determine whether to reclaim chanlist
syzbot reported a memory leak [1], because commit 4e1da516debb ("comedi: Add reference counting for Comedi command handling") did not consider the exceptional exit case in do_cmd_ioctl() where runflags is not set. This caused chanlist not to be properly freed by do_become_nonbusy(), as it only frees chanlist when runflags is correctly set.
Added a check in do_become_nonbusy() for the case where runflags is not set, to properly free the chanlist memory.
[1] BUG: memory leak backtrace (crc 844a0efa): __comedi_get_user_chanlist drivers/comedi/comedi_fops.c:1815 [inline] do_cmd_ioctl.part.0+0x112/0x350 drivers/comedi/comedi_fops.c:1890 do_cmd_ioctl drivers/comedi/comedi_fops.c:1858 [inline]
{
"affected": [],
"aliases": [
"CVE-2026-31750"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-01T15:16:37Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: runflags cannot determine whether to reclaim chanlist\n\nsyzbot reported a memory leak [1], because commit 4e1da516debb (\"comedi:\nAdd reference counting for Comedi command handling\") did not consider\nthe exceptional exit case in do_cmd_ioctl() where runflags is not set.\nThis caused chanlist not to be properly freed by do_become_nonbusy(),\nas it only frees chanlist when runflags is correctly set.\n\nAdded a check in do_become_nonbusy() for the case where runflags is not\nset, to properly free the chanlist memory.\n\n[1]\nBUG: memory leak\n backtrace (crc 844a0efa):\n __comedi_get_user_chanlist drivers/comedi/comedi_fops.c:1815 [inline]\n do_cmd_ioctl.part.0+0x112/0x350 drivers/comedi/comedi_fops.c:1890\n do_cmd_ioctl drivers/comedi/comedi_fops.c:1858 [inline]",
"id": "GHSA-mmvq-wvqc-3q85",
"modified": "2026-05-07T21:30:23Z",
"published": "2026-05-01T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31750"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/29f644f14b89e6c4965e3c89251929e451190a66"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/830c848aba9f047eb6b34288975ebeb8e8621451"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MP6X-J3PP-4P34
Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-11-12 21:31In the Linux kernel, the following vulnerability has been resolved:
interconnect: exynos: fix node leak in probe PM QoS error path
Make sure to add the newly allocated interconnect node to the provider before adding the PM QoS request so that the node is freed on errors.
{
"affected": [],
"aliases": [
"CVE-2023-53092"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-02T16:15:28Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: exynos: fix node leak in probe PM QoS error path\n\nMake sure to add the newly allocated interconnect node to the provider\nbefore adding the PM QoS request so that the node is freed on errors.",
"id": "GHSA-mp6x-j3pp-4p34",
"modified": "2025-11-12T21:31:01Z",
"published": "2025-05-02T18:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53092"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3aab264875bf3c915ea2517fae1eec213e0b4987"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b71dd43bd49bd68186c1d19dbeedee219e003149"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c479e4ac4a3d1485a48599e66ce46547c1367828"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fd4738ae1a0c216d25360a98e835967b06d6a253"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MP79-8QQ6-QP9G
Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-02 21:32In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix possible kfree_skb of ERR_PTR
After the patch in the "Fixes" tag, the allocation of the "reply" skb can happen either before or after locking the ovs_mutex.
However, error cleanups still follow the classical reversed order, assuming "reply" is allocated before locking: it is freed after unlocking.
If "reply" allocation happens after locking the mutex and it fails, "reply" is left with an ERR_PTR, and execution jumps to the correspondent cleanup stage which will try to free an invalid pointer.
Fix this by setting the pointer to NULL after having saved its error value.
{
"affected": [],
"aliases": [
"CVE-2026-53227"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T09:16:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix possible kfree_skb of ERR_PTR\n\nAfter the patch in the \"Fixes\" tag, the allocation of the \"reply\" skb\ncan happen either before or after locking the ovs_mutex.\n\nHowever, error cleanups still follow the classical reversed order,\nassuming \"reply\" is allocated before locking: it is freed after unlocking.\n\nIf \"reply\" allocation happens after locking the mutex and it fails,\n\"reply\" is left with an ERR_PTR, and execution jumps to the correspondent\ncleanup stage which will try to free an invalid pointer.\n\nFix this by setting the pointer to NULL after having saved its error\nvalue.",
"id": "GHSA-mp79-8qq6-qp9g",
"modified": "2026-07-02T21:32:06Z",
"published": "2026-06-25T09:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53227"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0bb5b2dc1b90aa7dd1473fc8c4d813a29255ff8d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/25fdf53698535fe8790237f5a8a9626791429785"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/895d1dd9057cde1687fa0f4286d47ceed0b82997"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/971b1b37774f13acc5add0a2843f8598446b8598"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e248fb2e680deb2bd37bac551b72638fe4938a76"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e3d509a1b71396e1452060dbf84a805fd1c3c549"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ecc55aad3390129a87106841f4b68bf3d70c9264"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ee30dd2909d8b98619f4341c70ec8dc8e155ab02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MP8M-M46Q-CQX4
Vulnerability from github – Published: 2026-01-23 15:31 – Updated: 2026-02-26 21:31In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix memory and information leak in smb3_reconfigure()
In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without freeing and erasing the newly allocated new_password and new_password2. This causes both a memory leak and a potential information leak.
Fix this by calling kfree_sensitive() on both password buffers before returning in this error case.
{
"affected": [],
"aliases": [
"CVE-2025-71151"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-23T15:16:05Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix memory and information leak in smb3_reconfigure()\n\nIn smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the\nfunction returns immediately without freeing and erasing the newly\nallocated new_password and new_password2. This causes both a memory leak\nand a potential information leak.\n\nFix this by calling kfree_sensitive() on both password buffers before\nreturning in this error case.",
"id": "GHSA-mp8m-m46q-cqx4",
"modified": "2026-02-26T21:31:26Z",
"published": "2026-01-23T15:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71151"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5679cc90bb5415801fa29041da0319d9e15d295d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bb82aaee16907dc4d0b9b0ca7953ceb3edc328c6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bc390b2737205163e48cc1655f6a0c8cd55b02fc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cb6d5aa9c0f10074f1ad056c3e2278ad2cc7ec8d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MP8V-432G-7V26
Vulnerability from github – Published: 2024-11-09 12:30 – Updated: 2025-11-04 00:32In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address
The device stores IPv6 addresses that are used for encapsulation in linear memory that is managed by the driver.
Changing the remote address of an ip6gre net device never worked properly, but since cited commit the following reproducer [1] would result in a warning [2] and a memory leak [3]. The problem is that the new remote address is never added by the driver to its hash table (and therefore the device) and the old address is never removed from it.
Fix by programming the new address when the configuration of the ip6gre net device changes and removing the old one. If the address did not change, then the above would result in increasing the reference count of the address and then decreasing it.
[1] # ip link add name bla up type ip6gre local 2001:db8:1::1 remote 2001:db8:2::1 tos inherit ttl inherit # ip link set dev bla type ip6gre remote 2001:db8:3::1 # ip link del dev bla # devlink dev reload pci/0000:01:00.0
[2] WARNING: CPU: 0 PID: 1682 at drivers/net/ethernet/mellanox/mlxsw/spectrum.c:3002 mlxsw_sp_ipv6_addr_put+0x140/0x1d0 Modules linked in: CPU: 0 UID: 0 PID: 1682 Comm: ip Not tainted 6.12.0-rc3-custom-g86b5b55bc835 #151 Hardware name: Nvidia SN5600/VMOD0013, BIOS 5.13 05/31/2023 RIP: 0010:mlxsw_sp_ipv6_addr_put+0x140/0x1d0 [...] Call Trace: mlxsw_sp_router_netdevice_event+0x55f/0x1240 notifier_call_chain+0x5a/0xd0 call_netdevice_notifiers_info+0x39/0x90 unregister_netdevice_many_notify+0x63e/0x9d0 rtnl_dellink+0x16b/0x3a0 rtnetlink_rcv_msg+0x142/0x3f0 netlink_rcv_skb+0x50/0x100 netlink_unicast+0x242/0x390 netlink_sendmsg+0x1de/0x420 _syssendmsg+0x2bd/0x320 _sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xd0 do_syscall_64+0x9e/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f
[3] unreferenced object 0xffff898081f597a0 (size 32): comm "ip", pid 1626, jiffies 4294719324 hex dump (first 32 bytes): 20 01 0d b8 00 02 00 00 00 00 00 00 00 00 00 01 ............... 21 49 61 83 80 89 ff ff 00 00 00 00 01 00 00 00 !Ia............. backtrace (crc fd9be911): [<00000000df89c55d>] __kmalloc_cache_noprof+0x1da/0x260 [<00000000ff2a1ddb>] mlxsw_sp_ipv6_addr_kvdl_index_get+0x281/0x340 [<000000009ddd445d>] mlxsw_sp_router_netdevice_event+0x47b/0x1240 [<00000000743e7757>] notifier_call_chain+0x5a/0xd0 [<000000007c7b9e13>] call_netdevice_notifiers_info+0x39/0x90 [<000000002509645d>] register_netdevice+0x5f7/0x7a0 [<00000000c2e7d2a9>] ip6gre_newlink_common.isra.0+0x65/0x130 [<0000000087cd6d8d>] ip6gre_newlink+0x72/0x120 [<000000004df7c7cc>] rtnl_newlink+0x471/0xa20 [<0000000057ed632a>] rtnetlink_rcv_msg+0x142/0x3f0 [<0000000032e0d5b5>] netlink_rcv_skb+0x50/0x100 [<00000000908bca63>] netlink_unicast+0x242/0x390 [<00000000cdbe1c87>] netlink_sendmsg+0x1de/0x420 [<0000000011db153e>] _syssendmsg+0x2bd/0x320 [<000000003b6d53eb>] _sys_sendmsg+0x9a/0xe0 [<00000000cae27c62>] __sys_sendmsg+0x7a/0xd0
{
"affected": [],
"aliases": [
"CVE-2024-50252"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-09T11:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address\n\nThe device stores IPv6 addresses that are used for encapsulation in\nlinear memory that is managed by the driver.\n\nChanging the remote address of an ip6gre net device never worked\nproperly, but since cited commit the following reproducer [1] would\nresult in a warning [2] and a memory leak [3]. The problem is that the\nnew remote address is never added by the driver to its hash table (and\ntherefore the device) and the old address is never removed from it.\n\nFix by programming the new address when the configuration of the ip6gre\nnet device changes and removing the old one. If the address did not\nchange, then the above would result in increasing the reference count of\nthe address and then decreasing it.\n\n[1]\n # ip link add name bla up type ip6gre local 2001:db8:1::1 remote 2001:db8:2::1 tos inherit ttl inherit\n # ip link set dev bla type ip6gre remote 2001:db8:3::1\n # ip link del dev bla\n # devlink dev reload pci/0000:01:00.0\n\n[2]\nWARNING: CPU: 0 PID: 1682 at drivers/net/ethernet/mellanox/mlxsw/spectrum.c:3002 mlxsw_sp_ipv6_addr_put+0x140/0x1d0\nModules linked in:\nCPU: 0 UID: 0 PID: 1682 Comm: ip Not tainted 6.12.0-rc3-custom-g86b5b55bc835 #151\nHardware name: Nvidia SN5600/VMOD0013, BIOS 5.13 05/31/2023\nRIP: 0010:mlxsw_sp_ipv6_addr_put+0x140/0x1d0\n[...]\nCall Trace:\n \u003cTASK\u003e\n mlxsw_sp_router_netdevice_event+0x55f/0x1240\n notifier_call_chain+0x5a/0xd0\n call_netdevice_notifiers_info+0x39/0x90\n unregister_netdevice_many_notify+0x63e/0x9d0\n rtnl_dellink+0x16b/0x3a0\n rtnetlink_rcv_msg+0x142/0x3f0\n netlink_rcv_skb+0x50/0x100\n netlink_unicast+0x242/0x390\n netlink_sendmsg+0x1de/0x420\n ____sys_sendmsg+0x2bd/0x320\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xd0\n do_syscall_64+0x9e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n[3]\nunreferenced object 0xffff898081f597a0 (size 32):\n comm \"ip\", pid 1626, jiffies 4294719324\n hex dump (first 32 bytes):\n 20 01 0d b8 00 02 00 00 00 00 00 00 00 00 00 01 ...............\n 21 49 61 83 80 89 ff ff 00 00 00 00 01 00 00 00 !Ia.............\n backtrace (crc fd9be911):\n [\u003c00000000df89c55d\u003e] __kmalloc_cache_noprof+0x1da/0x260\n [\u003c00000000ff2a1ddb\u003e] mlxsw_sp_ipv6_addr_kvdl_index_get+0x281/0x340\n [\u003c000000009ddd445d\u003e] mlxsw_sp_router_netdevice_event+0x47b/0x1240\n [\u003c00000000743e7757\u003e] notifier_call_chain+0x5a/0xd0\n [\u003c000000007c7b9e13\u003e] call_netdevice_notifiers_info+0x39/0x90\n [\u003c000000002509645d\u003e] register_netdevice+0x5f7/0x7a0\n [\u003c00000000c2e7d2a9\u003e] ip6gre_newlink_common.isra.0+0x65/0x130\n [\u003c0000000087cd6d8d\u003e] ip6gre_newlink+0x72/0x120\n [\u003c000000004df7c7cc\u003e] rtnl_newlink+0x471/0xa20\n [\u003c0000000057ed632a\u003e] rtnetlink_rcv_msg+0x142/0x3f0\n [\u003c0000000032e0d5b5\u003e] netlink_rcv_skb+0x50/0x100\n [\u003c00000000908bca63\u003e] netlink_unicast+0x242/0x390\n [\u003c00000000cdbe1c87\u003e] netlink_sendmsg+0x1de/0x420\n [\u003c0000000011db153e\u003e] ____sys_sendmsg+0x2bd/0x320\n [\u003c000000003b6d53eb\u003e] ___sys_sendmsg+0x9a/0xe0\n [\u003c00000000cae27c62\u003e] __sys_sendmsg+0x7a/0xd0",
"id": "GHSA-mp8v-432g-7v26",
"modified": "2025-11-04T00:32:00Z",
"published": "2024-11-09T12:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50252"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/12ae97c531fcd3bfd774d4dfeaeac23eafe24280"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/31384aa2ad05c29c7745000f321154f42de24d1a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c1bbdbe07f0bc3bc9f87efe4672d67208c6d6942"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d8f298eb6659eb6a38e26b79e77de4449dc6e61b"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MQ3C-V59W-HJF6
Vulnerability from github – Published: 2025-03-27 18:31 – Updated: 2025-04-15 15:30In the Linux kernel, the following vulnerability has been resolved:
drm/drm_vma_manager: Add drm_vma_node_allow_once()
Currently there is no easy way for a drm driver to safely check and allow drm_vma_offset_node for a drm file just once. Allow drm drivers to call non-refcounted version of drm_vma_node_allow() so that a driver doesn't need to keep track of each drm_vma_node_allow() to call subsequent drm_vma_node_revoke() to prevent memory leak.
{
"affected": [],
"aliases": [
"CVE-2023-53001"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-27T17:15:48Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/drm_vma_manager: Add drm_vma_node_allow_once()\n\nCurrently there is no easy way for a drm driver to safely check and allow\ndrm_vma_offset_node for a drm file just once. Allow drm drivers to call\nnon-refcounted version of drm_vma_node_allow() so that a driver doesn\u0027t\nneed to keep track of each drm_vma_node_allow() to call subsequent\ndrm_vma_node_revoke() to prevent memory leak.",
"id": "GHSA-mq3c-v59w-hjf6",
"modified": "2025-04-15T15:30:52Z",
"published": "2025-03-27T18:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53001"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/67444f8ca31cdaf45e0b761241ad49b1ae04bcf9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/899d3a3c19ac0e5da013ce34833dccb97d19b5e4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MQFQ-HH73-G45M
Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2025-02-03 18:30In the Linux kernel, the following vulnerability has been resolved:
cxl/region: Fix memregion leaks in devm_cxl_add_region()
Move the mode verification to __create_region() before allocating the memregion to avoid the memregion leaks.
{
"affected": [],
"aliases": [
"CVE-2024-40936"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-12T13:15:16Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix memregion leaks in devm_cxl_add_region()\n\nMove the mode verification to __create_region() before allocating the\nmemregion to avoid the memregion leaks.",
"id": "GHSA-mqfq-hh73-g45m",
"modified": "2025-02-03T18:30:37Z",
"published": "2024-07-12T15:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40936"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/49ba7b515c4c0719b866d16f068e62d16a8a3dd1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bbb5d8746381c82f7e0fb6171094d375b492f266"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d8316838aa0686da63a8be4194b7a17b0103ae4a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MQJ7-W9R3-Q3P2
Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-08-06 00:00Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
{
"affected": [],
"aliases": [
"CVE-2021-1309"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-08T04:15:00Z",
"severity": "HIGH"
},
"details": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",
"id": "GHSA-mqj7-w9r3-q3p2",
"modified": "2022-08-06T00:00:40Z",
"published": "2022-05-24T17:46:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1309"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.