CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-RHWJ-4J44-629J
Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-11-12 21:31In the Linux kernel, the following vulnerability has been resolved:
net: usb: lan78xx: Limit packet length to skb->len
Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents.
Additionally prevent integer underflow when size is less than ETH_FCS_LEN.
{
"affected": [],
"aliases": [
"CVE-2023-53068"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-02T16:15:25Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: Limit packet length to skb-\u003elen\n\nPacket length retrieved from descriptor may be larger than\nthe actual socket buffer length. In such case the cloned\nskb passed up the network stack will leak kernel memory contents.\n\nAdditionally prevent integer underflow when size is less than\nETH_FCS_LEN.",
"id": "GHSA-rhwj-4j44-629j",
"modified": "2025-11-12T21:31:00Z",
"published": "2025-05-02T18:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53068"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/44b9ed73369fc5ec85dd2ee487e986301792a82d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7f247f5a2c18b3f21206cdd51193df4f38e1b9f5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/83de34967473ed31d276381373713cc2869a42e5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RHX4-7VF5-J6RW
Vulnerability from github – Published: 2024-11-08 06:30 – Updated: 2024-12-11 18:30In the Linux kernel, the following vulnerability has been resolved:
ice: fix memleak in ice_init_tx_topology()
Fix leak of the FW blob (DDP pkg).
Make ice_cfg_tx_topo() const-correct, so ice_init_tx_topology() can avoid copying whole FW blob. Copy just the topology section, and only when needed. Reuse the buffer allocated for the read of the current topology.
This was found by kmemleak, with the following trace for each PF: [] kmemdup_noprof+0x1d/0x50 [] ice_init_ddp_config+0x100/0x220 [ice] [] ice_init_dev+0x6f/0x200 [ice] [] ice_init+0x29/0x560 [ice] [] ice_probe+0x21d/0x310 [ice]
Constify ice_cfg_tx_topo() @buf parameter. This cascades further down to few more functions.
{
"affected": [],
"aliases": [
"CVE-2024-50190"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-08T06:15:15Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix memleak in ice_init_tx_topology()\n\nFix leak of the FW blob (DDP pkg).\n\nMake ice_cfg_tx_topo() const-correct, so ice_init_tx_topology() can avoid\ncopying whole FW blob. Copy just the topology section, and only when\nneeded. Reuse the buffer allocated for the read of the current topology.\n\nThis was found by kmemleak, with the following trace for each PF:\n [\u003cffffffff8761044d\u003e] kmemdup_noprof+0x1d/0x50\n [\u003cffffffffc0a0a480\u003e] ice_init_ddp_config+0x100/0x220 [ice]\n [\u003cffffffffc0a0da7f\u003e] ice_init_dev+0x6f/0x200 [ice]\n [\u003cffffffffc0a0dc49\u003e] ice_init+0x29/0x560 [ice]\n [\u003cffffffffc0a10c1d\u003e] ice_probe+0x21d/0x310 [ice]\n\nConstify ice_cfg_tx_topo() @buf parameter.\nThis cascades further down to few more functions.",
"id": "GHSA-rhx4-7vf5-j6rw",
"modified": "2024-12-11T18:30:37Z",
"published": "2024-11-08T06:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50190"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/43544b4e30732c3d88f423252281915d5bc739b6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c188afdc36113760873ec78cbc036f6b05f77621"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RHXX-5274-W2GP
Vulnerability from github – Published: 2023-05-31 21:31 – Updated: 2024-04-04 04:26mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp
{
"affected": [],
"aliases": [
"CVE-2023-33718"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-31T19:15:26Z",
"severity": "HIGH"
},
"details": "mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp",
"id": "GHSA-rhxx-5274-w2gp",
"modified": "2024-04-04T04:26:37Z",
"published": "2023-05-31T21:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33718"
},
{
"type": "WEB",
"url": "https://github.com/enzo1982/mp4v2/issues/37"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RJMR-3P2X-VR92
Vulnerability from github – Published: 2025-03-10 21:31 – Updated: 2025-03-10 21:31In the Linux kernel, the following vulnerability has been resolved:
crypto: qat - fix memory leak in RSA
When an RSA key represented in form 2 (as defined in PKCS #1 V2.1) is used, some components of the private key persist even after the TFM is released. Replace the explicit calls to free the buffers in qat_rsa_exit_tfm() with a call to qat_rsa_clear_ctx() which frees all buffers referenced in the TFM context.
{
"affected": [],
"aliases": [
"CVE-2022-49566"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:32Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - fix memory leak in RSA\n\nWhen an RSA key represented in form 2 (as defined in PKCS #1 V2.1) is\nused, some components of the private key persist even after the TFM is\nreleased.\nReplace the explicit calls to free the buffers in qat_rsa_exit_tfm()\nwith a call to qat_rsa_clear_ctx() which frees all buffers referenced in\nthe TFM context.",
"id": "GHSA-rjmr-3p2x-vr92",
"modified": "2025-03-10T21:31:10Z",
"published": "2025-03-10T21:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49566"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0f967fdc09955221a1951a279481b0bf4d359941"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/80a52e1ee7757b742f96bfb0d58f0c14eb6583d0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a843925e0287eebb4aa808666bf22c664dfe4c53"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RJP2-R49Q-CQXH
Vulnerability from github – Published: 2026-03-04 18:31 – Updated: 2026-03-04 18:31A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of service (DoS) condition requiring a manual reboot.
This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a DoS condition.
{
"affected": [],
"aliases": [
"CVE-2026-20106"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-04T18:16:26Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of service (DoS) condition requiring a manual reboot.\n\n This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a DoS condition.",
"id": "GHSA-rjp2-r49q-cqxh",
"modified": "2026-03-04T18:31:56Z",
"published": "2026-03-04T18:31:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20106"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-m9sx6MbC"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-RMFH-6VX9-X965
Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-12 18:30In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix memory leak in mes self test
The fences associated with mes queue have to be freed up during amdgpu_ring_fini.
{
"affected": [],
"aliases": [
"CVE-2023-53370"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T14:15:39Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix memory leak in mes self test\n\nThe fences associated with mes queue have to be freed\nup during amdgpu_ring_fini.",
"id": "GHSA-rmfh-6vx9-x965",
"modified": "2025-12-12T18:30:28Z",
"published": "2025-09-18T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53370"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/31d7c3a4fc3d312a0646990767647925d5bde540"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8d8c96efcec95736622381b2afc0fe9e317f88aa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ce3288d8d654b252ba832626e7de481c195ef20a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RPMC-M7XH-8763
Vulnerability from github – Published: 2026-02-04 18:30 – Updated: 2026-03-18 15:30In the Linux kernel, the following vulnerability has been resolved:
gpio: cdev: Fix resource leaks on errors in lineinfo_changed_notify()
On error handling paths, lineinfo_changed_notify() doesn't free the allocated resources which results leaks. Fix it.
{
"affected": [],
"aliases": [
"CVE-2026-23079"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-04T17:16:18Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: cdev: Fix resource leaks on errors in lineinfo_changed_notify()\n\nOn error handling paths, lineinfo_changed_notify() doesn\u0027t free the\nallocated resources which results leaks. Fix it.",
"id": "GHSA-rpmc-m7xh-8763",
"modified": "2026-03-18T15:30:39Z",
"published": "2026-02-04T18:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23079"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/16414341b0dd58b650b5df45c79115bc5977bb76"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/70b3c280533167749a8f740acaa8ef720f78f984"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RPQM-WQWM-759W
Vulnerability from github – Published: 2026-05-28 21:32 – Updated: 2026-05-28 21:32Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by an unprivileged local user. The memory leak could lead to resource exhaustion.
{
"affected": [],
"aliases": [
"CVE-2026-47326"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T19:16:40Z",
"severity": "MODERATE"
},
"details": "Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by an unprivileged local user. The memory leak could lead to resource exhaustion.",
"id": "GHSA-rpqm-wqwm-759w",
"modified": "2026-05-28T21:32:02Z",
"published": "2026-05-28T21:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47326"
},
{
"type": "WEB",
"url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=8d858ecb7e2e216ca2987302a04c266f2355fefe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RPVG-7W65-9G7P
Vulnerability from github – Published: 2026-04-10 00:30 – Updated: 2026-04-10 00:30A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory leak, that will eventually cause a complete Denial-of-Service (DoS).
In a DHCPv6 over PPPoE, or DHCPv6 over VLAN with Active lease query or Bulk lease query scenario, every subscriber logout will leak a small amount of memory. When all available memory has been exhausted, jdhcpd will crash and restart which causes a complete service impact until the process has recovered.
The memory usage of jdhcpd can be monitored with:
user@host> show system processes extensive | match jdhcpd
This issue affects Junos OS:
- all versions before 22.4R3-S1,
- 23.2 versions before 23.2R2,
- 23.4 versions before 23.4R2.
{
"affected": [],
"aliases": [
"CVE-2026-33782"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-09T22:16:27Z",
"severity": "HIGH"
},
"details": "A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory leak, that will eventually cause a complete Denial-of-Service (DoS).\n\nIn a DHCPv6 over PPPoE, or\u00a0DHCPv6 over VLAN\u00a0with Active lease query or Bulk lease query scenario, every subscriber logout will leak a small amount of memory. When all available memory has been exhausted, jdhcpd will crash and restart which causes a complete service impact until the process has recovered.\n\nThe memory usage of jdhcpd can be monitored with:\n\nuser@host\u003e show system processes extensive | match jdhcpd\n\n\n\nThis issue affects Junos OS:\n\n * all versions before 22.4R3-S1,\n * 23.2 versions before 23.2R2,\n * 23.4 versions before 23.4R2.",
"id": "GHSA-rpvg-7w65-9g7p",
"modified": "2026-04-10T00:30:29Z",
"published": "2026-04-10T00:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33782"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA107820"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-RR47-VPR9-84RM
Vulnerability from github – Published: 2024-04-10 21:30 – Updated: 2025-03-27 21:31In the Linux kernel, the following vulnerability has been resolved:
hugetlb, userfaultfd: fix reservation restore on userfaultfd error
Currently in the is_continue case in hugetlb_mcopy_atomic_pte(), if we bail out using "goto out_release_unlock;" in the cases where idx >= size, or !huge_pte_none(), the code will detect that new_pagecache_page == false, and so call restore_reserve_on_error(). In this case I see restore_reserve_on_error() delete the reservation, and the following call to remove_inode_hugepages() will increment h->resv_hugepages causing a 100% reproducible leak.
We should treat the is_continue case similar to adding a page into the pagecache and set new_pagecache_page to true, to indicate that there is no reservation to restore on the error path, and we need not call restore_reserve_on_error(). Rename new_pagecache_page to page_in_pagecache to make that clear.
{
"affected": [],
"aliases": [
"CVE-2021-47214"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-10T19:15:48Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhugetlb, userfaultfd: fix reservation restore on userfaultfd error\n\nCurrently in the is_continue case in hugetlb_mcopy_atomic_pte(), if we\nbail out using \"goto out_release_unlock;\" in the cases where idx \u003e=\nsize, or !huge_pte_none(), the code will detect that new_pagecache_page\n== false, and so call restore_reserve_on_error(). In this case I see\nrestore_reserve_on_error() delete the reservation, and the following\ncall to remove_inode_hugepages() will increment h-\u003eresv_hugepages\ncausing a 100% reproducible leak.\n\nWe should treat the is_continue case similar to adding a page into the\npagecache and set new_pagecache_page to true, to indicate that there is\nno reservation to restore on the error path, and we need not call\nrestore_reserve_on_error(). Rename new_pagecache_page to\npage_in_pagecache to make that clear.",
"id": "GHSA-rr47-vpr9-84rm",
"modified": "2025-03-27T21:31:08Z",
"published": "2024-04-10T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47214"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b5069d44e2fbc4a9093d005b3ef0949add3dd27e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cc30042df6fcc82ea18acf0dace831503e60a0b7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.