CWE-401— Missing Release of Memory after Effective Lifetime (Memory Leak)
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.— MITRE CWE catalog
1,801 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-401page 34 of 37
- CVE-2026-31762MEDIUMCVSS 5.5EG 5.52026-05-01
In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050: Fix irq resource leak The interrupt handler is setup but only a few lines down if iio_trigger_register() fails the function returns without properly …
- CVE-2026-32874HIGHCVSS 7.5EG 7.52026-03-20
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large (outside of the range [-2^63, 2^64 - 1]) integers. The le…
- CVE-2026-33775MEDIUMCVSS 6.5EG 6.52026-04-09
A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Se…
- CVE-2026-33780MEDIUMCVSS 6.5EG 6.52026-04-09
A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultima…
- CVE-2026-33782MEDIUMCVSS 6.5EG 6.52026-04-09
A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory leak, that will eventually cause a com…
- CVE-2026-34052MEDIUMCVSS 5.9EG 5.92026-04-03
LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so a…
- CVE-2026-35424HIGHCVSS 7.5EG 7.52026-05-12
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
- CVE-2026-35505HIGHCVSS 7.5EG 7.52026-06-30
An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart.
- CVE-2026-40336LOWCVSS 2.4EG 2.42026-04-18
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884–885). When processing a secondary enumeration list (introduced i…
- CVE-2026-41840MEDIUMCVSS 5.9EG 5.92026-06-09
Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, 5.3.0 through 5.3.48.
- CVE-2026-4247HIGHCVSS 7.5EG 7.52026-03-26
When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. If an attacker is either on pa…
- CVE-2026-43021MEDIUMCVSS 5.5EG 5.52026-05-01
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix leaks when hci_cmd_sync_queue_once fails When hci_cmd_sync_queue_once() returns with error, the destroy callback will not be called. Fix leakin…
- CVE-2026-43041MEDIUMCVSS 5.5EG 5.52026-05-01
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak __radix_tree_create() allocates and links intermediate nodes into the tree one by one. If a sub…
- CVE-2026-43066MEDIUMCVSS 5.5EG 5.52026-05-05
In the Linux kernel, the following vulnerability has been resolved: ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths During code review, Joseph found that ext4_fc_replay_inode() calls ext4_get_fc_inode_loc() to get the inode …
- CVE-2026-43068MEDIUMCVSS 5.5EG 5.52026-05-05
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal() There's issue as follows: ... EXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 20…
- CVE-2026-43069MEDIUMCVSS 5.5EG 5.52026-05-05
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_ll: Fix firmware leak on error path Smatch reports: drivers/bluetooth/hci_ll.c:587 download_firmware() warn: 'fw' from request_firmware() not released on…
- CVE-2026-43074HIGHCVSS 7.8EG 7.82026-05-06
In the Linux kernel, the following vulnerability has been resolved: eventpoll: defer struct eventpoll free to RCU grace period In certain situations, ep_free() in eventpoll.c will kfree the epi->ep eventpoll struct while it still being u…
- CVE-2026-43089MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in build_mapping() struct xfrm_usersa_id has a one-byte padding hole after the proto field, which ends up never getting set to zero before copyi…
- CVE-2026-43102MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix memory leak in airoha_qdma_rx_process() If an error occurs on the subsequents buffers belonging to the non-linear part of the skb (e.g. due to an error …
- CVE-2026-43104MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix a memory leak in hang state error path When vc4_save_hang_state() encounters an early return condition, it returns without freeing the previously allocated …
- CVE-2026-43105MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix memory leak of BO array in hang state The hang state's BO array is allocated separately with kzalloc() in vc4_save_hang_state() but never freed in vc4_free_…
- CVE-2026-43142MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: media: iris: gen1: Destroy internal buffers after FW releases After the firmware releases internal buffers, the driver was not destroying them. This left stale allocatio…
- CVE-2026-43145MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_rproc: Fix invalid loaded resource table detection imx_rproc_elf_find_loaded_rsc_table() may incorrectly report a loaded resource table even when the cur…
- CVE-2026-43155MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: mux: mmio: fix regmap leak on probe failure The mmio regmap that may be allocated during probe is never freed. Switch to using the device managed allocator so that the …
- CVE-2026-43157MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: CGX: fix bitmap leaks The RX/TX flow-control bitmaps (rx_fc_pfvf_bmap and tx_fc_pfvf_bmap) are allocated by cgx_lmac_init() but never freed in cgx_lmac_exi…
- CVE-2026-43162MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: media: tegra-video: Fix memory leak in __tegra_channel_try_format() The state object allocated by __v4l2_subdev_state_alloc() must be freed with __v4l2_subdev_state_free…
- CVE-2026-43165MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_fanin When calling of_parse_phandle_with_args(), the caller is responsible to call of_node_put() to release t…
- CVE-2026-43183MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: media: cx25821: Fix a resource leak in cx25821_dev_setup() Add release_mem_region() if ioremap() fails to release the memory region obtained by cx25821_get_resources().
- CVE-2026-43217MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: media: iris: gen2: Add sanity check for session stop In iris_kill_session, inst->state is set to IRIS_INST_ERROR and session_close is executed, which will kfree(inst_hfi…
- CVE-2026-43218MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: media: i2c/tw9903: Fix potential memory leak in tw9903_probe() In one of the error paths in tw9903_probe(), the memory allocated in v4l2_ctrl_handler_init() and v4l2_ctr…
- CVE-2026-43223MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2_send_request_ex When pvr2_send_request_ex() submits a write URB successfully but fails to submit the read URB (e.g. returns -ENOMEM)…
- CVE-2026-43224MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix sgtable leak on mapping failures In an unlikely case when io_populate_area_dma() fails, which could only happen on a PAGE_POOL_32BIT_ARCH_WITH_64BIT_D…
- CVE-2026-43225MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix memory leak on failure path cfg80211_inform_bss_frame() may return NULL on failure. In that case, the allocated buffer 'buf' is not freed and the…
- CVE-2026-43231MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: media: radio-keene: fix memory leak in error path Fix a memory leak in usb_keene_probe(). The v4l2 control handler is initialized and controls are added, but if v4l2_dev…
- CVE-2026-43242MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: soc: ti: k3-socinfo: Fix regmap leak on probe failure The mmio regmap allocated during probe is never freed. Switch to using the device managed allocator so that the re…
- CVE-2026-43244MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: kcm: fix zero-frag skb in frag_list on partial sendmsg error Syzkaller reported a warning in kcm_write_msgs() when processing a message with a zero-fragment skb in the f…
- CVE-2026-43246MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: media: i2c/tw9906: Fix potential memory leak in tw9906_probe() In one of the error paths in tw9906_probe(), the memory allocated in v4l2_ctrl_handler_init() and v4l2_ctr…
- CVE-2026-43262MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: gfs2: fiemap page fault fix In gfs2_fiemap(), we are calling iomap_fiemap() while holding the inode glock. This can lead to recursive glock taking if the fiemap buffer …
- CVE-2026-43269MEDIUMCVSS 5.5EG 5.52026-05-06
In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback After several commits, the slab memory increases. Some drm_crtc_commit objects are not freed. The…
- CVE-2026-43286MEDIUMCVSS 5.5EG 5.52026-05-08
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: restore failed global reservations to subpool Commit a833a693a490 ("mm: hugetlb: fix incorrect fallback for subpool") fixed an underflow error for hstate->re…
- CVE-2026-43287MEDIUMCVSS 5.5EG 5.52026-05-08
In the Linux kernel, the following vulnerability has been resolved: drm: Account property blob allocations to memcg DRM_IOCTL_MODE_CREATEPROPBLOB allows userspace to allocate arbitrary-sized property blobs backed by kernel memory. Curre…
- CVE-2026-43317MEDIUMCVSS 5.5EG 5.52026-05-08
In the Linux kernel, the following vulnerability has been resolved: most: core: fix leak on early registration failure A recent commit fixed a resource leak on early registration failures but for some reason left out the first error path…
- CVE-2026-43355MEDIUMCVSS 5.5EG 5.52026-05-08
In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1780: fix PM runtime leak on error path Move pm_runtime_put_autosuspend() before the error check to ensure the PM runtime reference count is always decreme…
- CVE-2026-43371MEDIUMCVSS 5.5EG 5.52026-05-08
In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time to recover…
- CVE-2026-43373HIGHCVSS 7.5EG 7.52026-05-08
In the Linux kernel, the following vulnerability has been resolved: net: ncsi: fix skb leak in error paths Early return paths in NCSI RX and AEN handlers fail to release the received skb, resulting in a memory leak. Specifically, ncsi_a…
- CVE-2026-43375MEDIUMCVSS 5.5EG 5.52026-05-08
In the Linux kernel, the following vulnerability has been resolved: net: mctp: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and the…
- CVE-2026-43393MEDIUMCVSS 5.5EG 5.52026-05-08
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix chunk map leak in btrfs_map_block() after btrfs_chunk_map_num_copies() Fix a chunk map leak in btrfs_map_block(): if we return early with -EINVAL, we're not f…
- CVE-2026-43394MEDIUMCVSS 5.5EG 5.52026-05-08
In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit(). nfsd_nl_listener_set_doit() uses get_current_cred() without put_cred(). As we can see from other callers, svc_xp…
- CVE-2026-43396MEDIUMCVSS 5.5EG 5.52026-05-08
In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Fix user fence leak on alloc failure When dma_fence_chain_alloc() fails, properly release the user fence reference to prevent a memory leak. (cherry picked…
- CVE-2026-43397MEDIUMCVSS 5.5EG 5.52026-05-08
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: samsung-dsim: Fix memory leak in error path In samsung_dsim_host_attach(), drm_bridge_add() is called to add the bridge. However, if samsung_dsim_register_te…
Map vulnerabilities like CWE-401 to your infrastructure
EchelonGraph correlates every CVE — across CWE-401 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →