VYPR

CWE-401

Missing Release of Memory after Effective Lifetime

VariantDraftLikelihood: Medium

Description

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (327)

page 13 of 17
  • CVE-2025-71188MedJan 31, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: dmaengine: lpc18xx-dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation. Note that holding a reference to a…

  • CVE-2025-71186MedJan 31, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation. Note that holding a reference to a…

  • CVE-2025-71185MedJan 31, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation Make sure to drop the reference taken when looking up the crossbar platform device during am335x route allocation.

  • CVE-2023-53511MedOct 1, 2025
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: io_uring: fix fget leak when fs don't support nowait buffered read Heming reported a BUG when using io_uring doing link-cp on ocfs2. [1] Do the following steps can reproduce this BUG: mount -t ocfs2 /dev/vdc…

  • CVE-2023-53424MedSep 18, 2025
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: fix of_iomap memory leak Smatch reports: drivers/clk/mediatek/clk-mtk.c:583 mtk_clk_simple_probe() warn: 'base' from of_iomap() not released on lines: 496. This problem was also found in…

  • CVE-2025-37980MedMay 20, 2025
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is successful but the function later encounters an error, we need to clean up the…

  • CVE-2022-49135MedFeb 26, 2025
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix memory leak [why] Resource release is needed on the error handling path to prevent memory leak. [how] Fix this by adding kfree on the error handling path.

  • CVE-2024-41006MedJul 12, 2024
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: netrom: Fix a memory leak in nr_heartbeat_expiry() syzbot reported a memory leak in nr_create() [0]. Commit 409db27e3a2e ("netrom: Fix use-after-free of a listening socket.") added sock_hold() to the…

  • CVE-2024-40942MedJul 12, 2024
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects The hwmp code use objects of type mesh_preq_queue, added to a list in ieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath gets…

  • CVE-2024-40934MedJul 12, 2024
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Fix a memory leak on logi_dj_recv_send_report() error path.

  • CVE-2024-39493MedJul 10, 2024
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Using completion_done to determine whether the caller has gone away only works after a complete call. Furthermore it's still possible that the caller has not…

  • CVE-2024-39489MedJul 10, 2024
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6_hmac_init_algo seg6_hmac_init_algo returns without cleaning up the previous allocations if one fails, so it's going to leak all that memory and the crypto tfms. Update…

  • CVE-2026-20021MedMar 4, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of…

  • CVE-2025-20135MedAug 14, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the DHCP client functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to exhaust available memory. This vulnerability is…

  • CVE-2024-7095MedJan 10, 2025
    risk 0.28cvss 4.3epss 0.00

    On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing…

  • CVE-2024-3653MedJul 8, 2024
    risk 0.28cvss 5.3epss 0.02

    A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites…

  • CVE-2026-21714MedMar 30, 2026
    risk 0.27cvss 5.3epss 0.00

    A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never…

  • CVE-2024-42477MedAug 12, 2024
    risk 0.27cvss 5.3epss 0.00

    llama.cpp provides LLM inference in C/C++. The unsafe `type` member in the `rpc_tensor` structure can cause `global-buffer-overflow`. This vulnerability may lead to memory data leakage. The vulnerability is fixed in b3561.

  • CVE-2026-53464MedJun 10, 2026
    risk 0.26cvss 4.0epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, when providing invalid options to the wand option parser a small memory leak will occur. This issue has been patched in version 7.1.2-25.

  • CVE-2026-45682MedJun 2, 2026
    risk 0.26cvss 5.1epss 0.00

    OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In…