CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-VPWM-38QH-R5H8
Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-20 18:31In the Linux kernel, the following vulnerability has been resolved:
ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
dev_set_name() in soundbus_add_one() allocates memory for name, it need be freed when of_device_register() fails, call soundbus_dev_put() to give up the reference that hold in device_initialize(), so that it can be freed in kobject_cleanup() when the refcount hit to 0. And other resources are also freed in i2sbus_release_dev(), so it can return 0 directly.
{
"affected": [],
"aliases": [
"CVE-2022-50431"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T12:15:34Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()\n\ndev_set_name() in soundbus_add_one() allocates memory for name, it need be\nfreed when of_device_register() fails, call soundbus_dev_put() to give up\nthe reference that hold in device_initialize(), so that it can be freed in\nkobject_cleanup() when the refcount hit to 0. And other resources are also\nfreed in i2sbus_release_dev(), so it can return 0 directly.",
"id": "GHSA-vpwm-38qh-r5h8",
"modified": "2026-01-20T18:31:51Z",
"published": "2025-10-01T12:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50431"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/027fee10e3a400cf6f3237374a1248da1082807b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4a4c8482e370d697738a78dcd7bf2780832cb712"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5bdea674534153110b90d70b02f2fbaf48b2c0eb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/802532a50acf501fdafe38a84ca2aa886d68af68"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c7524279c8ddc7dbf3463bec70e0289097959944"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ce6fd1c382a38b75557db85a2fe99d285540a03d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e81d7826b8f40430a1ea1b330e24d9a9eb4512c4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fd410d24665e4efb3c1796797181265efe553e9c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VQ86-JJFM-J2V6
Vulnerability from github – Published: 2025-03-10 21:31 – Updated: 2025-03-10 21:31In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: provide block_invalidate_folio to fix memory leak
The ntfs3 filesystem lacks the 'invalidate_folio' method and it causes memory leak. If you write to the filesystem and then unmount it, the cached written data are not freed and they are permanently leaked.
{
"affected": [],
"aliases": [
"CVE-2022-49550"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:30Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: provide block_invalidate_folio to fix memory leak\n\nThe ntfs3 filesystem lacks the \u0027invalidate_folio\u0027 method and it causes\nmemory leak. If you write to the filesystem and then unmount it, the\ncached written data are not freed and they are permanently leaked.",
"id": "GHSA-vq86-jjfm-j2v6",
"modified": "2025-03-10T21:31:09Z",
"published": "2025-03-10T21:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49550"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0753245a72ec99824677586499ee2e0919164b3f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/724bbe49c5e427cb077357d72d240a649f2e4054"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VQF3-8WJF-VM68
Vulnerability from github – Published: 2023-10-09 21:30 – Updated: 2025-11-04 21:30Buffer Overflow vulnerability in gifsicle v.1.92 allows a remote attacker to cause a denial of service via the --crop parameter in the command line parameters.
{
"affected": [],
"aliases": [
"CVE-2023-44821"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-09T20:15:10Z",
"severity": "MODERATE"
},
"details": "Buffer Overflow vulnerability in gifsicle v.1.92 allows a remote attacker to cause a denial of service via the --crop parameter in the command line parameters.",
"id": "GHSA-vqf3-8wjf-vm68",
"modified": "2025-11-04T21:30:43Z",
"published": "2023-10-09T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44821"
},
{
"type": "WEB",
"url": "https://github.com/kohler/gifsicle/issues/195"
},
{
"type": "WEB",
"url": "https://github.com/kohler/gifsicle/issues/65"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3I6Z7VAHUYX3Q4DULJ76NFD2CIFZJYH5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WLTXJS6AIKPGVOAJ7EYC4HL3NEG6CGF"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WLTXJS6AIKPGVOAJ7EYC4HL3NEG6CGF"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VQFM-GGP3-M2H4
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.
{
"affected": [],
"aliases": [
"CVE-2021-29649"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-30T21:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.",
"id": "GHSA-vqfm-ggp3-m2h4",
"modified": "2022-05-24T17:45:54Z",
"published": "2022-05-24T17:45:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29649"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VQJC-M5XH-JHX3
Vulnerability from github – Published: 2026-04-20 12:32 – Updated: 2026-05-20 21:31In the Linux kernel, the following vulnerability has been resolved:
net: skb: fix cross-cache free of KFENCE-allocated skb head
SKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a non-power-of-2 value (e.g. 704 on x86_64) to avoid collisions with generic kmalloc bucket sizes. This ensures that skb_kfree_head() can reliably use skb_end_offset to distinguish skb heads allocated from skb_small_head_cache vs. generic kmalloc caches.
However, when KFENCE is enabled, kfence_ksize() returns the exact requested allocation size instead of the slab bucket size. If a caller (e.g. bpf_test_init) allocates skb head data via kzalloc() and the requested size happens to equal SKB_SMALL_HEAD_CACHE_SIZE, then slab_build_skb() -> ksize() returns that exact value. After subtracting skb_shared_info overhead, skb_end_offset ends up matching SKB_SMALL_HEAD_HEADROOM, causing skb_kfree_head() to incorrectly free the object to skb_small_head_cache instead of back to the original kmalloc cache, resulting in a slab cross-cache free:
kmem_cache_free(skbuff_small_head): Wrong slab cache. Expected skbuff_small_head but got kmalloc-1k
Fix this by always calling kfree(head) in skb_kfree_head(). This keeps the free path generic and avoids allocator-specific misclassification for KFENCE objects.
{
"affected": [],
"aliases": [
"CVE-2026-31429"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-20T10:16:16Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skb: fix cross-cache free of KFENCE-allocated skb head\n\nSKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a non-power-of-2\nvalue (e.g. 704 on x86_64) to avoid collisions with generic kmalloc\nbucket sizes. This ensures that skb_kfree_head() can reliably use\nskb_end_offset to distinguish skb heads allocated from\nskb_small_head_cache vs. generic kmalloc caches.\n\nHowever, when KFENCE is enabled, kfence_ksize() returns the exact\nrequested allocation size instead of the slab bucket size. If a caller\n(e.g. bpf_test_init) allocates skb head data via kzalloc() and the\nrequested size happens to equal SKB_SMALL_HEAD_CACHE_SIZE, then\nslab_build_skb() -\u003e ksize() returns that exact value. After subtracting\nskb_shared_info overhead, skb_end_offset ends up matching\nSKB_SMALL_HEAD_HEADROOM, causing skb_kfree_head() to incorrectly free\nthe object to skb_small_head_cache instead of back to the original\nkmalloc cache, resulting in a slab cross-cache free:\n\n kmem_cache_free(skbuff_small_head): Wrong slab cache. Expected\n skbuff_small_head but got kmalloc-1k\n\nFix this by always calling kfree(head) in skb_kfree_head(). This keeps\nthe free path generic and avoids allocator-specific misclassification\nfor KFENCE objects.",
"id": "GHSA-vqjc-m5xh-jhx3",
"modified": "2026-05-20T21:31:28Z",
"published": "2026-04-20T12:32:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31429"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0f42e3f4fe2a58394e37241d02d9ca6ab7b7d516"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/128b03ccb2582a643983a48a37fda58df80edbde"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2d64618ea846d8d033477311f805ca487d6a6696"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/474e00b935db250cac320d10c1d3cf4e44b46721"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/60313768a8edc7094435975587c00c2d7b834083"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VQP8-9648-3QFH
Vulnerability from github – Published: 2026-05-05 18:33 – Updated: 2026-05-29 18:31In the Linux kernel, the following vulnerability has been resolved:
ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths
During code review, Joseph found that ext4_fc_replay_inode() calls ext4_get_fc_inode_loc() to get the inode location, which holds a reference to iloc.bh that must be released via brelse().
However, several error paths jump to the 'out' label without releasing iloc.bh:
- ext4_handle_dirty_metadata() failure
- sync_dirty_buffer() failure
- ext4_mark_inode_used() failure
- ext4_iget() failure
Fix this by introducing an 'out_brelse' label placed just before the existing 'out' label to ensure iloc.bh is always released.
Additionally, make ext4_fc_replay_inode() propagate errors properly instead of always returning 0.
{
"affected": [],
"aliases": [
"CVE-2026-43066"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-05T16:16:15Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix iloc.bh leak in ext4_fc_replay_inode() error paths\n\nDuring code review, Joseph found that ext4_fc_replay_inode() calls\next4_get_fc_inode_loc() to get the inode location, which holds a\nreference to iloc.bh that must be released via brelse().\n\nHowever, several error paths jump to the \u0027out\u0027 label without\nreleasing iloc.bh:\n\n - ext4_handle_dirty_metadata() failure\n - sync_dirty_buffer() failure\n - ext4_mark_inode_used() failure\n - ext4_iget() failure\n\nFix this by introducing an \u0027out_brelse\u0027 label placed just before\nthe existing \u0027out\u0027 label to ensure iloc.bh is always released.\n\nAdditionally, make ext4_fc_replay_inode() propagate errors\nproperly instead of always returning 0.",
"id": "GHSA-vqp8-9648-3qfh",
"modified": "2026-05-29T18:31:14Z",
"published": "2026-05-05T18:33:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43066"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0892f12cd49fde5d5db68137923db107f894f3a3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/19782b4c793b49a6aa4abbb307ddff3610009d21"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5a63033696e60b5d70816f1d119645ac5b0b0a03"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9c90449a9ac2cd1ba540ad2561b8b70c1bfb0a25"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c426231e3d51916e83b6d1ab7ed8a65e83bca5b4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca99cbcc316cdfd2040cc2b13d1426ccb3b3b50b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ec0a7500d8eace5b4f305fa0c594dd148f0e8d29"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7817ad399d604e8639005d87d148b5ec626ad26"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VQRC-44V8-36X8
Vulnerability from github – Published: 2024-05-17 12:31 – Updated: 2025-12-23 21:30In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
It seems that if userspace provides a correct IFA_TARGET_NETNSID value but no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr() returns -EINVAL with an elevated "struct net" refcount.
{
"affected": [],
"aliases": [
"CVE-2024-27417"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T12:15:13Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix potential \"struct net\" leak in inet6_rtm_getaddr()\n\nIt seems that if userspace provides a correct IFA_TARGET_NETNSID value\nbut no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr()\nreturns -EINVAL with an elevated \"struct net\" refcount.",
"id": "GHSA-vqrc-44v8-36x8",
"modified": "2025-12-23T21:30:17Z",
"published": "2024-05-17T12:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27417"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/10bfd453da64a057bcfd1a49fb6b271c48653cdb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1b0998fdd85776775d975d0024bca227597e836a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/33a1b6bfef6def2068c8703403759024ce17053e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/44112bc5c74e64f28f5a9127dc34066c7a09bd0f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/810fa7d5e5202fcfb22720304b755f1bdfd4c174"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8a54834c03c30e549c33d5da0975f3e1454ec906"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VRHP-W2WH-93C3
Vulnerability from github – Published: 2024-02-05 18:31 – Updated: 2025-11-04 21:31mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.
{
"affected": [],
"aliases": [
"CVE-2024-24258"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-05T18:15:52Z",
"severity": "HIGH"
},
"details": "mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.",
"id": "GHSA-vrhp-w2wh-93c3",
"modified": "2025-11-04T21:31:05Z",
"published": "2024-02-05T18:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24258"
},
{
"type": "WEB",
"url": "https://github.com/freeglut/freeglut/pull/155"
},
{
"type": "WEB",
"url": "https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_1.md"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VV6J-GM22-QXX9
Vulnerability from github – Published: 2024-05-01 06:31 – Updated: 2025-09-18 15:30In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init
Add a unreference bo in the error path, to prevent leaking a bo ref.
Return 0 on success to clarify the success path.
(cherry picked from commit a2f3d731be3893e730417ae3190760fcaffdf549)
{
"affected": [],
"aliases": [
"CVE-2024-26985"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T06:15:16Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix bo leak in intel_fb_bo_framebuffer_init\n\nAdd a unreference bo in the error path, to prevent leaking a bo ref.\n\nReturn 0 on success to clarify the success path.\n\n(cherry picked from commit a2f3d731be3893e730417ae3190760fcaffdf549)",
"id": "GHSA-vv6j-gm22-qxx9",
"modified": "2025-09-18T15:30:21Z",
"published": "2024-05-01T06:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26985"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/652ead9b746a63e4e79d7ad66d3edf0a8a5b0c2f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7d8ac0942c312abda43b407eff72d31747a7b472"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VV74-WH7G-52XW
Vulnerability from github – Published: 2024-03-01 00:30 – Updated: 2024-11-08 00:30In the Linux kernel, the following vulnerability has been resolved:
mt76: fix potential DMA mapping leak
With buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmap could potentially inherit a non-zero value from stack garbage. If this happens, it will cause DMA mappings for MCU command frames to not be unmapped after completion
{
"affected": [],
"aliases": [
"CVE-2021-47064"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-29T23:15:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: fix potential DMA mapping leak\n\nWith buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmap\ncould potentially inherit a non-zero value from stack garbage.\nIf this happens, it will cause DMA mappings for MCU command frames to not be\nunmapped after completion",
"id": "GHSA-vv74-wh7g-52xw",
"modified": "2024-11-08T00:30:44Z",
"published": "2024-03-01T00:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47064"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/91b9548d413fda488ea853cd1b9f59b572db3a0c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9b68ce2856dadc0e1cb6fd21fbeb850da49efd08"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9fa26701cd1fc4d932d431971efc5746325bdfce"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b4403cee6400c5f679e9c4a82b91d61aa961eccf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.