Total
1555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-50389 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
In crb_acpi_add(), we get the TPM2 table to retrieve information
like start method, and then assign them to the priv data, so the
TPM2 table is not used after the init, should be freed, call
acpi_put_table() to fix the memory leak.
|
|||||
| CVE-2022-50387 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net: hinic: fix the issue of CMDQ memory leaks
When hinic_set_cmdq_depth() fails in hinic_init_cmdqs(), the cmdq memory is
not released correctly. Fix it.
|
|||||
| CVE-2022-50376 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
When insert and remove the orangefs module, there are memory leaked
as below:
unreferenced object 0xffff88816b0cc000 (size 2048):
comm "insmod", pid 783, jiffies 4294813439 (age 65.512s)
hex dump (first 32 bytes):
6e 6f 6e 65 0a 00 00 00 00 00 00 00 00 00 00 00 none............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backt ...
Show More |
|||||
| CVE-2022-50372 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix memory leak when build ntlmssp negotiate blob failed
There is a memory leak when mount cifs:
unreferenced object 0xffff888166059600 (size 448):
comm "mount.cifs", pid 51391, jiffies 4295596373 (age 330.596s)
hex dump (first 32 bytes):
fe 53 4d 42 40 00 00 00 00 00 00 00 01 00 82 00 .SMB@...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000 ...
Show More |
|||||
| CVE-2022-50357 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: core: fix some leaks in probe
The dwc3_get_properties() function calls:
dwc->usb_psy = power_supply_get_by_name(usb_psy_name);
so there is some additional clean up required on these error paths.
|
|||||
| CVE-2022-50355 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
staging: vt6655: fix some erroneous memory clean-up loops
In some initialization functions of this driver, memory is allocated with
'i' acting as an index variable and increasing from 0. The commit in
"Fixes" introduces some clean-up codes in case of allocation failure,
which free memory in reverse order with 'i' decreasing to 0. However,
there are some problems:
- The case i=0 is left out. Thus memory is leaked.
- In case ...
Show More |
|||||
| CVE-2022-50352 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net: hns: fix possible memory leak in hnae_ae_register()
Inject fault while probing module, if device_register() fails,
but the refcount of kobject is not decreased to 0, the name
allocated in dev_set_name() is leaked. Fix this by calling
put_device(), so that name can be freed in callback function
kobject_cleanup().
unreferenced object 0xffff00c01aba2100 (size 128):
comm "systemd-udevd", pid 1259, jiffies 4294903284 (age 2 ...
Show More |
|||||
| CVE-2022-50351 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix xid leak in cifs_create()
If the cifs already shutdown, we should free the xid before return,
otherwise, the xid will be leaked.
|
|||||
| CVE-2022-50349 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
If device_register() returns error in tifm_7xx1_switch_media(),
name of kobject which is allocated in dev_set_name() called in device_add()
is leaked.
Never directly free @dev after calling device_register(), even
if it returned an error! Always use put_device() to give up the
reference initialized.
|
|||||
| CVE-2022-50348 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
nfsd: Fix a memory leak in an error handling path
If this memdup_user() call fails, the memory allocated in a previous call
a few lines above should be freed. Otherwise it leaks.
|
|||||
| CVE-2022-50343 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
rapidio: fix possible name leaks when rio_add_device() fails
Patch series "rapidio: fix three possible memory leaks".
This patchset fixes three name leaks in error handling.
- patch #1 fixes two name leaks while rio_add_device() fails.
- patch #2 fixes a name leak while rio_register_mport() fails.
This patch (of 2):
If rio_add_device() returns error, the name allocated by dev_set_name()
need be freed. It should use put ...
Show More |
|||||
| CVE-2022-50342 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
floppy: Fix memory leak in do_floppy_init()
A memory leak was reported when floppy_alloc_disk() failed in
do_floppy_init().
unreferenced object 0xffff888115ed25a0 (size 8):
comm "modprobe", pid 727, jiffies 4295051278 (age 25.529s)
hex dump (first 8 bytes):
00 ac 67 5b 81 88 ff ff ..g[....
backtrace:
[<000000007f457abb>] __kmalloc_node+0x4c/0xc0
[<00000000a87bfa9e>] blk_mq_realloc_ta ...
Show More |
|||||
| CVE-2018-0158 | 2 Cisco, Rockwellautomation | 12 Asr 1001-hx, Asr 1001-x, Asr 1002-hx and 9 more | 2026-01-14 | 7.8 HIGH | 8.6 HIGH |
|
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause a ...
Show More |
|||||
| CVE-2025-39890 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event
Currently, in ath12k_service_ready_ext_event(), svc_rdy_ext.mac_phy_caps
is not freed in the failure case, causing a memory leak. The following
trace is observed in kmemleak:
unreferenced object 0xffff8b3eb5789c00 (size 1024):
comm "softirq", pid 0, jiffies 4294942577
hex dump (first 32 bytes):
00 00 00 00 01 00 00 00 00 00 00 00 7b 00 00 10 ............{.. ...
Show More |
|||||
| CVE-2023-53255 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool()
svc_create_memory_pool() is only called from stratix10_svc_drv_probe().
Most of resources in the probe are managed, but not this memremap() call.
There is also no memunmap() call in the file.
So switch to devm_memremap() to avoid a resource leak.
|
|||||
| CVE-2023-53249 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe
Use devm_of_iomap() instead of of_iomap() to automatically handle
the unused ioremap region.
If any error occurs, regions allocated by kzalloc() will leak,
but using devm_kzalloc() instead will automatically free the memory
using devm_kfree().
|
|||||
| CVE-2023-53241 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
nfsd: call op_release, even when op_func returns an error
For ops with "trivial" replies, nfsd4_encode_operation will shortcut
most of the encoding work and skip to just marshalling up the status.
One of the things it skips is calling op_release. This could cause a
memory leak in the layoutget codepath if there is an error at an
inopportune time.
Have the compound processing engine always call op_release, even when
op_func se ...
Show More |
|||||
| CVE-2023-53234 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
watchdog: Fix kmemleak in watchdog_cdev_register
kmemleak reports memory leaks in watchdog_dev_register, as follows:
unreferenced object 0xffff888116233000 (size 2048):
comm ""modprobe"", pid 28147, jiffies 4353426116 (age 61.741s)
hex dump (first 32 bytes):
80 fa b9 05 81 88 ff ff 08 30 23 16 81 88 ff ff .........0#.....
08 30 23 16 81 88 ff ff 00 00 00 00 00 00 00 00 .0#.............
backtrace:
[<00000000 ...
Show More |
|||||
| CVE-2023-53230 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix warning in cifs_smb3_do_mount()
This fixes the following warning reported by kernel test robot
fs/smb/client/cifsfs.c:982 cifs_smb3_do_mount() warn: possible
memory leak of 'cifs_sb'
|
|||||
| CVE-2023-53225 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
spi: imx: Don't skip cleanup in remove's error path
Returning early in a platform driver's remove callback is wrong. In this
case the dma resources are not released in the error path. this is never
retried later and so this is a permanent leak. To fix this, only skip
hardware disabling if waking the device fails.
|
|||||
| CVE-2023-53224 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ext4: Fix function prototype mismatch for ext4_feat_ktype
With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),
indirect call targets are validated against the expected function
pointer prototype to make sure the call target is valid to help mitigate
ROP attacks. If they are not identical, there is a failure at run time,
which manifests as either a kernel panic or thread getting killed.
ext4_feat_ktype was sett ...
Show More |
|||||
| CVE-2023-53221 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix memleak due to fentry attach failure
If it fails to attach fentry, the allocated bpf trampoline image will be
left in the system. That can be verified by checking /proc/kallsyms.
This meamleak can be verified by a simple bpf program as follows:
SEC("fentry/trap_init")
int fentry_run()
{
return 0;
}
It will fail to attach trap_init because this function is freed after
kernel init, and then we can find ...
Show More |
|||||
| CVE-2023-53211 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
driver core: location: Free struct acpi_pld_info *pld before return false
struct acpi_pld_info *pld should be freed before the return of allocation
failure, to prevent memory leak, add the ACPI_FREE() to fix it.
|
|||||
| CVE-2022-50424 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7921: resource leaks at mt7921_check_offload_capability()
Fixed coverity issue with resource leaks at variable "fw" going out of
scope leaks the storage it points to mt7921_check_offload_capability().
Addresses-Coverity-ID: 1527806 ("Resource leaks")
|
|||||
| CVE-2022-50420 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
crypto: hisilicon/hpre - fix resource leak in remove process
In hpre_remove(), when the disable operation of qm sriov failed,
the following logic should continue to be executed to release the
remaining resources that have been allocated, instead of returning
directly, otherwise there will be resource leakage.
|
|||||
| CVE-2026-21674 | 1 Color | 1 Iccdev | 2026-01-12 | N/A | 3.3 LOW |
|
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path (iccFromXml). This issue is fixed in version 2.3.1.1.
|
|||||
| CVE-2025-39756 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-09 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
fs: Prevent file descriptor table allocations exceeding INT_MAX
When sysctl_nr_open is set to a very high value (for example, 1073741816
as set by systemd), processes attempting to use file descriptors near
the limit can trigger massive memory allocation attempts that exceed
INT_MAX, resulting in a WARNING in mm/slub.c:
WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288
This happens because kvmall ...
Show More |
|||||
| CVE-2025-38546 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
atm: clip: Fix memory leak of struct clip_vcc.
ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to
vcc->user_back.
The code assumes that vcc_destroy_socket() passes NULL skb
to vcc->push() when the socket is close()d, and then clip_push()
frees clip_vcc.
However, ioctl(ATMARPD_CTRL) sets NULL to vcc->push() in
atm_init_atmarp(), resulting in memory leak.
Let's serialise two ioctl() by lock_sock() and check vcc->push( ...
Show More |
|||||
| CVE-2025-38612 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc()
In the error paths after fb_info structure is successfully allocated,
the memory allocated in fb_deferred_io_init() for info->pagerefs is not
freed. Fix that by adding the cleanup function on the error path.
|
|||||
| CVE-2023-5349 | 2 Fedoraproject, Rmagick | 2 Fedora, Rmagick | 2026-01-05 | N/A | 5.3 MEDIUM |
|
A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.
|
|||||
| CVE-2025-64329 | 1 Linuxfoundation | 1 Containerd | 2025-12-31 | N/A | 5.5 MEDIUM |
|
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.
|
|||||
| CVE-2022-49949 | 1 Linux | 1 Linux Kernel | 2025-12-31 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
firmware_loader: Fix memory leak in firmware upload
In the case of firmware-upload, an instance of struct fw_upload is
allocated in firmware_upload_register(). This data needs to be freed
in fw_dev_release(). Create a new fw_upload_free() function in
sysfs_upload.c to handle the firmware-upload specific memory frees
and incorporate the missing kfree call for the fw_upload structure.
|
|||||
| CVE-2025-38410 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-23 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: Fix a fence leak in submit error path
In error paths, we could unref the submit without calling
drm_sched_entity_push_job(), so msm_job_free() will never get
called. Since drm_sched_job_cleanup() will NULL out the
s_fence, we can use that to detect this case.
Patchwork: https://patchwork.freedesktop.org/patch/653584/
|
|||||
| CVE-2025-38409 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-23 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: Fix another leak in the submit error path
put_unused_fd() doesn't free the installed file, if we've already done
fd_install(). So we need to also free the sync_file.
Patchwork: https://patchwork.freedesktop.org/patch/653583/
|
|||||
| CVE-2024-35877 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-23 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
x86/mm/pat: fix VM_PAT handling in COW mappings
PAT handling won't do the right thing in COW mappings: the first PTE (or,
in fact, all PTEs) can be replaced during write faults to point at anon
folios. Reliably recovering the correct PFN and cachemode using
follow_phys() from PTEs will not work in COW mappings.
Using follow_phys(), we might just get the address+protection of the anon
folio (which is very wrong), or fail on s ...
Show More |
|||||
| CVE-2024-35879 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-23 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
In the following sequence:
1) of_platform_depopulate()
2) of_overlay_remove()
During the step 1, devices are destroyed and devlinks are removed.
During the step 2, OF nodes are destroyed but
__of_changeset_entry_destroy() can raise warnings related to missing
of_node_put():
ERROR: memory leak, expected refcount 1 instead of 2 ...
Indeed, during t ...
Show More |
|||||
| CVE-2025-38418 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-23 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: core: Release rproc->clean_table after rproc_attach() fails
When rproc->state = RPROC_DETACHED is attached to remote processor
through rproc_attach(), if rproc_handle_resources() returns failure,
then the clean table should be released, otherwise the following
memory leak will occur.
unreferenced object 0xffff000086a99800 (size 1024):
comm "kworker/u12:3", pid 59, jiffies 4294893670 (age 121.140s)
hex dump (first ...
Show More |
|||||
| CVE-2025-38419 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-23 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach()
When rproc->state = RPROC_DETACHED and rproc_attach() is used
to attach to the remote processor, if rproc_handle_resources()
returns a failure, the resources allocated by imx_rproc_prepare()
should be released, otherwise the following memory leak will occur.
Since almost the same thing is done in imx_rproc_prepare() and
rproc_re ...
Show More |
|||||
| CVE-2024-27417 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-23 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
It seems that if userspace provides a correct IFA_TARGET_NETNSID value
but no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr()
returns -EINVAL with an elevated "struct net" refcount.
|
|||||
| CVE-2023-52670 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-23 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
rpmsg: virtio: Free driver_override when rpmsg_remove()
Free driver_override when rpmsg_remove(), otherwise
the following memory leak will occur:
unreferenced object 0xffff0000d55d7080 (size 128):
comm "kworker/u8:2", pid 56, jiffies 4294893188 (age 214.272s)
hex dump (first 32 bytes):
72 70 6d 73 67 5f 6e 73 00 00 00 00 00 00 00 00 rpmsg_ns........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ............... ...
Show More |
|||||