CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-WJ8J-2WHQ-P9MJ
Vulnerability from github – Published: 2025-10-17 15:31 – Updated: 2025-10-17 15:31radare2 v5.9.8 and before contains a memory leak in the function bochs_open.
{
"affected": [],
"aliases": [
"CVE-2025-60361"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-17T15:15:39Z",
"severity": "LOW"
},
"details": "radare2 v5.9.8 and before contains a memory leak in the function bochs_open.",
"id": "GHSA-wj8j-2whq-p9mj",
"modified": "2025-10-17T15:31:02Z",
"published": "2025-10-17T15:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60361"
},
{
"type": "WEB",
"url": "https://github.com/radareorg/radare2/pull/24312"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-WJQC-3M5Q-798M
Vulnerability from github – Published: 2025-05-06 09:31 – Updated: 2025-05-06 09:31in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
{
"affected": [],
"aliases": [
"CVE-2025-22886"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-06T09:15:24Z",
"severity": "LOW"
},
"details": "in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.",
"id": "GHSA-wjqc-3m5q-798m",
"modified": "2025-05-06T09:31:34Z",
"published": "2025-05-06T09:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22886"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-05.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-WJRJ-6RQP-WH2C
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-01 18:31In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()
Sashiko points out that mlx4_srq_alloc() was not undone during error unwind, add the missing call to mlx4_srq_free().
{
"affected": [],
"aliases": [
"CVE-2026-46178"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:33Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()\n\nSashiko points out that mlx4_srq_alloc() was not undone during error\nunwind, add the missing call to mlx4_srq_free().",
"id": "GHSA-wjrj-6rqp-wh2c",
"modified": "2026-06-01T18:31:40Z",
"published": "2026-05-28T12:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46178"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0be6ae614ca7fa53e7389e3c7462ed20abbd4192"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0dbd619716fb07b7de1acd64fec673ee6e1adde7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/388617f44d81604a760742a0b5de292d411e63e3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/53fd4c03558672ccb167754fbacbf045c7ab335c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5b3b220d54e6a3d77380cb7caa1ef79cb8f4fc94"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c54c7e4cb679c0aaa1cb489b9c3f2cd98e63a44c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c5dc30da990045105c9762248d23076223e7878a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e01b8c9286c470b71a38acd320106f2c4f2826a1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WM27-9PVG-GQ5H
Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2025-11-04 00:30In the Linux kernel, the following vulnerability has been resolved:
drm/exynos/vidi: fix memory leak in .get_modes()
The duplicated EDID is never freed. Fix it.
{
"affected": [],
"aliases": [
"CVE-2024-40932"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-12T13:15:15Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos/vidi: fix memory leak in .get_modes()\n\nThe duplicated EDID is never freed. Fix it.",
"id": "GHSA-wm27-9pvg-gq5h",
"modified": "2025-11-04T00:30:54Z",
"published": "2024-07-12T15:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40932"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0acc356da8546b5c55aabfc2e2c5caa0ac9b0003"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/38e3825631b1f314b21e3ade00b5a4d737eb054e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/540ca99729e28dbe902b01039a3b4bd74520a819"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/777838c9b571674ef14dbddf671f372265879226"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a269c5701244db2722ae0fce5d1854f5d8f31224"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cb3ac233434dba130281db330c4b15665b2d2c4d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dcba6bedb439581145d8aa6b0925209f23184ae1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ebcf81504fef03f701b9711e43fea4fe2d82ebc8"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WMVJ-JGW2-92M9
Vulnerability from github – Published: 2022-06-18 00:00 – Updated: 2022-06-28 00:00Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavior.
{
"affected": [],
"aliases": [
"CVE-2021-41490"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-17T13:15:00Z",
"severity": "HIGH"
},
"details": "Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavior.",
"id": "GHSA-wmvj-jgw2-92m9",
"modified": "2022-06-28T00:00:43Z",
"published": "2022-06-18T00:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41490"
},
{
"type": "WEB",
"url": "https://github.com/ompl/ompl/issues/833"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WMVM-658G-PPFX
Vulnerability from github – Published: 2026-04-03 18:31 – Updated: 2026-04-23 21:31In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Don't overwrite KMS surface dirty tracker
We were overwriting the surface's dirty tracker here causing a memory leak.
{
"affected": [],
"aliases": [
"CVE-2026-23430"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-03T16:16:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Don\u0027t overwrite KMS surface dirty tracker\n\nWe were overwriting the surface\u0027s dirty tracker here causing a memory leak.",
"id": "GHSA-wmvm-658g-ppfx",
"modified": "2026-04-23T21:31:18Z",
"published": "2026-04-03T18:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23430"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/354c8bbf8d1e4aa61e580dbe160591feda504e4f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3f300a41a3668095688aa4551214e8080829fa93"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c6cb77c474a32265e21c4871c7992468bf5e7638"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WPC3-48HJ-VQGF
Vulnerability from github – Published: 2025-03-27 18:31 – Updated: 2025-04-14 21:32In the Linux kernel, the following vulnerability has been resolved:
cifs: fix potential memory leaks in session setup
Make sure to free cifs_ses::auth_key.response before allocating it as we might end up leaking memory in reconnect or mounting.
{
"affected": [],
"aliases": [
"CVE-2023-53008"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-27T17:15:49Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential memory leaks in session setup\n\nMake sure to free cifs_ses::auth_key.response before allocating it as\nwe might end up leaking memory in reconnect or mounting.",
"id": "GHSA-wpc3-48hj-vqgf",
"modified": "2025-04-14T21:32:23Z",
"published": "2025-03-27T18:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53008"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2fe58d977ee05da5bb89ef5dc4f5bf2dc15db46f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/893d45394dbe4b5cbf3723c19e2ccc8b93a6ac9b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WPCP-36GF-6GXQ
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-10-07 18:15A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.
{
"affected": [],
"aliases": [
"CVE-2020-25704"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-02T01:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.",
"id": "GHSA-wpcp-36gf-6gxq",
"modified": "2022-10-07T18:15:55Z",
"published": "2022-05-24T17:35:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25704"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895961"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7bdb157cdebbf95a1cd94ed2e01b338714075d00"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2020/11/09/1"
},
{
"type": "WEB",
"url": "https://www.starwindsoftware.com/security/sw-20220802-0003"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WPFJ-9Q2G-67MP
Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.
{
"affected": [],
"aliases": [
"CVE-2019-7732"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-11T17:29:00Z",
"severity": "HIGH"
},
"details": "In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.",
"id": "GHSA-wpfj-9q2g-67mp",
"modified": "2022-05-13T01:22:54Z",
"published": "2022-05-13T01:22:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7732"
},
{
"type": "WEB",
"url": "https://github.com/rgaufman/live555/issues/20"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WPG4-GG33-JQW3
Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-05-24 17:01A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.
{
"affected": [],
"aliases": [
"CVE-2019-19069"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-18T06:15:00Z",
"severity": "HIGH"
},
"details": "A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.",
"id": "GHSA-wpg4-gg33-jqw3",
"modified": "2022-05-24T17:01:31Z",
"published": "2022-05-24T17:01:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19069"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4208-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.