Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-911 (引用计数的更新不恰当) — Vulnerability Class 10

10 vulnerabilities classified as CWE-911 (引用计数的更新不恰当). AI Chinese analysis included.

CWE-911 represents a memory management weakness where a software product fails to correctly maintain the reference count for a shared resource, such as memory or file handles. This flaw typically arises when developers increment the count upon acquiring a reference but neglect to decrement it during release, or vice versa. Attackers exploit this inconsistency to trigger memory leaks, causing the application to consume excessive system resources and eventually crash, or to induce premature deallocation leading to use-after-free vulnerabilities that enable arbitrary code execution. To prevent this, developers must rigorously implement symmetric reference counting logic, ensuring every acquisition has a corresponding release. Utilizing automated static analysis tools and adhering to strict coding standards that enforce balanced reference manipulation can significantly mitigate the risk of improper updates and ensure stable resource lifecycle management.

MITRE CWE Description
The product uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count. Reference counts can be used when tracking how many objects contain a reference to a particular resource, such as in memory management or garbage collection. When the reference count reaches zero, the resource can be de-allocated or reused because there are no more objects that use it. If the reference count accidentally reaches zero, then the resource might be released too soon, even though it is still in use. If all objects no longer use the resource, but the reference count is not zero, then the resource might not ever be released.
Common Consequences (2)
AvailabilityDoS: Resource Consumption (Memory), DoS: Resource Consumption (Other)
An adversary that can cause a resource counter to become inaccurate may be able to create situations where resources are not accounted for and not released, thus causing resources to become scarce for future needs.
AvailabilityDoS: Crash, Exit, or Restart
An adversary that can cause a resource counter to become inaccurate may be able to force an error that causes the product to crash or exit out of its current operation.
CVE IDTitleCVSSSeverityPublished
CVE-2024-45783 Grub2: fs/hfs+: refcount can be decremented twice 4.4 Medium2025-02-18
CVE-2024-46972 GPU DDK - Security: Reference count overflow in pvr_sync_rollback_export_fence — Graphics DDK 7.8 -2024-12-28
CVE-2023-5633 Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling — Red Hat Enterprise Linux 8 7.8 High2023-10-23
CVE-2023-2019 Linux kernel 安全漏洞 — Linux kernel's netdevsim device driver 5.5 -2023-04-24
CVE-2020-11935 aufs: improperly managed inode reference counts in the vfsub_dentry_open() method — Linux kernel (aufs filesystem module) 4.4 Medium2023-04-07
CVE-2022-37012 Unified Automation OPC UA C++Demo Server 安全漏洞 — OPC UA C++ Demo Server 7.5 -2023-03-29
CVE-2023-22394 Junos OS: SRX Series and MX Series: Memory leak due to receipt of specially crafted SIP calls — Junos OS 7.5 High2023-01-12
CVE-2022-1678 Linux kernel 安全漏洞 — kernel 5.9 Medium2022-05-25
CVE-2022-29581 Linux kernel 安全漏洞 — Kernel 7.8 High2022-05-17
CVE-2022-22195 Junos OS Evolved: Specific packets reaching the RE lead to a counter overflow and eventually a crash — Junos OS Evolved 7.5 High2022-04-14

Vulnerabilities classified as CWE-911 (引用计数的更新不恰当) represent 10 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.