Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-WJ8J-2WHQ-P9MJ

Vulnerability from github – Published: 2025-10-17 15:31 – Updated: 2025-10-17 15:31
VLAI
Details

radare2 v5.9.8 and before contains a memory leak in the function bochs_open.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-60361"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-17T15:15:39Z",
    "severity": "LOW"
  },
  "details": "radare2 v5.9.8 and before contains a memory leak in the function bochs_open.",
  "id": "GHSA-wj8j-2whq-p9mj",
  "modified": "2025-10-17T15:31:02Z",
  "published": "2025-10-17T15:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60361"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radareorg/radare2/pull/24312"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WJQC-3M5Q-798M

Vulnerability from github – Published: 2025-05-06 09:31 – Updated: 2025-05-06 09:31
VLAI
Details

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-22886"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-06T09:15:24Z",
    "severity": "LOW"
  },
  "details": "in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.",
  "id": "GHSA-wjqc-3m5q-798m",
  "modified": "2025-05-06T09:31:34Z",
  "published": "2025-05-06T09:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22886"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-05.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WJRJ-6RQP-WH2C

Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-01 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()

Sashiko points out that mlx4_srq_alloc() was not undone during error unwind, add the missing call to mlx4_srq_free().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46178"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-28T10:16:33Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()\n\nSashiko points out that mlx4_srq_alloc() was not undone during error\nunwind, add the missing call to mlx4_srq_free().",
  "id": "GHSA-wjrj-6rqp-wh2c",
  "modified": "2026-06-01T18:31:40Z",
  "published": "2026-05-28T12:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46178"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0be6ae614ca7fa53e7389e3c7462ed20abbd4192"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0dbd619716fb07b7de1acd64fec673ee6e1adde7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/388617f44d81604a760742a0b5de292d411e63e3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/53fd4c03558672ccb167754fbacbf045c7ab335c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5b3b220d54e6a3d77380cb7caa1ef79cb8f4fc94"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c54c7e4cb679c0aaa1cb489b9c3f2cd98e63a44c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c5dc30da990045105c9762248d23076223e7878a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e01b8c9286c470b71a38acd320106f2c4f2826a1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WM27-9PVG-GQ5H

Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2025-11-04 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/exynos/vidi: fix memory leak in .get_modes()

The duplicated EDID is never freed. Fix it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-40932"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-12T13:15:15Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos/vidi: fix memory leak in .get_modes()\n\nThe duplicated EDID is never freed. Fix it.",
  "id": "GHSA-wm27-9pvg-gq5h",
  "modified": "2025-11-04T00:30:54Z",
  "published": "2024-07-12T15:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40932"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0acc356da8546b5c55aabfc2e2c5caa0ac9b0003"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/38e3825631b1f314b21e3ade00b5a4d737eb054e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/540ca99729e28dbe902b01039a3b4bd74520a819"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/777838c9b571674ef14dbddf671f372265879226"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a269c5701244db2722ae0fce5d1854f5d8f31224"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cb3ac233434dba130281db330c4b15665b2d2c4d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dcba6bedb439581145d8aa6b0925209f23184ae1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ebcf81504fef03f701b9711e43fea4fe2d82ebc8"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WMVJ-JGW2-92M9

Vulnerability from github – Published: 2022-06-18 00:00 – Updated: 2022-06-28 00:00
VLAI
Details

Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavior.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-41490"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-17T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavior.",
  "id": "GHSA-wmvj-jgw2-92m9",
  "modified": "2022-06-28T00:00:43Z",
  "published": "2022-06-18T00:00:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41490"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ompl/ompl/issues/833"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WMVM-658G-PPFX

Vulnerability from github – Published: 2026-04-03 18:31 – Updated: 2026-04-23 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/vmwgfx: Don't overwrite KMS surface dirty tracker

We were overwriting the surface's dirty tracker here causing a memory leak.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23430"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-03T16:16:24Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Don\u0027t overwrite KMS surface dirty tracker\n\nWe were overwriting the surface\u0027s dirty tracker here causing a memory leak.",
  "id": "GHSA-wmvm-658g-ppfx",
  "modified": "2026-04-23T21:31:18Z",
  "published": "2026-04-03T18:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23430"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/354c8bbf8d1e4aa61e580dbe160591feda504e4f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3f300a41a3668095688aa4551214e8080829fa93"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c6cb77c474a32265e21c4871c7992468bf5e7638"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WPC3-48HJ-VQGF

Vulnerability from github – Published: 2025-03-27 18:31 – Updated: 2025-04-14 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

cifs: fix potential memory leaks in session setup

Make sure to free cifs_ses::auth_key.response before allocating it as we might end up leaking memory in reconnect or mounting.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53008"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-27T17:15:49Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential memory leaks in session setup\n\nMake sure to free cifs_ses::auth_key.response before allocating it as\nwe might end up leaking memory in reconnect or mounting.",
  "id": "GHSA-wpc3-48hj-vqgf",
  "modified": "2025-04-14T21:32:23Z",
  "published": "2025-03-27T18:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53008"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2fe58d977ee05da5bb89ef5dc4f5bf2dc15db46f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/893d45394dbe4b5cbf3723c19e2ccc8b93a6ac9b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WPCP-36GF-6GXQ

Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-10-07 18:15
VLAI
Details

A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-25704"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-02T01:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.",
  "id": "GHSA-wpcp-36gf-6gxq",
  "modified": "2022-10-07T18:15:55Z",
  "published": "2022-05-24T17:35:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25704"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895961"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7bdb157cdebbf95a1cd94ed2e01b338714075d00"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2020/11/09/1"
    },
    {
      "type": "WEB",
      "url": "https://www.starwindsoftware.com/security/sw-20220802-0003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WPFJ-9Q2G-67MP

Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22
VLAI
Details

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-7732"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-11T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.",
  "id": "GHSA-wpfj-9q2g-67mp",
  "modified": "2022-05-13T01:22:54Z",
  "published": "2022-05-13T01:22:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7732"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rgaufman/live555/issues/20"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WPG4-GG33-JQW3

Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-05-24 17:01
VLAI
Details

A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19069"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-18T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.",
  "id": "GHSA-wpg4-gg33-jqw3",
  "modified": "2022-05-24T17:01:31Z",
  "published": "2022-05-24T17:01:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19069"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20191205-0001"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4208-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.