CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-3R6G-FFRP-58WF
Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-16 21:30In the Linux kernel, the following vulnerability has been resolved:
fs/binfmt_elf: Fix memory leak in load_elf_binary()
There is a memory leak reported by kmemleak:
unreferenced object 0xffff88817104ef80 (size 224): comm "xfs_admin", pid 47165, jiffies 4298708825 (age 1333.476s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 60 a8 b3 00 81 88 ff ff a8 10 5a 00 81 88 ff ff `.........Z..... backtrace: [] __alloc_file+0x21/0x250 [] alloc_empty_file+0x41/0xf0 [] path_openat+0xea/0x3d30 [] do_filp_open+0x1b9/0x290 [] do_open_execat+0xce/0x5b0 [] open_exec+0x27/0x50 [] load_elf_binary+0x510/0x3ed0 [] bprm_execve+0x599/0x1240 [] do_execveat_common.isra.0+0x4c7/0x680 [] __x64_sys_execve+0x88/0xb0 [] do_syscall_64+0x35/0x80
If "interp_elf_ex" fails to allocate memory in load_elf_binary(), the program will take the "out_free_ph" error handing path, resulting in "interpreter" file resource is not released.
Fix it by adding an error handing path "out_free_file", which will release the file resource when "interp_elf_ex" failed to allocate memory.
{
"affected": [],
"aliases": [
"CVE-2022-50466"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T12:15:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/binfmt_elf: Fix memory leak in load_elf_binary()\n\nThere is a memory leak reported by kmemleak:\n\n unreferenced object 0xffff88817104ef80 (size 224):\n comm \"xfs_admin\", pid 47165, jiffies 4298708825 (age 1333.476s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 60 a8 b3 00 81 88 ff ff a8 10 5a 00 81 88 ff ff `.........Z.....\n backtrace:\n [\u003cffffffff819171e1\u003e] __alloc_file+0x21/0x250\n [\u003cffffffff81918061\u003e] alloc_empty_file+0x41/0xf0\n [\u003cffffffff81948cda\u003e] path_openat+0xea/0x3d30\n [\u003cffffffff8194ec89\u003e] do_filp_open+0x1b9/0x290\n [\u003cffffffff8192660e\u003e] do_open_execat+0xce/0x5b0\n [\u003cffffffff81926b17\u003e] open_exec+0x27/0x50\n [\u003cffffffff81a69250\u003e] load_elf_binary+0x510/0x3ed0\n [\u003cffffffff81927759\u003e] bprm_execve+0x599/0x1240\n [\u003cffffffff8192a997\u003e] do_execveat_common.isra.0+0x4c7/0x680\n [\u003cffffffff8192b078\u003e] __x64_sys_execve+0x88/0xb0\n [\u003cffffffff83bbf0a5\u003e] do_syscall_64+0x35/0x80\n\nIf \"interp_elf_ex\" fails to allocate memory in load_elf_binary(),\nthe program will take the \"out_free_ph\" error handing path,\nresulting in \"interpreter\" file resource is not released.\n\nFix it by adding an error handing path \"out_free_file\", which will\nrelease the file resource when \"interp_elf_ex\" failed to allocate\nmemory.",
"id": "GHSA-3r6g-ffrp-58wf",
"modified": "2026-01-16T21:30:29Z",
"published": "2025-10-01T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50466"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/265b6fb780f57d10449a40e94219b28fa52479cc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/594d2a14f2168c09b13b114c3d457aa939403e52"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/706215300411d48db6b51a5832b872632a84bbc1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/acd9b4914f1c5928c7ae8ebc623d6291eb1a573a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3R7H-WXV5-QW3V
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c.
{
"affected": [],
"aliases": [
"CVE-2020-22040"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-01T20:15:00Z",
"severity": "MODERATE"
},
"details": "A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c.",
"id": "GHSA-3r7h-wxv5-qw3v",
"modified": "2022-05-24T19:03:40Z",
"published": "2022-05-24T19:03:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22040"
},
{
"type": "WEB",
"url": "https://trac.ffmpeg.org/ticket/8283"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3RCQ-39XP-7XJP
Vulnerability from github – Published: 2024-05-21 14:49 – Updated: 2025-12-10 18:45Impact
When storing unbounded types in a BTreeMap, a node is represented as a linked list of "memory chunks". It was discovered recently that when we deallocate a node, in some cases only the first memory chunk is deallocated, and the rest of the memory chunks remain (incorrectly) allocated, causing a memory leak.
In the worst case, depending on how a canister uses the BTreeMap, an adversary could interact with the canister through its API and trigger interactions with the map that keep consuming memory due to the memory leak. This could potentially lead to using an excessive amount of memory, or even running out of memory.
This issue has been fixed in #212 by changing the logic for deallocating nodes to ensure that all of a node's memory chunks are deallocated. Tests have been added to prevent regressions of this nature moving forward.
Note: Users of stable-structure < 0.6.0 are not affected.
Patches
The problem has been fixed in PR #212 and users are asked to upgrade to version 0.6.4.
Workarounds
Users who are not storing unbounded types in BTreeMap are not affected and do not need to upgrade. Otherwise, an upgrade to version 0.6.4 is necessary.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "ic-stable-structures"
},
"ranges": [
{
"events": [
{
"introduced": "0.6.0"
},
{
"fixed": "0.6.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-4435"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-21T14:49:48Z",
"nvd_published_at": "2024-05-21T10:15:10Z",
"severity": "MODERATE"
},
"details": "### Impact\nWhen storing unbounded types in a `BTreeMap`, a node is represented as a linked list of \"memory chunks\". It was discovered recently that when we deallocate a node, in some cases only the first memory chunk is deallocated, and the rest of the memory chunks remain (incorrectly) allocated, causing a memory leak.\n\nIn the worst case, depending on how a canister uses the `BTreeMap`, an adversary could interact with the canister through its API and trigger interactions with the map that keep consuming memory due to the memory leak. This could potentially lead to using an excessive amount of memory, or even running out of memory. \n\nThis issue has been fixed in #212 by changing the logic for deallocating nodes to ensure that all of a node\u0027s memory chunks are deallocated. Tests have been added to prevent regressions of this nature moving forward.\n\n**Note:** Users of stable-structure \u003c 0.6.0 are not affected.\n\n### Patches\nThe problem has been fixed in PR #212 and users are asked to upgrade to version `0.6.4`.\n\n### Workarounds\nUsers who are not storing unbounded types in `BTreeMap` are not affected and do not need to upgrade. Otherwise, an upgrade to version `0.6.4` is necessary.",
"id": "GHSA-3rcq-39xp-7xjp",
"modified": "2025-12-10T18:45:24Z",
"published": "2024-05-21T14:49:48Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dfinity/stable-structures/security/advisories/GHSA-3rcq-39xp-7xjp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4435"
},
{
"type": "WEB",
"url": "https://github.com/dfinity/stable-structures/pull/212"
},
{
"type": "WEB",
"url": "https://github.com/dfinity/stable-structures/commit/4f6b8ae521884833498bae26369c353c10f28ea7"
},
{
"type": "WEB",
"url": "https://docs.rs/ic-stable-structures/0.6.4/ic_stable_structures"
},
{
"type": "PACKAGE",
"url": "https://github.com/dfinity/stable-structures"
},
{
"type": "WEB",
"url": "https://internetcomputer.org/docs/current/developer-docs/smart-contracts/maintain/storage#stable-memory"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0406.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "ic-stable-structures vulnerable to BTreeMap memory leak when deallocating nodes with overflows"
}
GHSA-3V69-R3X2-QGP5
Vulnerability from github – Published: 2022-01-11 00:00 – Updated: 2022-01-19 00:01When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service.
{
"affected": [],
"aliases": [
"CVE-2021-23218"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-10T16:15:00Z",
"severity": "HIGH"
},
"details": "When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service.",
"id": "GHSA-3v69-r3x2-qgp5",
"modified": "2022-01-19T00:01:53Z",
"published": "2022-01-11T00:00:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23218"
},
{
"type": "WEB",
"url": "https://github.com/Mirantis/security/blob/main/advisories/0002.md"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3V87-WMQV-57CX
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-19 15:33In the Linux kernel, the following vulnerability has been resolved:
xfs: fix a resource leak in xfs_alloc_buftarg()
In the error path, call fs_put_dax() to drop the DAX device reference.
{
"affected": [],
"aliases": [
"CVE-2026-46005"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:18Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix a resource leak in xfs_alloc_buftarg()\n\nIn the error path, call fs_put_dax() to drop the DAX\ndevice reference.",
"id": "GHSA-3v87-wmqv-57cx",
"modified": "2026-06-19T15:33:12Z",
"published": "2026-05-27T15:33:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46005"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/28a6c132b8c6e5eeefa889c4fb43d65b12989d48"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/29a7b2614357393b176ef06ba5bc3ff5afc8df69"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5804cb507233ed767a83ac70527b2f6c4566ec75"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5c293a1e1ef0f838772d20ae8afae4cbd87cd3f9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/82fb9da6477d08bdab954dc7bc081a41f2f9cae6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ed2d6442e61169e565727ba15c4f6a0cb5ce16df"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3VFV-WC96-X87R
Vulnerability from github – Published: 2023-10-13 00:30 – Updated: 2024-04-04 08:37An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS).
On all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. Continued execution of this specific LDP command can lead to sustained Denial of Service condition.
This issue affects:
Juniper Networks Junos OS on MX Series:
- All versions prior to 20.4R3-S7;
- 21.1 versions prior to 21.1R3-S5;
- 21.2 versions prior to 21.2R3-S4;
- 21.3 versions prior to 21.3R3-S4;
- 21.4 versions prior to 21.4R3-S3;
- 22.1 versions prior to 22.1R3-S1;
- 22.2 versions prior to 22.2R2-S1, 22.2R3;
- 22.3 versions prior to 22.3R1-S2, 22.3R2.
{
"affected": [],
"aliases": [
"CVE-2023-44193"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-13T00:15:12Z",
"severity": "MODERATE"
},
"details": "\nAn Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS).\n\nOn all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. Continued execution of this specific LDP command can lead to sustained Denial of Service condition.\n\nThis issue affects:\n\nJuniper Networks Junos OS on MX Series:\n\n\n\n * All versions prior to 20.4R3-S7;\n * 21.1 versions prior to 21.1R3-S5;\n * 21.2 versions prior to 21.2R3-S4;\n * 21.3 versions prior to 21.3R3-S4;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R3-S1;\n * 22.2 versions prior to 22.2R2-S1, 22.2R3;\n * 22.3 versions prior to 22.3R1-S2, 22.3R2.\n\n\n\n\n\n\n",
"id": "GHSA-3vfv-wc96-x87r",
"modified": "2024-04-04T08:37:03Z",
"published": "2023-10-13T00:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44193"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA73157"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3VP3-XRM3-4FV5
Vulnerability from github – Published: 2026-07-15 12:32 – Updated: 2026-07-15 12:32ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the MIFF encoder that occurs when a memory allocation fails during MIFF image processing, which can lead to denial of service.
{
"affected": [],
"aliases": [
"CVE-2026-61869"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-15T12:18:22Z",
"severity": "LOW"
},
"details": "ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the MIFF encoder that occurs when a memory allocation fails during MIFF image processing, which can lead to denial of service.",
"id": "GHSA-3vp3-xrm3-4fv5",
"modified": "2026-07-15T12:32:05Z",
"published": "2026-07-15T12:32:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r628-69v2-2f9c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-61869"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-miff-encoder"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3VPW-2QWH-GG2V
Vulnerability from github – Published: 2025-03-18 21:32 – Updated: 2025-10-01 21:30In the Linux kernel, the following vulnerability has been resolved:
power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
kobject_init_and_add() takes reference even when it fails. According to the doc of kobject_init_and_add():
If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object.
Fix memory leak by calling kobject_put().
{
"affected": [],
"aliases": [
"CVE-2022-49224"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:59Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init\n\nkobject_init_and_add() takes reference even when it fails.\nAccording to the doc of kobject_init_and_add()\uff1a\n\n If this function returns an error, kobject_put() must be called to\n properly clean up the memory associated with the object.\n\nFix memory leak by calling kobject_put().",
"id": "GHSA-3vpw-2qwh-gg2v",
"modified": "2025-10-01T21:30:55Z",
"published": "2025-03-18T21:32:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49224"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/19aa3c98ed7b2616e105946cec804f897837ab84"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/261041097ab3470f1120b7733cbf472712304d1e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/31cdf7897dba1f096b74f69d840f0575b8cdb9ae"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/41ed61364285ff38bbbe9ca8a45c8372ba72921d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6a4760463dbc6b603690938c468839985189ce0a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/879356a6a05559582b0a7895d86d2d4359745c08"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c32f6b6196b6efc1c68990dfeaac36fb8eb3b8e1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/db3a61ef8e6aef3b888baa6a85926c2230c2cc56"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ffb8e92b4cef92bd25563cf3d8b4489eb22bc61f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3VPW-PW66-4MJH
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2025-09-23 21:30In the Linux kernel, the following vulnerability has been resolved:
RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
If cma_listen_on_all() fails it leaves the per-device ID still on the listen_list but the state is not set to RDMA_CM_ADDR_BOUND.
When the cmid is eventually destroyed cma_cancel_listens() is not called due to the wrong state, however the per-device IDs are still holding the refcount preventing the ID from being destroyed, thus deadlocking:
task:rping state:D stack: 0 pid:19605 ppid: 47036 flags:0x00000084 Call Trace: __schedule+0x29a/0x780 ? free_unref_page_commit+0x9b/0x110 schedule+0x3c/0xa0 schedule_timeout+0x215/0x2b0 ? __flush_work+0x19e/0x1e0 wait_for_completion+0x8d/0xf0 _destroy_id+0x144/0x210 [rdma_cm] ucma_close_id+0x2b/0x40 [rdma_ucm] __destroy_id+0x93/0x2c0 [rdma_ucm] ? __xa_erase+0x4a/0xa0 ucma_destroy_id+0x9a/0x120 [rdma_ucm] ucma_write+0xb8/0x130 [rdma_ucm] vfs_write+0xb4/0x250 ksys_write+0xb5/0xd0 ? syscall_trace_enter.isra.19+0x123/0x190 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9
Ensure that cma_listen_on_all() atomically unwinds its action under the lock during error.
{
"affected": [],
"aliases": [
"CVE-2021-47392"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure\n\nIf cma_listen_on_all() fails it leaves the per-device ID still on the\nlisten_list but the state is not set to RDMA_CM_ADDR_BOUND.\n\nWhen the cmid is eventually destroyed cma_cancel_listens() is not called\ndue to the wrong state, however the per-device IDs are still holding the\nrefcount preventing the ID from being destroyed, thus deadlocking:\n\n task:rping state:D stack: 0 pid:19605 ppid: 47036 flags:0x00000084\n Call Trace:\n __schedule+0x29a/0x780\n ? free_unref_page_commit+0x9b/0x110\n schedule+0x3c/0xa0\n schedule_timeout+0x215/0x2b0\n ? __flush_work+0x19e/0x1e0\n wait_for_completion+0x8d/0xf0\n _destroy_id+0x144/0x210 [rdma_cm]\n ucma_close_id+0x2b/0x40 [rdma_ucm]\n __destroy_id+0x93/0x2c0 [rdma_ucm]\n ? __xa_erase+0x4a/0xa0\n ucma_destroy_id+0x9a/0x120 [rdma_ucm]\n ucma_write+0xb8/0x130 [rdma_ucm]\n vfs_write+0xb4/0x250\n ksys_write+0xb5/0xd0\n ? syscall_trace_enter.isra.19+0x123/0x190\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nEnsure that cma_listen_on_all() atomically unwinds its action under the\nlock during error.",
"id": "GHSA-3vpw-pw66-4mjh",
"modified": "2025-09-23T21:30:53Z",
"published": "2024-05-21T15:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47392"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3f4e68902d2e545033c80d7ad62fd9a439e573f4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca465e1f1f9b38fe916a36f7d80c5d25f2337c81"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e56a5146ef8cb51cd7c9e748267dce7564448a35"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3VX9-MV3R-VFGR
Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-11-12 21:30In the Linux kernel, the following vulnerability has been resolved:
thunderbolt: Fix memory leak in margining
Memory for the usb4->margining needs to be relased for the upstream port of the router as well, even though the debugfs directory gets released with the router device removal. Fix this.
{
"affected": [],
"aliases": [
"CVE-2023-53050"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-02T16:15:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Fix memory leak in margining\n\nMemory for the usb4-\u003emargining needs to be relased for the upstream port\nof the router as well, even though the debugfs directory gets released\nwith the router device removal. Fix this.",
"id": "GHSA-3vx9-mv3r-vfgr",
"modified": "2025-11-12T21:30:59Z",
"published": "2025-05-02T18:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53050"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b357b360e671688f9bf38ff94300515b68bc247"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/acec726473822bc6b585961f4ca2a11fa7f28341"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f390095bbd131ec2dfb29792d9f6fd0f0656bfc0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.