CWE-401— Missing Release of Memory after Effective Lifetime (Memory Leak)
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.— MITRE CWE catalog
1,801 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-401page 35 of 37
- CVE-2026-43419MEDIUMCVSS 5.5EG 5.52026-05-08
In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leaks in ceph_mdsc_build_path() Add __putname() calls to error code paths that did not free the "path" pointer obtained by __getname(). If ownership of…
- CVE-2026-43432MEDIUMCVSS 5.5EG 5.52026-05-08
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix memory leak in xhci_disable_slot() xhci_alloc_command() allocates a command structure and, when the second argument is true, also allocates a completion s…
- CVE-2026-43445MEDIUMCVSS 5.5EG 5.52026-05-08
In the Linux kernel, the following vulnerability has been resolved: e1000/e1000e: Fix leak in DMA error cleanup If an error is encountered while mapping TX buffers, the driver should unmap any buffers already mapped for that skb. Becaus…
- CVE-2026-43451MEDIUMCVSS 5.5EG 5.52026-05-08
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path nfqnl_recv_verdict() calls find_dequeue_entry() to remove the queue entry from the queue data str…
- CVE-2026-43457MEDIUMCVSS 5.5EG 5.52026-05-08
In the Linux kernel, the following vulnerability has been resolved: mctp: i2c: fix skb memory leak in receive path When 'midev->allow_rx' is false, the newly allocated skb isn't consumed by netif_rx(), it needs to free the skb directly.
- CVE-2026-43506MEDIUMCVSS 5.3EG 5.32026-05-01
An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by memory leaks from unauthenticated connections.
- CVE-2026-44660HIGHCVSS 7.5EG 7.52026-05-27
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump() writes to a file-like object and the write operation raises an exception, the serialized JSON string object is…
- CVE-2026-45682MEDIUMCVSS 5.5EG 5.52026-05-18
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-o…
- CVE-2026-45863MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: i3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers() The dw_i3c_master_i2c_xfers() function allocates memory for the xfer structure using dw_i3c_master_alloc_xfer(). If…
- CVE-2026-45870MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths The gssx_dec_ctx(), gssx_dec_status(), and gssx_dec_name() functions allocate memory via gssx_dec_buffer()…
- CVE-2026-45872MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() pqi_report_phys_luns() fails to release the rpl_list buffer when encountering an unsupported data format or whe…
- CVE-2026-45875MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure The wm5102_clear_write_sequencer() helper may return an error and just return, bypass…
- CVE-2026-45881MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() In svs_enable_debug_write(), the buf allocated by memdup_user_nul() is leaked if kstrtoint() fails. Fix …
- CVE-2026-45883MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: iio: sca3000: Fix a resource leak in sca3000_probe() spi->irq from request_threaded_irq() not released when iio_device_register() fails. Add an return value check and ju…
- CVE-2026-45887MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix memleak of newsk in unix_stream_connect(). When prepare_peercred() fails in unix_stream_connect(), unix_release_sock() is not called for newsk, and the memo…
- CVE-2026-45888MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: md/raid1: fix memory leak in raid1_run() raid1_run() calls setup_conf() which registers a thread via md_register_thread(). If raid1_set_limits() fails, the previously re…
- CVE-2026-45900MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix netdev memory leak in dpaa2_caam_probe When commit 0e1a4d427f58 ("crypto: caam: Unembed net_dev structure in dpaa2") converted embedded net_device to …
- CVE-2026-45908MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix memory leak in amdxdna_ubuf_map The amdxdna_ubuf_map() function allocates memory for sg and internal sg table structures, but it fails to free them if…
- CVE-2026-45921MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() The function mtd_parser_tplink_safeloader_parse() allocates buf via mtd_parser_tplink_safeloader_re…
- CVE-2026-45922MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix memory leak in GET_DATA_DIRECT_SYSFS_PATH handler The UVERBS_HANDLER(MLX5_IB_METHOD_GET_DATA_DIRECT_SYSFS_PATH) function allocates memory for the device p…
- CVE-2026-45926MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: rust: pwm: Fix potential memory leak on init error When initializing a PWM chip using pwmchip_alloc(), the allocated device owns an initial reference that must be releas…
- CVE-2026-45928MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix memory leak on codec_info allocation failure In wave5_vpu_open_enc() and wave5_vpu_open_dec(), a vpu instance is allocated via kzalloc(). …
- CVE-2026-45939MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: gpib: Fix memory leak in ni_usb_init() In ni_usb_init(), if ni_usb_setup_init() fails, the function returns -EFAULT without freeing the allocated writes buffer, leading …
- CVE-2026-45941MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure get_burstcount() can return -EBUSY on timeout. When this happens, the function returns directly with…
- CVE-2026-45947MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() In amdgpu_acpi_enumerate_xcc(), if amdgpu_acpi_dev_init() returns -ENOMEM, the function returns directly witho…
- CVE-2026-45948MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4_ext_shift_extents() In ext4_ext_shift_extents(), if the extent is NULL in the while loop, the function returns immediately without releasin…
- CVE-2026-45950MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() The starfive_aes_aead_do_one_req() function allocates rctx->adata with kzalloc() but fails to free i…
- CVE-2026-45954MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() In au1200fb_drv_probe(), when platform_get_irq fails(), it directly returns from the function with an error co…
- CVE-2026-45961MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: gfs2: fix memory leaks in gfs2_fill_super error path Fix two memory leaks in the gfs2_fill_super() error handling path when transitioning a filesystem to read-write mode…
- CVE-2026-45964MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path Commit 5940d1cf9f42 ("SUNRPC: Rebalance a kref in auth_gss.c") added a kref_get(&gss_auth->kref) call to balan…
- CVE-2026-45976MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in amdgpu_ras_init() When amdgpu_nbio_ras_sw_init() fails in amdgpu_ras_init(), the function returns directly without freeing the allocated c…
- CVE-2026-45981MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: s390/cio: Fix device lifecycle handling in css_alloc_subchannel() `css_alloc_subchannel()` calls `device_initialize()` before setting up the DMA masks. If `dma_set_coher…
- CVE-2026-45986MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - fix a memory leak in cc_mac_digest() Add cc_unmap_result() if cc_map_hash_request_final() fails to prevent potential memory leak.
- CVE-2026-46005MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: xfs: fix a resource leak in xfs_alloc_buftarg() In the error path, call fs_put_dax() to drop the DAX device reference.
- CVE-2026-46012MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix memory leaks in rxkad_verify_response() Fix rxkad_verify_response() to free the ticket and the server key under all circumstances by initialising the ticket p…
- CVE-2026-46019MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup atmel_aes_buff_init() allocates 4 pages using __get_free_pages() with ATMEL_AES_BUFFER_ORDER, but at…
- CVE-2026-46021MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone governor cleanup issues If thermal_zone_device_register_with_trips() fails after adding a thermal governor to the thermal zone being regi…
- CVE-2026-46030MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device_node leak in mc_probe() of_parse_phandle() returns a device_node reference that must be released with of_node_put(). The original code never f…
- CVE-2026-46038MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Free the node during ctrl_cmd_bye() A node sends the BYE packet when it is about to go down. So the nameserver should advertise the removal of the node to…
- CVE-2026-46042MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leaks in weighted_interleave_auto_store() weighted_interleave_auto_store() fetches old_wi_state inside the if (!input) block only. This causes …
- CVE-2026-46065HIGHCVSS 7.8EG 7.82026-05-27
In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info Hold state of deferred I/O in struct fb_deferred_io_state. Allocate an instance as part of init…
- CVE-2026-46074MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect …
- CVE-2026-46083MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: spi: fix resource leaks on device setup failure Make sure to call controller cleanup() if spi_setup() fails while registering a device to avoid leaking any resources all…
- CVE-2026-46087MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: fix memory leak on damon_start() failure in damon_stat_start() Destroy the DAMON context and reset the global pointer when damon_start() fails. Otherwise…
- CVE-2026-46102HIGHCVSS 7.5EG 7.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skb_head leak in strp_abort_strp() When the stream parser is aborted, for example after a message assembly timeout, it can still hold a reference to …
- CVE-2026-46103MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent US…
- CVE-2026-46109MEDIUMCVSS 5.5EG 5.52026-05-28
In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: fix memory leak on ulpi_register() error paths Commit 01af542392b5 ("usb: ulpi: fix double free in ulpi_register_interface() error path") removed kfree(ulpi) …
- CVE-2026-46141MEDIUMCVSS 5.5EG 5.52026-05-28
In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: fix kmemleak caused by incorrect chip_data lookup The kmemleak reports the following memory leak: Unreferenced object 0xc0000002a7fbc640 (size 64): comm…
- CVE-2026-46143MEDIUMCVSS 5.5EG 5.52026-05-28
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens As prepare can be called mulitple times, this can result in multiple graph opens for playback path. This will resu…
- CVE-2026-46147CVSS 0.0EG 5.52026-05-28
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu() Two bugs exist in the vCPU initialisation path: 1. If a check fails after hyp_pin_shared_mem() s…
Map vulnerabilities like CWE-401 to your infrastructure
EchelonGraph correlates every CVE — across CWE-401 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →