Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-QV9X-C8C9-RPR8

Vulnerability from github – Published: 2025-02-07 09:31 – Updated: 2025-11-03 21:32
VLAI
Details

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.

This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23085"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-07T07:15:15Z",
    "severity": "MODERATE"
  },
  "details": "A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\n\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.",
  "id": "GHSA-qv9x-c8c9-rpr8",
  "modified": "2025-11-03T21:32:35Z",
  "published": "2025-02-07T09:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00031.html"
    },
    {
      "type": "WEB",
      "url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250321-0003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QVFP-2HW2-QFFH

Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-01-15 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

binder: fix memleak of proc->delivered_freeze

If a freeze notification is cleared with BC_CLEAR_FREEZE_NOTIFICATION before calling binder_freeze_notification_done(), then it is detached from its reference (e.g. ref->freeze) but the work remains queued in proc->delivered_freeze. This leads to a memory leak when the process exits as any pending entries in proc->delivered_freeze are not freed:

unreferenced object 0xffff38e8cfa36180 (size 64): comm "binder-util", pid 655, jiffies 4294936641 hex dump (first 32 bytes): b8 e9 9e c8 e8 38 ff ff b8 e9 9e c8 e8 38 ff ff .....8.......8.. 0b 00 00 00 00 00 00 00 3c 1f 4b 00 00 00 00 00 ........<.K..... backtrace (crc 95983b32): [<000000000d0582cf>] kmemleak_alloc+0x34/0x40 [<000000009c99a513>] __kmalloc_cache_noprof+0x208/0x280 [<00000000313b1704>] binder_thread_write+0xdec/0x439c [<000000000cbd33bb>] binder_ioctl+0x1b68/0x22cc [<000000002bbedeeb>] __arm64_sys_ioctl+0x124/0x190 [<00000000b439adee>] invoke_syscall+0x6c/0x254 [<00000000173558fc>] el0_svc_common.constprop.0+0xac/0x230 [<0000000084f72311>] do_el0_svc+0x40/0x58 [<000000008b872457>] el0_svc+0x38/0x78 [<00000000ee778653>] el0t_64_sync_handler+0x120/0x12c [<00000000a8ec61bf>] el0t_64_sync+0x190/0x194

This patch fixes the leak by ensuring that any pending entries in proc->delivered_freeze are freed during binder_deferred_release().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56553"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-27T15:15:14Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix memleak of proc-\u003edelivered_freeze\n\nIf a freeze notification is cleared with BC_CLEAR_FREEZE_NOTIFICATION\nbefore calling binder_freeze_notification_done(), then it is detached\nfrom its reference (e.g. ref-\u003efreeze) but the work remains queued in\nproc-\u003edelivered_freeze. This leads to a memory leak when the process\nexits as any pending entries in proc-\u003edelivered_freeze are not freed:\n\n  unreferenced object 0xffff38e8cfa36180 (size 64):\n    comm \"binder-util\", pid 655, jiffies 4294936641\n    hex dump (first 32 bytes):\n      b8 e9 9e c8 e8 38 ff ff b8 e9 9e c8 e8 38 ff ff  .....8.......8..\n      0b 00 00 00 00 00 00 00 3c 1f 4b 00 00 00 00 00  ........\u003c.K.....\n    backtrace (crc 95983b32):\n      [\u003c000000000d0582cf\u003e] kmemleak_alloc+0x34/0x40\n      [\u003c000000009c99a513\u003e] __kmalloc_cache_noprof+0x208/0x280\n      [\u003c00000000313b1704\u003e] binder_thread_write+0xdec/0x439c\n      [\u003c000000000cbd33bb\u003e] binder_ioctl+0x1b68/0x22cc\n      [\u003c000000002bbedeeb\u003e] __arm64_sys_ioctl+0x124/0x190\n      [\u003c00000000b439adee\u003e] invoke_syscall+0x6c/0x254\n      [\u003c00000000173558fc\u003e] el0_svc_common.constprop.0+0xac/0x230\n      [\u003c0000000084f72311\u003e] do_el0_svc+0x40/0x58\n      [\u003c000000008b872457\u003e] el0_svc+0x38/0x78\n      [\u003c00000000ee778653\u003e] el0t_64_sync_handler+0x120/0x12c\n      [\u003c00000000a8ec61bf\u003e] el0t_64_sync+0x190/0x194\n\nThis patch fixes the leak by ensuring that any pending entries in\nproc-\u003edelivered_freeze are freed during binder_deferred_release().",
  "id": "GHSA-qvfp-2hw2-qffh",
  "modified": "2025-01-15T21:31:40Z",
  "published": "2024-12-27T15:31:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56553"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1db76ec2b4b206ff943e292a0b55e68ff3443598"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b8b77712142fb146fe18d2253bc8a798d522e427"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QVJM-PCPV-593P

Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2025-01-14 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

IB/hfi1: Fix a memleak in init_credit_return

When dma_alloc_coherent fails to allocate dd->cr_base[i].va, init_credit_return should deallocate dd->cr_base and dd->cr_base[i] that allocated before. Or those resources would be never freed and a memleak is triggered.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26839"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-17T10:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix a memleak in init_credit_return\n\nWhen dma_alloc_coherent fails to allocate dd-\u003ecr_base[i].va,\ninit_credit_return should deallocate dd-\u003ecr_base and\ndd-\u003ecr_base[i] that allocated before. Or those resources\nwould be never freed and a memleak is triggered.",
  "id": "GHSA-qvjm-pcpv-593p",
  "modified": "2025-01-14T15:30:49Z",
  "published": "2024-04-17T12:32:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26839"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2e4f9f20b32658ef3724aa46f7aef4908d2609e3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/52de5805c147137205662af89ed7e083d656ae25"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/809aa64ebff51eb170ee31a95f83b2d21efa32e2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8412c86e89cc78d8b513cb25cf2157a2adf3670a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b41d0ade0398007fb746213f09903d52a920e896"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cecfb90cf71d91e9efebd68b9e9b84661b277cc8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f0d857ce31a6bc7a82afcdbadb8f7417d482604b"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QWH3-QMRM-HV2R

Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-02-06 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

s390/zcrypt: don't leak memory if dev_set_name() fails

When dev_set_name() fails, zcdn_create() doesn't free the newly allocated resources. Do it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53568"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-04T16:15:52Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: don\u0027t leak memory if dev_set_name() fails\n\nWhen dev_set_name() fails, zcdn_create() doesn\u0027t free the newly\nallocated resources. Do it.",
  "id": "GHSA-qwh3-qmrm-hv2r",
  "modified": "2026-02-06T15:30:58Z",
  "published": "2025-10-04T18:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53568"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0878052579cb2773caee64812a811edcab6b5a55"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/131cd74a8e38d75239f2c81dfee53d6554eb8bf8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/147d8da33a2c2195ec63acd56cd7d80a3458c253"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/174f11ef1615ec3ab1e2189685864433c0d855a2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6252f47b78031979ad919f971dc8468b893488bd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6b0cb9c055843777b374309503d89eabeb769355"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QWJG-7MJQ-FHH3

Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-23 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

thunderbolt: Fix memory leak in tb_handle_dp_bandwidth_request()

The memory allocated in tb_queue_dp_bandwidth_request() needs to be released once the request is handled to avoid leaking it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53527"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T12:15:57Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Fix memory leak in tb_handle_dp_bandwidth_request()\n\nThe memory allocated in tb_queue_dp_bandwidth_request() needs to be\nreleased once the request is handled to avoid leaking it.",
  "id": "GHSA-qwjg-7mjq-fhh3",
  "modified": "2026-01-23T21:30:36Z",
  "published": "2025-10-01T12:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53527"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0752bb32aed2c5dd85821195a507a1079c4835f7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/596a5123cc782d458b057eb3837e66535cd0befa"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QWPM-8XH6-72RP

Vulnerability from github – Published: 2026-01-31 12:30 – Updated: 2026-03-25 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

idpf: fix memory leak in idpf_vport_rel()

Free vport->rx_ptype_lkup in idpf_vport_rel() to avoid leaking memory during a reset. Reported by kmemleak:

unreferenced object 0xff450acac838a000 (size 4096): comm "kworker/u258:5", pid 7732, jiffies 4296830044 hex dump (first 32 bytes): 00 00 00 00 00 10 00 00 00 10 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 ................ backtrace (crc 3da81902): __kmalloc_cache_noprof+0x469/0x7a0 idpf_send_get_rx_ptype_msg+0x90/0x570 [idpf] idpf_init_task+0x1ec/0x8d0 [idpf] process_one_work+0x226/0x6d0 worker_thread+0x19e/0x340 kthread+0x10f/0x250 ret_from_fork+0x251/0x2b0 ret_from_fork_asm+0x1a/0x30

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23023"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-31T12:16:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leak in idpf_vport_rel()\n\nFree vport-\u003erx_ptype_lkup in idpf_vport_rel() to avoid leaking memory\nduring a reset. Reported by kmemleak:\n\nunreferenced object 0xff450acac838a000 (size 4096):\n  comm \"kworker/u258:5\", pid 7732, jiffies 4296830044\n  hex dump (first 32 bytes):\n    00 00 00 00 00 10 00 00 00 10 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00  ................\n  backtrace (crc 3da81902):\n    __kmalloc_cache_noprof+0x469/0x7a0\n    idpf_send_get_rx_ptype_msg+0x90/0x570 [idpf]\n    idpf_init_task+0x1ec/0x8d0 [idpf]\n    process_one_work+0x226/0x6d0\n    worker_thread+0x19e/0x340\n    kthread+0x10f/0x250\n    ret_from_fork+0x251/0x2b0\n    ret_from_fork_asm+0x1a/0x30",
  "id": "GHSA-qwpm-8xh6-72rp",
  "modified": "2026-03-25T18:31:35Z",
  "published": "2026-01-31T12:30:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23023"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a4212d6732e3f674c6cc7d0b642f276d827e8f94"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ec602a2a4071eb956d656ba968c58fee09f0622d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f6242b354605faff263ca45882b148200915a3f6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QX3P-9MMP-4V8H

Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2023-08-23 13:48
VLAI
Summary
Wildfly has a memory leak vulnerability
Details

A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.wildfly:wildfly-parent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "19.0.0.Final"
            },
            {
              "fixed": "21.0.2.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.wildfly:wildfly-parent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "22.0.0.Alpha1"
            },
            {
              "fixed": "22.0.0.Beta1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "22.0.0.Alpha1"
      ]
    }
  ],
  "aliases": [
    "CVE-2020-27822"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-13T22:38:36Z",
    "nvd_published_at": "2020-12-08T01:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API\u0027s java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability.",
  "id": "GHSA-qx3p-9mmp-4v8h",
  "modified": "2023-08-23T13:48:00Z",
  "published": "2022-05-24T17:35:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27822"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wildfly/wildfly/pull/13749"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wildfly/wildfly/pull/13779"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wildfly/wildfly/commit/67ef84fd7aab789a535b137e5e506fd29d212455"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wildfly/wildfly/commit/c8b02f6a0605f4e2abfeaf21d28b7fe76171004b"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904060"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/wildfly/wildfly"
    },
    {
      "type": "WEB",
      "url": "https://issues.redhat.com/browse/WFLY-14094"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Wildfly has a memory leak vulnerability"
}

GHSA-QXF4-8XGP-WWWR

Vulnerability from github – Published: 2025-08-19 18:31 – Updated: 2026-01-07 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc()

In the error paths after fb_info structure is successfully allocated, the memory allocated in fb_deferred_io_init() for info->pagerefs is not freed. Fix that by adding the cleanup function on the error path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38612"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-19T17:15:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc()\n\nIn the error paths after fb_info structure is successfully allocated,\nthe memory allocated in fb_deferred_io_init() for info-\u003epagerefs is not\nfreed. Fix that by adding the cleanup function on the error path.",
  "id": "GHSA-qxf4-8xgp-wwwr",
  "modified": "2026-01-07T18:30:20Z",
  "published": "2025-08-19T18:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38612"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3290f62f23fae05f2ec34085eb86dfb3648ef91f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/47b3d6e8921bbb7b65c2dab8eaa8864901848c1c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6771f121ae87490ddc19eabb7450383af9e01b6d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6f9e2cf9e9c1a891a683329af35bb33ed9d38b5f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/83ea0c7b8d12c67f6c4703d6c458627a7fc45fc0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a3177955f8da3c826a18b75e54881e2e9a9c96f1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b31cf6f7716a5d3e4461763f32d812acdaec6e74"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c3b1c45c48117ed4d8797ee89d1155f16b72d490"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb2cb7dab60f9be0b435ac4a674255429a36d72c"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QXF9-65GJ-MXJ8

Vulnerability from github – Published: 2025-01-15 15:31 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: fix memory leak in tcp_conn_request()

If inet_csk_reqsk_queue_hash_add() return false, tcp_conn_request() will return without free the dst memory, which allocated in af_ops->route_req.

Here is the kmemleak stack:

unreferenced object 0xffff8881198631c0 (size 240): comm "softirq", pid 0, jiffies 4299266571 (age 1802.392s) hex dump (first 32 bytes): 00 10 9b 03 81 88 ff ff 80 98 da bc ff ff ff ff ................ 81 55 18 bb ff ff ff ff 00 00 00 00 00 00 00 00 .U.............. backtrace: [] kmem_cache_alloc+0x60c/0xa80 [] dst_alloc+0x55/0x250 [] rt_dst_alloc+0x46/0x1d0 [] __mkroute_output+0x29a/0xa50 [] ip_route_output_key_hash+0x10b/0x240 [] ip_route_output_flow+0x1d/0x90 [] inet_csk_route_req+0x2c5/0x500 [] tcp_conn_request+0x691/0x12c0 [] tcp_rcv_state_process+0x3c8/0x11b0 [] tcp_v4_do_rcv+0x156/0x3b0 [] tcp_v4_rcv+0x1cf8/0x1d80 [] ip_protocol_deliver_rcu+0xf6/0x360 [] ip_local_deliver_finish+0xe6/0x1e0 [] ip_local_deliver+0xee/0x360 [] ip_rcv+0xad/0x2f0 [] __netif_receive_skb_one_core+0x123/0x140

Call dst_release() to free the dst memory when inet_csk_reqsk_queue_hash_add() return false in tcp_conn_request().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57841"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-15T13:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix memory leak in tcp_conn_request()\n\nIf inet_csk_reqsk_queue_hash_add() return false, tcp_conn_request() will\nreturn without free the dst memory, which allocated in af_ops-\u003eroute_req.\n\nHere is the kmemleak stack:\n\nunreferenced object 0xffff8881198631c0 (size 240):\n  comm \"softirq\", pid 0, jiffies 4299266571 (age 1802.392s)\n  hex dump (first 32 bytes):\n    00 10 9b 03 81 88 ff ff 80 98 da bc ff ff ff ff  ................\n    81 55 18 bb ff ff ff ff 00 00 00 00 00 00 00 00  .U..............\n  backtrace:\n    [\u003cffffffffb93e8d4c\u003e] kmem_cache_alloc+0x60c/0xa80\n    [\u003cffffffffba11b4c5\u003e] dst_alloc+0x55/0x250\n    [\u003cffffffffba227bf6\u003e] rt_dst_alloc+0x46/0x1d0\n    [\u003cffffffffba23050a\u003e] __mkroute_output+0x29a/0xa50\n    [\u003cffffffffba23456b\u003e] ip_route_output_key_hash+0x10b/0x240\n    [\u003cffffffffba2346bd\u003e] ip_route_output_flow+0x1d/0x90\n    [\u003cffffffffba254855\u003e] inet_csk_route_req+0x2c5/0x500\n    [\u003cffffffffba26b331\u003e] tcp_conn_request+0x691/0x12c0\n    [\u003cffffffffba27bd08\u003e] tcp_rcv_state_process+0x3c8/0x11b0\n    [\u003cffffffffba2965c6\u003e] tcp_v4_do_rcv+0x156/0x3b0\n    [\u003cffffffffba299c98\u003e] tcp_v4_rcv+0x1cf8/0x1d80\n    [\u003cffffffffba239656\u003e] ip_protocol_deliver_rcu+0xf6/0x360\n    [\u003cffffffffba2399a6\u003e] ip_local_deliver_finish+0xe6/0x1e0\n    [\u003cffffffffba239b8e\u003e] ip_local_deliver+0xee/0x360\n    [\u003cffffffffba239ead\u003e] ip_rcv+0xad/0x2f0\n    [\u003cffffffffba110943\u003e] __netif_receive_skb_one_core+0x123/0x140\n\nCall dst_release() to free the dst memory when\ninet_csk_reqsk_queue_hash_add() return false in tcp_conn_request().",
  "id": "GHSA-qxf9-65gj-mxj8",
  "modified": "2025-11-03T21:32:10Z",
  "published": "2025-01-15T15:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57841"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2af69905180b3fea12f9c1db374b153a06977021"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4f4aa4aa28142d53f8b06585c478476cfe325cfc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9d38959677291552d1b0ed2689a540af279b5bf8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b0b190218c78d8aeecfba36ea3a90063b3ede52d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/de3f999bf8aee16e9da1c1224191abdc69e97c9d"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R246-G2W6-6GR3

Vulnerability from github – Published: 2026-07-08 15:32 – Updated: 2026-07-08 15:32
VLAI
Details

Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer (Custom Reports modules).

This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-10699"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-08T15:16:25Z",
    "severity": "HIGH"
  },
  "details": "Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer (Custom Reports modules).\n\nThis issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1.",
  "id": "GHSA-r246-g2w6-6gr3",
  "modified": "2026-07-08T15:32:02Z",
  "published": "2026-07-08T15:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10699"
    },
    {
      "type": "WEB",
      "url": "https://community.progress.com/s/article/MOVEit-Transfer-Critical-Security-Bulletin-June-2026"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.