CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-J4J9-J24X-79RM
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-18 18:32In the Linux kernel, the following vulnerability has been resolved:
RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
setup_base_ctxt() allocates a memory chunk for uctxt->groups with hfi1_alloc_ctxt_rcv_groups(). When init_user_ctxt() fails, uctxt->groups is not released, which will lead to a memory leak.
We should release the uctxt->groups with hfi1_free_ctxt_rcv_groups() when init_user_ctxt() fails.
{
"affected": [],
"aliases": [
"CVE-2022-50134"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hfi1: fix potential memory leak in setup_base_ctxt()\n\nsetup_base_ctxt() allocates a memory chunk for uctxt-\u003egroups with\nhfi1_alloc_ctxt_rcv_groups(). When init_user_ctxt() fails, uctxt-\u003egroups\nis not released, which will lead to a memory leak.\n\nWe should release the uctxt-\u003egroups with hfi1_free_ctxt_rcv_groups()\nwhen init_user_ctxt() fails.",
"id": "GHSA-j4j9-j24x-79rm",
"modified": "2025-11-18T18:32:46Z",
"published": "2025-06-18T12:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50134"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1750be1e9f18787cf717c24dbc5fa029fc372a22"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2f90813f1c21c3d780585390af961bd17c8515ae"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/90ef48a718f88935d4af53d7dadd1ceafe103ce6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a85c7dd1edadcdeca24e603a6618153a3bcc81ca"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a9055dfe437efae77e28e57205437c878a03ccb7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aa2a1df3a2c85f855af7d54466ac10bd48645d63"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e25b828553aecb3185a8d8d0c4f9b4e133fb5db6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fc4de8009fd6c2ca51986c6757efa964040e7d02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J4JV-9RJV-H6JM
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.
{
"affected": [],
"aliases": [
"CVE-2021-20210"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-25T19:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.",
"id": "GHSA-j4jv-9rjv-h6jm",
"modified": "2022-05-24T17:45:22Z",
"published": "2022-05-24T17:45:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20210"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928729"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"type": "WEB",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-J546-3M5X-FX7P
Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.
{
"affected": [],
"aliases": [
"CVE-2021-34431"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-22T14:15:00Z",
"severity": "MODERATE"
},
"details": "In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.",
"id": "GHSA-j546-3m5x-fx7p",
"modified": "2022-05-24T19:09:00Z",
"published": "2022-05-24T19:09:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34431"
},
{
"type": "WEB",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=573191"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-J58X-5M9C-F2G5
Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2024-03-21 03:33A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20.
{
"affected": [],
"aliases": [
"CVE-2019-19046"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-18T06:15:00Z",
"severity": "HIGH"
},
"details": "A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20.",
"id": "GHSA-j58x-5m9c-f2g5",
"modified": "2024-03-21T03:33:42Z",
"published": "2022-05-24T17:01:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19046"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/4aa7afb0ee20a97fbf0c5bab3df028d5fb85fdab"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1157304"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4302-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4319-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4325-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J5JQ-R673-59H3
Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-21 21:30In the Linux kernel, the following vulnerability has been resolved:
drm/xe/sync: Fix user fence leak on alloc failure
When dma_fence_chain_alloc() fails, properly release the user fence reference to prevent a memory leak.
(cherry picked from commit a5d5634cde48a9fcd68c8504aa07f89f175074a0)
{
"affected": [],
"aliases": [
"CVE-2026-43396"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T15:16:51Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/sync: Fix user fence leak on alloc failure\n\nWhen dma_fence_chain_alloc() fails, properly release the user fence\nreference to prevent a memory leak.\n\n(cherry picked from commit a5d5634cde48a9fcd68c8504aa07f89f175074a0)",
"id": "GHSA-j5jq-r673-59h3",
"modified": "2026-05-21T21:30:29Z",
"published": "2026-05-08T15:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43396"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/05edc78eb4699e8e000a62aaa8dace50a17e19e3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0879c3f04f67e2a1677c25dcc24669ce21eb6a6c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f8f90b33934b307f6e4599b9fae38aa1ee5441a7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J6C4-9599-77V8
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-06-29 00:00An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead to an memory leak in dwg_decode_eed ../../src/decode.c:3638.
{
"affected": [],
"aliases": [
"CVE-2020-21839"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-404"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-17T21:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead to an memory leak in dwg_decode_eed ../../src/decode.c:3638.",
"id": "GHSA-j6c4-9599-77v8",
"modified": "2022-06-29T00:00:30Z",
"published": "2022-05-24T19:02:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21839"
},
{
"type": "WEB",
"url": "https://github.com/LibreDWG/libredwg/issues/188#issuecomment-574492707"
},
{
"type": "WEB",
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"type": "WEB",
"url": "http://gnu.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J6H2-WR53-6VCG
Vulnerability from github – Published: 2026-02-18 18:30 – Updated: 2026-06-02 15:31In the Linux kernel, the following vulnerability has been resolved:
smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()
On kthread_run() failure in ksmbd_tcp_new_connection(), the transport is freed via free_transport(), which does not decrement active_num_conn, leaking this counter.
Replace free_transport() with ksmbd_tcp_disconnect().
{
"affected": [],
"aliases": [
"CVE-2026-23228"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-18T16:22:32Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()\n\nOn kthread_run() failure in ksmbd_tcp_new_connection(), the transport is\nfreed via free_transport(), which does not decrement active_num_conn,\nleaking this counter.\n\nReplace free_transport() with ksmbd_tcp_disconnect().",
"id": "GHSA-j6h2-wr53-6vcg",
"modified": "2026-06-02T15:31:53Z",
"published": "2026-02-18T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23228"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/599271110c35f6b16e2e4e45b9fbd47ed378c982"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6dd2645cf080a75be31fa66063c7332b291f46f0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/77ffbcac4e569566d0092d5f22627dfc0896b553"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/787769c8cc50416af7b8b1a36e6bcd6aaa7680aa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7ddd69cd1338c6197e1b6b19cec60d99c8633e4f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/baf664fc90a6139a39a58333e4aaa390c10d45dc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cd25e0d809531a67e9dd53b19012d27d2b13425f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J6JV-RR9G-Q9J6
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c.
{
"affected": [],
"aliases": [
"CVE-2020-22043"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-01T20:15:00Z",
"severity": "MODERATE"
},
"details": "A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c.",
"id": "GHSA-j6jv-rr9g-q9j6",
"modified": "2022-05-24T19:03:41Z",
"published": "2022-05-24T19:03:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22043"
},
{
"type": "WEB",
"url": "https://trac.ffmpeg.org/ticket/8284"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-J6Q7-JCX4-9HR4
Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
struct irdma_create_ah_resp { // 8 bytes, no padding __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah->sc_ah.ah_info.ah_idx) __u8 rsvd[4]; // offset 4 - NEVER SET <- LEAK };
rsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata().
The reserved members of the structure were not zeroed.
{
"affected": [],
"aliases": [
"CVE-2026-23335"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T11:16:31Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()\n\nstruct irdma_create_ah_resp { // 8 bytes, no padding\n __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah-\u003esc_ah.ah_info.ah_idx)\n __u8 rsvd[4]; // offset 4 - NEVER SET \u003c- LEAK\n};\n\nrsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata().\n\nThe reserved members of the structure were not zeroed.",
"id": "GHSA-j6q7-jcx4-9hr4",
"modified": "2026-07-14T15:31:41Z",
"published": "2026-03-25T12:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23335"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/14b47c07c69930254f549a17ee245c80a65b1609"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1b1fac4c7a3ab7f52e9cfb91e5c91216646ca4d8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1f70df004fdd944653013ccc2e1dfd472a693b46"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2fd37450d271d74b3847baed284f9cfdf198c6f8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/74586c6da9ea222a61c98394f2fc0a604748438c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c9bd0007c4bdb7806bbd323287e50f9cf467c51a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cfe962216c164fe2b1c1fb6ac925a7413f5abc84"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J6V9-29XF-J8Q4
Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2024-04-04 02:51A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain public key infrastructure (PKI) packets. An attacker could exploit this vulnerability by sending crafted Secure Sockets Layer (SSL) packets to an affected device. A successful exploit could cause an affected device to continuously consume memory, which could result in a memory allocation failure that leads to a crash and causes a DoS condition.
{
"affected": [],
"aliases": [
"CVE-2020-3203"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-03T18:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain public key infrastructure (PKI) packets. An attacker could exploit this vulnerability by sending crafted Secure Sockets Layer (SSL) packets to an affected device. A successful exploit could cause an affected device to continuously consume memory, which could result in a memory allocation failure that leads to a crash and causes a DoS condition.",
"id": "GHSA-j6v9-29xf-j8q4",
"modified": "2024-04-04T02:51:32Z",
"published": "2022-05-24T17:19:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3203"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewlc-dos-TkuPVmZN"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.