Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-RHWJ-4J44-629J

Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-11-12 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: usb: lan78xx: Limit packet length to skb->len

Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents.

Additionally prevent integer underflow when size is less than ETH_FCS_LEN.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53068"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-02T16:15:25Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: Limit packet length to skb-\u003elen\n\nPacket length retrieved from descriptor may be larger than\nthe actual socket buffer length. In such case the cloned\nskb passed up the network stack will leak kernel memory contents.\n\nAdditionally prevent integer underflow when size is less than\nETH_FCS_LEN.",
  "id": "GHSA-rhwj-4j44-629j",
  "modified": "2025-11-12T21:31:00Z",
  "published": "2025-05-02T18:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53068"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/44b9ed73369fc5ec85dd2ee487e986301792a82d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7f247f5a2c18b3f21206cdd51193df4f38e1b9f5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/83de34967473ed31d276381373713cc2869a42e5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RHX4-7VF5-J6RW

Vulnerability from github – Published: 2024-11-08 06:30 – Updated: 2024-12-11 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ice: fix memleak in ice_init_tx_topology()

Fix leak of the FW blob (DDP pkg).

Make ice_cfg_tx_topo() const-correct, so ice_init_tx_topology() can avoid copying whole FW blob. Copy just the topology section, and only when needed. Reuse the buffer allocated for the read of the current topology.

This was found by kmemleak, with the following trace for each PF: [] kmemdup_noprof+0x1d/0x50 [] ice_init_ddp_config+0x100/0x220 [ice] [] ice_init_dev+0x6f/0x200 [ice] [] ice_init+0x29/0x560 [ice] [] ice_probe+0x21d/0x310 [ice]

Constify ice_cfg_tx_topo() @buf parameter. This cascades further down to few more functions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50190"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-08T06:15:15Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix memleak in ice_init_tx_topology()\n\nFix leak of the FW blob (DDP pkg).\n\nMake ice_cfg_tx_topo() const-correct, so ice_init_tx_topology() can avoid\ncopying whole FW blob. Copy just the topology section, and only when\nneeded. Reuse the buffer allocated for the read of the current topology.\n\nThis was found by kmemleak, with the following trace for each PF:\n    [\u003cffffffff8761044d\u003e] kmemdup_noprof+0x1d/0x50\n    [\u003cffffffffc0a0a480\u003e] ice_init_ddp_config+0x100/0x220 [ice]\n    [\u003cffffffffc0a0da7f\u003e] ice_init_dev+0x6f/0x200 [ice]\n    [\u003cffffffffc0a0dc49\u003e] ice_init+0x29/0x560 [ice]\n    [\u003cffffffffc0a10c1d\u003e] ice_probe+0x21d/0x310 [ice]\n\nConstify ice_cfg_tx_topo() @buf parameter.\nThis cascades further down to few more functions.",
  "id": "GHSA-rhx4-7vf5-j6rw",
  "modified": "2024-12-11T18:30:37Z",
  "published": "2024-11-08T06:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50190"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/43544b4e30732c3d88f423252281915d5bc739b6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c188afdc36113760873ec78cbc036f6b05f77621"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RHXX-5274-W2GP

Vulnerability from github – Published: 2023-05-31 21:31 – Updated: 2024-04-04 04:26
VLAI
Details

mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33718"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-31T19:15:26Z",
    "severity": "HIGH"
  },
  "details": "mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp",
  "id": "GHSA-rhxx-5274-w2gp",
  "modified": "2024-04-04T04:26:37Z",
  "published": "2023-05-31T21:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33718"
    },
    {
      "type": "WEB",
      "url": "https://github.com/enzo1982/mp4v2/issues/37"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RJMR-3P2X-VR92

Vulnerability from github – Published: 2025-03-10 21:31 – Updated: 2025-03-10 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: qat - fix memory leak in RSA

When an RSA key represented in form 2 (as defined in PKCS #1 V2.1) is used, some components of the private key persist even after the TFM is released. Replace the explicit calls to free the buffers in qat_rsa_exit_tfm() with a call to qat_rsa_clear_ctx() which frees all buffers referenced in the TFM context.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49566"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:32Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - fix memory leak in RSA\n\nWhen an RSA key represented in form 2 (as defined in PKCS #1 V2.1) is\nused, some components of the private key persist even after the TFM is\nreleased.\nReplace the explicit calls to free the buffers in qat_rsa_exit_tfm()\nwith a call to qat_rsa_clear_ctx() which frees all buffers referenced in\nthe TFM context.",
  "id": "GHSA-rjmr-3p2x-vr92",
  "modified": "2025-03-10T21:31:10Z",
  "published": "2025-03-10T21:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49566"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f967fdc09955221a1951a279481b0bf4d359941"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/80a52e1ee7757b742f96bfb0d58f0c14eb6583d0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a843925e0287eebb4aa808666bf22c664dfe4c53"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RJP2-R49Q-CQXH

Vulnerability from github – Published: 2026-03-04 18:31 – Updated: 2026-03-04 18:31
VLAI
Details

A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of service (DoS) condition requiring a manual reboot.

This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a DoS condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20106"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-04T18:16:26Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of service (DoS) condition requiring a manual reboot.\n\n This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a DoS condition.",
  "id": "GHSA-rjp2-r49q-cqxh",
  "modified": "2026-03-04T18:31:56Z",
  "published": "2026-03-04T18:31:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20106"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-m9sx6MbC"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RMFH-6VX9-X965

Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-12 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: fix memory leak in mes self test

The fences associated with mes queue have to be freed up during amdgpu_ring_fini.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53370"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T14:15:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix memory leak in mes self test\n\nThe fences associated with mes queue have to be freed\nup during amdgpu_ring_fini.",
  "id": "GHSA-rmfh-6vx9-x965",
  "modified": "2025-12-12T18:30:28Z",
  "published": "2025-09-18T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53370"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/31d7c3a4fc3d312a0646990767647925d5bde540"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8d8c96efcec95736622381b2afc0fe9e317f88aa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ce3288d8d654b252ba832626e7de481c195ef20a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RPMC-M7XH-8763

Vulnerability from github – Published: 2026-02-04 18:30 – Updated: 2026-03-18 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

gpio: cdev: Fix resource leaks on errors in lineinfo_changed_notify()

On error handling paths, lineinfo_changed_notify() doesn't free the allocated resources which results leaks. Fix it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23079"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-04T17:16:18Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: cdev: Fix resource leaks on errors in lineinfo_changed_notify()\n\nOn error handling paths, lineinfo_changed_notify() doesn\u0027t free the\nallocated resources which results leaks.  Fix it.",
  "id": "GHSA-rpmc-m7xh-8763",
  "modified": "2026-03-18T15:30:39Z",
  "published": "2026-02-04T18:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23079"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/16414341b0dd58b650b5df45c79115bc5977bb76"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/70b3c280533167749a8f740acaa8ef720f78f984"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RPQM-WQWM-759W

Vulnerability from github – Published: 2026-05-28 21:32 – Updated: 2026-05-28 21:32
VLAI
Details

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by an unprivileged local user. The memory leak could lead to resource exhaustion.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-47326"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-28T19:16:40Z",
    "severity": "MODERATE"
  },
  "details": "Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by an unprivileged local user. The memory leak could lead to resource exhaustion.",
  "id": "GHSA-rpqm-wqwm-759w",
  "modified": "2026-05-28T21:32:02Z",
  "published": "2026-05-28T21:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47326"
    },
    {
      "type": "WEB",
      "url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=8d858ecb7e2e216ca2987302a04c266f2355fefe"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RPVG-7W65-9G7P

Vulnerability from github – Published: 2026-04-10 00:30 – Updated: 2026-04-10 00:30
VLAI
Details

A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory leak, that will eventually cause a complete Denial-of-Service (DoS).

In a DHCPv6 over PPPoE, or DHCPv6 over VLAN with Active lease query or Bulk lease query scenario, every subscriber logout will leak a small amount of memory. When all available memory has been exhausted, jdhcpd will crash and restart which causes a complete service impact until the process has recovered.

The memory usage of jdhcpd can be monitored with:

user@host> show system processes extensive | match jdhcpd

This issue affects Junos OS:

  • all versions before 22.4R3-S1,
  • 23.2 versions before 23.2R2,
  • 23.4 versions before 23.4R2.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-33782"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-09T22:16:27Z",
    "severity": "HIGH"
  },
  "details": "A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory leak, that will eventually cause a complete Denial-of-Service (DoS).\n\nIn a DHCPv6 over PPPoE, or\u00a0DHCPv6 over VLAN\u00a0with Active lease query or Bulk lease query scenario, every subscriber logout will leak a small amount of memory. When all available memory has been exhausted, jdhcpd will crash and restart which causes a complete service impact until the process has recovered.\n\nThe memory usage of jdhcpd can be monitored with:\n\nuser@host\u003e show system processes extensive | match jdhcpd\n\n\n\nThis issue affects Junos OS:\n\n  *  all versions before 22.4R3-S1,\n  *  23.2 versions before 23.2R2,\n  *  23.4 versions before 23.4R2.",
  "id": "GHSA-rpvg-7w65-9g7p",
  "modified": "2026-04-10T00:30:29Z",
  "published": "2026-04-10T00:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33782"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA107820"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-RR47-VPR9-84RM

Vulnerability from github – Published: 2024-04-10 21:30 – Updated: 2025-03-27 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

hugetlb, userfaultfd: fix reservation restore on userfaultfd error

Currently in the is_continue case in hugetlb_mcopy_atomic_pte(), if we bail out using "goto out_release_unlock;" in the cases where idx >= size, or !huge_pte_none(), the code will detect that new_pagecache_page == false, and so call restore_reserve_on_error(). In this case I see restore_reserve_on_error() delete the reservation, and the following call to remove_inode_hugepages() will increment h->resv_hugepages causing a 100% reproducible leak.

We should treat the is_continue case similar to adding a page into the pagecache and set new_pagecache_page to true, to indicate that there is no reservation to restore on the error path, and we need not call restore_reserve_on_error(). Rename new_pagecache_page to page_in_pagecache to make that clear.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47214"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-10T19:15:48Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhugetlb, userfaultfd: fix reservation restore on userfaultfd error\n\nCurrently in the is_continue case in hugetlb_mcopy_atomic_pte(), if we\nbail out using \"goto out_release_unlock;\" in the cases where idx \u003e=\nsize, or !huge_pte_none(), the code will detect that new_pagecache_page\n== false, and so call restore_reserve_on_error().  In this case I see\nrestore_reserve_on_error() delete the reservation, and the following\ncall to remove_inode_hugepages() will increment h-\u003eresv_hugepages\ncausing a 100% reproducible leak.\n\nWe should treat the is_continue case similar to adding a page into the\npagecache and set new_pagecache_page to true, to indicate that there is\nno reservation to restore on the error path, and we need not call\nrestore_reserve_on_error().  Rename new_pagecache_page to\npage_in_pagecache to make that clear.",
  "id": "GHSA-rr47-vpr9-84rm",
  "modified": "2025-03-27T21:31:08Z",
  "published": "2024-04-10T21:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47214"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b5069d44e2fbc4a9093d005b3ef0949add3dd27e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cc30042df6fcc82ea18acf0dace831503e60a0b7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.