Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-XH72-9GPX-W4CX

Vulnerability from github – Published: 2024-02-28 21:30 – Updated: 2024-08-29 21:31
VLAI
Details

A memory leak issue discovered in parseSWF_FREECHARACTER in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-24148"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-28T20:15:41Z",
    "severity": "HIGH"
  },
  "details": "A memory leak issue discovered in parseSWF_FREECHARACTER in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.",
  "id": "GHSA-xh72-9gpx-w4cx",
  "modified": "2024-08-29T21:31:01Z",
  "published": "2024-02-28T21:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24148"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libming/libming/issues/308"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHHV-VJ84-84FM

Vulnerability from github – Published: 2024-02-28 09:30 – Updated: 2024-12-12 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mt76: mt7615: fix tx skb dma unmap

The first pointer in the txp needs to be unmapped as well, otherwise it will leak DMA mapping entries

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47033"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-28T09:15:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7615: fix tx skb dma unmap\n\nThe first pointer in the txp needs to be unmapped as well, otherwise it will\nleak DMA mapping entries",
  "id": "GHSA-xhhv-vj84-84fm",
  "modified": "2024-12-12T18:30:49Z",
  "published": "2024-02-28T09:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47033"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/75bc5f779a7664d1fc19cb915039439c6e58bb94"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/821ae236ccea989a1fcc6abfc4d5b74ad4ba39d2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a025277a80add18c33d01042525a74fe5b875f25"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ebee7885bb12a8fe2c2f9bac87dbd87a05b645f9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHJ3-66VG-P2C8

Vulnerability from github – Published: 2022-08-17 00:00 – Updated: 2022-08-19 00:00
VLAI
Details

ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-35433"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-16T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c.",
  "id": "GHSA-xhj3-66vg-p2c8",
  "modified": "2022-08-19T00:00:38Z",
  "published": "2022-08-17T00:00:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35433"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rockcarry/ffjpeg/issues/52"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJ33-WWM4-P8MW

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-31 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf, s390: Fix potential memory leak about jit_data

Make sure to free jit_data through kfree() in the error path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47426"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:28Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, s390: Fix potential memory leak about jit_data\n\nMake sure to free jit_data through kfree() in the error path.",
  "id": "GHSA-xj33-wwm4-p8mw",
  "modified": "2024-12-31T21:30:44Z",
  "published": "2024-05-21T15:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47426"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/29fdb11ca88d3c490a3d56f0dc77eb9444d086be"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/686cb8b9f6b46787f035afe8fbd132a74e6b1bdd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a326f9c01cfbee4450ae49ce618ae6cbc0f76842"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d590a410e472417a22336c7c37685bfb38e801f2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJF3-WCJC-6JQ8

Vulnerability from github – Published: 2022-05-13 01:18 – Updated: 2022-05-13 01:18
VLAI
Details

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0829 and CVE-2018-0830.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-0832"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-15T02:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka \"Windows Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0829 and CVE-2018-0830.",
  "id": "GHSA-xjf3-wcjc-6jq8",
  "modified": "2022-05-13T01:18:32Z",
  "published": "2022-05-13T01:18:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0832"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0832"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/44146"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102923"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040373"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJM5-MRH5-2HC5

Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-11-12 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()

If alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not freed, which will cause following memleak:

unreferenced object 0xffff88810b2c6980 (size 32): comm "kworker/u16:2", pid 635322, jiffies 4355801099 (age 1216426.076s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$............. backtrace: [<0000000098f3a26d>] alua_activate+0xb0/0x320 [<000000003b529641>] scsi_dh_activate+0xb2/0x140 [<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath] [<000000007adc9ace>] process_one_work+0x3c5/0x730 [<00000000c457a985>] worker_thread+0x93/0x650 [<00000000cb80e628>] kthread+0x1ba/0x210 [<00000000a1e61077>] ret_from_fork+0x22/0x30

Fix the problem by freeing 'qdata' in error path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53078"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-02T16:15:26Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_dh_alua: Fix memleak for \u0027qdata\u0027 in alua_activate()\n\nIf alua_rtpg_queue() failed from alua_activate(), then \u0027qdata\u0027 is not\nfreed, which will cause following memleak:\n\nunreferenced object 0xffff88810b2c6980 (size 32):\n  comm \"kworker/u16:2\", pid 635322, jiffies 4355801099 (age 1216426.076s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff  @9$.............\n  backtrace:\n    [\u003c0000000098f3a26d\u003e] alua_activate+0xb0/0x320\n    [\u003c000000003b529641\u003e] scsi_dh_activate+0xb2/0x140\n    [\u003c000000007b296db3\u003e] activate_path_work+0xc6/0xe0 [dm_multipath]\n    [\u003c000000007adc9ace\u003e] process_one_work+0x3c5/0x730\n    [\u003c00000000c457a985\u003e] worker_thread+0x93/0x650\n    [\u003c00000000cb80e628\u003e] kthread+0x1ba/0x210\n    [\u003c00000000a1e61077\u003e] ret_from_fork+0x22/0x30\n\nFix the problem by freeing \u0027qdata\u0027 in error path.",
  "id": "GHSA-xjm5-mrh5-2hc5",
  "modified": "2025-11-12T21:31:00Z",
  "published": "2025-05-02T18:31:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53078"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d89254a4320eb7de0970c478172f764125c6355"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/123483df146492ca22b503ae6dacc2ce7c3a3974"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1c55982beb80c7d3c30278fc6cfda8496a31dbe6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5c4d71424df34fc23dc5336d09394ce68c849542"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9311e7a554dffd3823499e309a8b86a5cd1540e5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a13faca032acbf2699293587085293bdfaafc8ae"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c09cdf6eb815ee35e55d6c50ac7f63db58bd20b8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c110051d335ef7f62ad33474b0c23997fee5bfb5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJMQ-X923-HRWQ

Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2023-01-20 15:30
VLAI
Details

A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-18813"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-07T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.",
  "id": "GHSA-xjmq-x923-hrwq",
  "modified": "2023-01-20T15:30:28Z",
  "published": "2022-05-24T17:00:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18813"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9bbfceea12a8f145097a27d7c7267af25893c060"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20191205-0001"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4225-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4225-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4226-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XM9J-X4HP-V2X3

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-30 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/nouveau/kms/nv50-: fix file release memory leak

When using single_open() for opening, single_release() should be called, otherwise the 'op' allocated in single_open() will be leaked.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47422"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:27Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/kms/nv50-: fix file release memory leak\n\nWhen using single_open() for opening, single_release() should be\ncalled, otherwise the \u0027op\u0027 allocated in single_open() will be leaked.",
  "id": "GHSA-xm9j-x4hp-v2x3",
  "modified": "2024-12-30T21:30:46Z",
  "published": "2024-05-21T15:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47422"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b3d4945cc7e7ea1acd52cb06dfa83bfe265b6d5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b4e9fc14973a94ac0520f19b3633493ae13c912"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/65fff0a8efcdca8d84ffe3e23057c3b32403482d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XMFC-6X2R-FQV5

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-24 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

virtio-blk: Fix memory leak among suspend/resume procedure

The vblk->vqs should be freed before we call init_vqs() in virtblk_restore().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47319"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:19Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-blk: Fix memory leak among suspend/resume procedure\n\nThe vblk-\u003evqs should be freed before we call init_vqs()\nin virtblk_restore().",
  "id": "GHSA-xmfc-6x2r-fqv5",
  "modified": "2024-12-24T18:30:48Z",
  "published": "2024-05-21T15:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47319"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/04c6e60b884cb5e94ff32af46867fb41d5848358"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/102d6bc6475ab09bab579c18704e6cf8d898e93c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/29a2f4a3214aa14d61cc9737c9f886dae9dbb710"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/381bde79d11e596002edfd914e6714291826967a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/600942d2fd49b90e44857d20c774b20d16f3130f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/863da837964c80c72e368a4f748c30d25daa1815"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b71ba22e7c6c6b279c66f53ee7818709774efa1f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ca2b8ae93a6da9839dc7f9eb9199b18aa03c3dae"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cd24da0db9f75ca11eaf6060f0ccb90e2f3be3b0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XMJC-7969-FFGM

Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2025-09-19 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

xsk: recycle buffer in case Rx queue was full

Add missing xsk_buff_free() call when __xsk_rcv_zc() failed to produce descriptor to XSK Rx queue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35834"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T14:15:20Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: recycle buffer in case Rx queue was full\n\nAdd missing xsk_buff_free() call when __xsk_rcv_zc() failed to produce\ndescriptor to XSK Rx queue.",
  "id": "GHSA-xmjc-7969-ffgm",
  "modified": "2025-09-19T18:31:17Z",
  "published": "2024-05-17T15:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35834"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/269009893146c495f41e9572dd9319e787c2eba9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7b4d93d31aade99210d41cd9d4cbd2957c98bc8c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cce713664548284daf977739e7ff1cd59e84189c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.