Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2002 vulnerabilities reference this CWE, most recent first.

GHSA-6P4P-492R-V39V

Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22
VLAI
Details

An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called from mms/iso_mms/common/mms_value.c, server/mms_mapping/mms_mapping.c, and server/mms_mapping/mms_sv.c (via common/string_utilities.c), as demonstrated by iec61850_9_2_LE_example.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-6138"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-11T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called from mms/iso_mms/common/mms_value.c, server/mms_mapping/mms_mapping.c, and server/mms_mapping/mms_sv.c (via common/string_utilities.c), as demonstrated by iec61850_9_2_LE_example.c.",
  "id": "GHSA-6p4p-492r-v39v",
  "modified": "2022-05-13T01:22:35Z",
  "published": "2022-05-13T01:22:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6138"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mz-automation/libiec61850/issues/103"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6PC7-MM64-G3V9

Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-04-24 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/ionic: Fix kernel stack leak in ionic_create_cq()

struct ionic_cq_resp resp { __u32 cqid[2]; // offset 0 - PARTIALLY SET (see below) __u8 udma_mask; // offset 8 - SET (resp.udma_mask = vcq->udma_mask) __u8 rsvd[7]; // offset 9 - NEVER SET <- LEAK };

rsvd[7]: 7 bytes of stack memory leaked unconditionally.

cqid[2]: The loop at line 1256 iterates over udma_idx but skips indices where !(vcq->udma_mask & BIT(udma_idx)). The array has 2 entries but udma_count could be 1, meaning cqid[1] might never be written via ionic_create_cq_common(). If udma_mask only has bit 0 set, cqid[1] (4 bytes) is also leaked. So potentially 11 bytes leaked.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23384"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T11:16:38Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/ionic: Fix kernel stack leak in ionic_create_cq()\n\nstruct ionic_cq_resp resp {\n    __u32 cqid[2];         // offset 0 - PARTIALLY SET (see below)\n    __u8  udma_mask;       // offset 8 - SET (resp.udma_mask = vcq-\u003eudma_mask)\n    __u8  rsvd[7];         // offset 9 - NEVER SET \u003c- LEAK\n};\n\nrsvd[7]: 7 bytes of stack memory leaked unconditionally.\n\ncqid[2]: The loop at line 1256 iterates over udma_idx but skips indices\nwhere !(vcq-\u003eudma_mask \u0026 BIT(udma_idx)). The array has 2 entries but\nudma_count could be 1, meaning cqid[1] might never be written via\nionic_create_cq_common(). If udma_mask only has bit 0 set, cqid[1] (4\nbytes) is also leaked. So potentially 11 bytes leaked.",
  "id": "GHSA-6pc7-mm64-g3v9",
  "modified": "2026-04-24T21:31:57Z",
  "published": "2026-03-25T12:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23384"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/547d0b07ad73915b323bc21f85c5d3252bebbbcf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a6f3e0fa8e862f220c26c2f27e5ddc42eb82ad3e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/faa72102b178c7ae6c6afea23879e7c84fc59b4e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6PW4-V52H-38VJ

Vulnerability from github – Published: 2025-09-17 15:30 – Updated: 2025-12-11 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

accel/habanalabs: postpone mem_mgr IDR destruction to hpriv_release()

The memory manager IDR is currently destroyed when user releases the file descriptor. However, at this point the user context might be still held, and memory buffers might be still in use. Later on, calls to release those buffers will fail due to not finding their handles in the IDR, leading to a memory leak. To avoid this leak, split the IDR destruction from the memory manager fini, and postpone it to hpriv_release() when there is no user context and no buffers are used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53353"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-17T15:15:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/habanalabs: postpone mem_mgr IDR destruction to hpriv_release()\n\nThe memory manager IDR is currently destroyed when user releases the\nfile descriptor.\nHowever, at this point the user context might be still held, and memory\nbuffers might be still in use.\nLater on, calls to release those buffers will fail due to not finding\ntheir handles in the IDR, leading to a memory leak.\nTo avoid this leak, split the IDR destruction from the memory manager\nfini, and postpone it to hpriv_release() when there is no user context\nand no buffers are used.",
  "id": "GHSA-6pw4-v52h-38vj",
  "modified": "2025-12-11T15:30:30Z",
  "published": "2025-09-17T15:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53353"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2e8e9a895c4589f124a37fc84d123b5114406e94"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/840de329ca99cafd0cdde9c6ac160b1330942aba"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6Q4Q-932W-G4PG

Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2024-10-24 00:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

zram: free secondary algorithms names

We need to kfree() secondary algorithms names when reset zram device that had multi-streams, otherwise we leak memory.

[senozhatsky@chromium.org: kfree(NULL) is legal] Link: https://lkml.kernel.org/r/20240917013021.868769-1-senozhatsky@chromium.org

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50064"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T20:15:18Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: free secondary algorithms names\n\nWe need to kfree() secondary algorithms names when reset zram device that\nhad multi-streams, otherwise we leak memory.\n\n[senozhatsky@chromium.org: kfree(NULL) is legal]\n  Link: https://lkml.kernel.org/r/20240917013021.868769-1-senozhatsky@chromium.org",
  "id": "GHSA-6q4q-932w-g4pg",
  "modified": "2024-10-24T00:33:36Z",
  "published": "2024-10-21T21:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50064"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6272936fd242ca1f784c3e21596dfb3859dff276"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/684826f8271ad97580b138b9ffd462005e470b99"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ef35cc0d15b89dd013e1bb829fe97db7b1ab79eb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6QJW-QGR8-M5C4

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05
VLAI
Details

Trusty contains a vulnerability in NVIDIA OTE protocol message parsing code, which is present in all the TAs. An incorrect bounds check leads to a memory leak of a portion of the heap situated after a stream buffer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34389"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-21T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Trusty contains a vulnerability in NVIDIA OTE protocol message parsing code, which is present in all the TAs. An incorrect bounds check leads to a memory leak of a portion of the heap situated after a stream buffer.",
  "id": "GHSA-6qjw-qgr8-m5c4",
  "modified": "2022-05-24T19:05:58Z",
  "published": "2022-05-24T19:05:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34389"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-6R9G-7C8C-J56M

Vulnerability from github – Published: 2025-12-24 21:30 – Updated: 2025-12-26 21:30
VLAI
Details

GNU Barcode 0.99 contains a memory leak vulnerability in the command line processing function within cmdline.c. Attackers can exploit this vulnerability by providing specially crafted input that causes unfreed memory allocations, potentially leading to denial of service conditions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-25153"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-24T20:15:50Z",
    "severity": "MODERATE"
  },
  "details": "GNU Barcode 0.99 contains a memory leak vulnerability in the command line processing function within cmdline.c. Attackers can exploit this vulnerability by providing specially crafted input that causes unfreed memory allocations, potentially leading to denial of service conditions.",
  "id": "GHSA-6r9g-7c8c-j56m",
  "modified": "2025-12-26T21:30:21Z",
  "published": "2025-12-24T21:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25153"
    },
    {
      "type": "WEB",
      "url": "https://directory.fsf.org/wiki/Barcode"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/44798"
    },
    {
      "type": "WEB",
      "url": "https://www.gnu.org/software/barcode"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/12/26/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-6W76-JQM9-9Q43

Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-12-03 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

samples/bpf: Fix fout leak in hbm's run_bpf_prog

Fix fout being fopen'ed but then not subsequently fclose'd. In the affected branch, fout is otherwise going out of scope.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53290"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T08:15:38Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsamples/bpf: Fix fout leak in hbm\u0027s run_bpf_prog\n\nFix fout being fopen\u0027ed but then not subsequently fclose\u0027d. In the affected\nbranch, fout is otherwise going out of scope.",
  "id": "GHSA-6w76-jqm9-9q43",
  "modified": "2025-12-03T18:30:20Z",
  "published": "2025-09-16T15:32:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53290"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/23acb14af1914010dd0aae1bbb7fab28bf518b8e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7560ed6592ff4077528c239c71e91b19de985b97"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a7ec2f424f6edad34651137783a0a59eca9aa37e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e3e6e252d74f20f6fc610c7fef3ae7dda0109a6f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/edf37bc8b03d3f948e679b2fd2d14464495f5d1b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f2065b8b0a215bc6aa061287a2e3d9eab2446422"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6WJQ-CPH5-RQ6R

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17
VLAI
Details

Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-22673"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-12T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.",
  "id": "GHSA-6wjq-cph5-rq6r",
  "modified": "2022-05-24T19:17:16Z",
  "published": "2022-05-24T19:17:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22673"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/1342"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-6WW3-V82P-JV78

Vulnerability from github – Published: 2023-12-14 21:31 – Updated: 2023-12-14 21:31
VLAI
Details

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.7.2 in certain circumstances can recover the reader's communication memory between the card and reader.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0248"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-14T21:15:07Z",
    "severity": "HIGH"
  },
  "details": "An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.7.2 in certain circumstances can recover the reader\u0027s communication memory between the card and reader.\n\n",
  "id": "GHSA-6ww3-v82p-jv78",
  "modified": "2023-12-14T21:31:16Z",
  "published": "2023-12-14T21:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0248"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02"
    },
    {
      "type": "WEB",
      "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6XCG-RCF7-Q8XW

Vulnerability from github – Published: 2025-01-15 15:31 – Updated: 2025-09-26 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/core: fix new damon_target objects leaks on damon_commit_targets()

Patch series "mm/damon/core: fix memory leaks and ignored inputs from damon_commit_ctx()".

Due to two bugs in damon_commit_targets() and damon_commit_schemes(), which are called from damon_commit_ctx(), some user inputs can be ignored, and some mmeory objects can be leaked. Fix those.

Note that only DAMON sysfs interface users are affected. Other DAMON core API user modules that more focused more on simple and dedicated production usages, including DAMON_RECLAIM and DAMON_LRU_SORT are not using the buggy function in the way, so not affected.

This patch (of 2):

When new DAMON targets are added via damon_commit_targets(), the newly created targets are not deallocated when updating the internal data (damon_commit_target()) is failed. Worse yet, even if the setup is successfully done, the new target is not linked to the context. Hence, the new targets are always leaked regardless of the internal data setup failure. Fix the leaks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57886"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-15T13:15:13Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: fix new damon_target objects leaks on damon_commit_targets()\n\nPatch series \"mm/damon/core: fix memory leaks and ignored inputs from\ndamon_commit_ctx()\".\n\nDue to two bugs in damon_commit_targets() and damon_commit_schemes(),\nwhich are called from damon_commit_ctx(), some user inputs can be ignored,\nand some mmeory objects can be leaked.  Fix those.\n\nNote that only DAMON sysfs interface users are affected.  Other DAMON core\nAPI user modules that more focused more on simple and dedicated production\nusages, including DAMON_RECLAIM and DAMON_LRU_SORT are not using the buggy\nfunction in the way, so not affected.\n\n\nThis patch (of 2):\n\nWhen new DAMON targets are added via damon_commit_targets(), the newly\ncreated targets are not deallocated when updating the internal data\n(damon_commit_target()) is failed.  Worse yet, even if the setup is\nsuccessfully done, the new target is not linked to the context.  Hence,\nthe new targets are always leaked regardless of the internal data setup\nfailure.  Fix the leaks.",
  "id": "GHSA-6xcg-rcf7-q8xw",
  "modified": "2025-09-26T21:30:26Z",
  "published": "2025-01-15T15:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57886"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3647932d0b3e609c762c55e8f9fe10a09776e0a7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8debfc5b1aa569d3d2ac836af2553da037611c61"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.