CWE-401— Missing Release of Memory after Effective Lifetime (Memory Leak)
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.— MITRE CWE catalog
1,801 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-401page 2 of 37
- CVE-2019-15921MEDIUMCVSS 4.7EG 4.72019-09-04
An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c.
- CVE-2019-16708MEDIUMCVSS 6.5EG 6.52019-09-23
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
- CVE-2019-16709MEDIUMCVSS 6.5EG 6.52019-09-23
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
- CVE-2019-16710MEDIUMCVSS 6.5EG 6.52019-09-23
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.
- CVE-2019-16711MEDIUMCVSS 6.5EG 6.52019-09-23
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.
- CVE-2019-16712MEDIUMCVSS 6.5EG 6.52019-09-23
ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.
- CVE-2019-16713MEDIUMCVSS 6.5EG 6.52019-09-23
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.
- CVE-2019-16994MEDIUMCVSS 4.7EG 4.72019-09-30
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.
- CVE-2019-16995HIGHCVSS 7.5EG 7.52019-09-30
In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.
- CVE-2019-1708HIGHCVSS 8.6EG 8.62019-05-03
A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthentic…
- CVE-2019-17177HIGHCVSS 7.5EG 7.52019-10-04
libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.
- CVE-2019-17178HIGHCVSS 7.5EG 7.52019-10-04
HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a reall…
- CVE-2019-17340HIGHCVSS 8.8EG 8.82019-10-08
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.
- CVE-2019-17371MEDIUMCVSS 6.5EG 6.52019-10-09
gif2png 2.5.13 has a memory leak in the writefile function.
- CVE-2019-18806MEDIUMCVSS 5.5EG 5.52019-11-07
A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() fai…
- CVE-2019-18807HIGHCVSS 7.5EG 7.52019-11-07
Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_pre…
- CVE-2019-18808MEDIUMCVSS 5.5EG 5.52019-11-07
A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.
- CVE-2019-18809MEDIUMCVSS 4.6EG 4.62019-11-07
A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559.
- CVE-2019-18810HIGHCVSS 7.5EG 7.52019-11-07
A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering drm_write…
- CVE-2019-18811MEDIUMCVSS 5.5EG 5.52019-11-07
A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka …
- CVE-2019-18812HIGHCVSS 7.5EG 7.52019-11-07
A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef.
- CVE-2019-18813HIGHCVSS 7.5EG 7.52019-11-07
A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka…
- CVE-2019-19043MEDIUMCVSS 5.5EG 5.52019-11-18
A memory leak in the i40e_setup_macvlans() function in drivers/net/ethernet/intel/i40e/i40e_main.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering i40e_setup_channel() fai…
- CVE-2019-19044HIGHCVSS 7.5EG 7.52019-11-18
Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures,…
- CVE-2019-19045MEDIUMCVSS 4.4EG 4.42019-11-18
A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2…
- CVE-2019-19046MEDIUMCVSS 6.5EG 6.52019-11-18
A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CI…
- CVE-2019-19047MEDIUMCVSS 5.5EG 5.52019-11-18
A memory leak in the mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_crdump_…
- CVE-2019-19048HIGHCVSS 7.5EG 7.52019-11-18
A memory leak in the crypto_reportstat() function in drivers/virt/vboxguest/vboxguest_utils.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering copy_form_user() failures, aka …
- CVE-2019-19049HIGHCVSS 7.5EG 7.52019-11-18
A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka CID-e13de8f…
- CVE-2019-19050HIGHCVSS 7.5EG 7.52019-11-18
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c0…
- CVE-2019-19051MEDIUMCVSS 5.5EG 5.52019-11-18
A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7.
- CVE-2019-19052HIGHCVSS 7.5EG 7.52019-11-18
A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.
- CVE-2019-19053HIGHCVSS 7.5EG 7.52019-11-18
A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka C…
- CVE-2019-19054MEDIUMCVSS 4.7EG 4.72019-11-18
A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-…
- CVE-2019-19055MEDIUMCVSS 5.5EG 5.52019-11-18
A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CI…
- CVE-2019-19056MEDIUMCVSS 4.7EG 4.72019-11-18
A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pc…
- CVE-2019-19057LOWCVSS 3.3EG 3.32019-11-18
Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci…
- CVE-2019-19058MEDIUMCVSS 4.7EG 4.72019-11-18
A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID…
- CVE-2019-19059MEDIUMCVSS 4.7EG 4.72019-11-18
Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by trigge…
- CVE-2019-19060HIGHCVSS 7.5EG 7.52019-11-18
A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.
- CVE-2019-19061HIGHCVSS 7.5EG 7.52019-11-18
A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.
- CVE-2019-19062MEDIUMCVSS 4.7EG 4.72019-11-18
A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde59320…
- CVE-2019-19063MEDIUMCVSS 4.6EG 4.62019-11-18
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.
- CVE-2019-19064HIGHCVSS 7.5EG 7.52019-11-18
A memory leak in the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering pm_runtime_get_sync() failures, aka CID-057b…
- CVE-2019-19065MEDIUMCVSS 4.7EG 4.72019-11-18
A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a0…
- CVE-2019-19066MEDIUMCVSS 4.7EG 4.72019-11-18
A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e…
- CVE-2019-19067MEDIUMCVSS 4.4EG 4.42019-11-18
Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_gen…
- CVE-2019-19068MEDIUMCVSS 4.6EG 4.62019-11-18
A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit…
- CVE-2019-19069HIGHCVSS 7.5EG 7.52019-11-18
A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a05…
- CVE-2019-19070HIGHCVSS 7.5EG 7.52019-11-18
A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0f…
Map vulnerabilities like CWE-401 to your infrastructure
EchelonGraph correlates every CVE — across CWE-401 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →