memory leak

CVE-2026-46109 is a newly published Linux kernel vulnerability from kernel.org, added to NVD on May 28, 2026, that fixes a memory leak in the USB ULPI registration path when early error handling fails before device registration completes. The bug is not a headline-grabbing remote-code-execution...

CVE-2026-46019 is a Linux kernel vulnerability published by NVD on May 27, 2026, after kernel.org reported that the Atmel AES crypto driver leaked three of four allocated pages during buffer cleanup because it freed one page with the wrong allocator call. It is not, on the available evidence...

CVE-2026-46038 is a newly published Linux kernel vulnerability, received by NVD from kernel.org on May 27, 2026, involving a QRTR name-service memory leak when a node sends a BYE control packet and the kernel fails to free the departed node. It is not a flashy remote-code-execution bug, and NVD...

Linux kernel maintainers disclosed CVE-2026-46102 on May 27, 2026, after fixing a stream parser bug in which aborted message assembly could leave a partially built socket buffer referenced and repeatedly leak memory. The flaw is not a flashy remote-code-execution headline, and NVD had not yet...

CVE-2026-46012 is a Linux kernel vulnerability published by NVD on May 27, 2026, after kernel.org assigned a CVE to a memory-leak fix in the rxrpc authentication path, specifically the rxkad_verify_response() function used by the RxRPC subsystem. It is not yet scored by NVD, and the record is...

CVE-2026-31658: Linux Kernel Altera TSE Driver Memory Leak Fixed After DMA Mapping Failure Published: April 26, 2026 CVE: CVE-2026-31658 Component: Linux kernel networking driver, altera-tse Affected area: Altera Triple-Speed Ethernet transmit path Issue type: Memory leak / potential...

Microsoft has added CVE-2026-23403 to its Security Update Guide as an AppArmor flaw in the Linux kernel, describing it as a memory leak in verify_header. The headline matters because memory leaks in kernel-facing security code are rarely just housekeeping mistakes: they can create reliability...

CVE-2026-23339 is a small-looking Linux kernel bug with the kind of lifecycle mistake that kernel engineers never ignore: nci_transceive() takes ownership of an skb, then returns early on several error paths without freeing it. The result is a memory leak on the -EPROTO, -EINVAL, and -EBUSY...

A recently assigned CVE, CVE-2026-22979, fixes a subtle but operationally meaningful memory-leak in the Linux network stack where skb_segment_list() mishandles socket memory accounting for GRO-aggregated packets, a bug that can leave per-socket memory counters non-zero and prevent sockets from...

A small, targeted memory leak in the YASM assembler has emerged as a quietly dangerous availability problem: CVE-2023-51258 identifies a leak in the new_Token routine of the NASM preprocessor module that can be triggered by local users and, when exploited repeatedly, can exhaust memory and deny...

A newly disclosed kernel flaw, tracked as CVE-2025-38258, allows an attacker with local write access to a DAMON sysfs control to repeatedly leak kernel memory by overwriting a filter’s cgroup path without freeing the previous buffer — a straightforward memory‑leak bug that has been fixed...

The Linux kernel’s ICE driver contains a subtle but consequential memory-management bug that can quietly erode system availability: during certain reset-driven reconfiguration paths the driver double‑allocates accelerated Receive Flow Steering (aRFS) data structures without freeing previously...

A small, surgical change in the Linux kernel’s Distributed Switch Architecture (DSA) driver tree — a single added call to free a PHY device reference — has been cataloged as CVE-2024-44971 and carries an outsized operational meaning for network hosts that use the Broadcom Starfighter‑2 (bcm_sf2)...

The glibc library’s getaddrinfo implementation suffered a subtle — but operationally important — regression in late 2023 that introduced a memory leak capable of producing denial‑of‑service conditions in networked services: CVE‑2023‑5156 is a memory‑leak bug in getaddrinfo.c, introduced as a...

A recently assigned Linux-kernel CVE — CVE-2025-37982 — tracks a memory‑leak bug in the Texas Instruments wl1251 Wi‑Fi driver (the kernel file drivers/net/wireless/ti/wl1251/tx.c). The defect causes a socket buffer (skb) dequeued from the driver's transmit queue to be lost when the driver's...

The Linux kernel vulnerability tracked as CVE‑2025‑68289 — described as "usb: gadget: f_eem: Fix memory leak in eem_unwrap" — closes a small but operationally important resource‑management hole in the USB gadget Ethernet Emulation Model (f_eem) function by hardening the error path for...

A narrowly scoped but operationally important memory leak in the Linux kernel SMB client has been assigned CVE-2025-68295 and fixed upstream — the bug causes leaked kernel memory when a multiuser CIFS mount is used with a domain= option together with cifscreds, and operators should prioritize...

A kernel-level fix landed this week to close a subtle eBPF map bug that could make kernel-held objects persist longer than intended: CVE-2025-68744 patches a missing cleanup in the BPF percpu hash and LRU-percpu hash update path so that special fields (notably kptr reference/per-CPU pointer...

Delivery Optimization — the Windows subsystem that quietly shares update chunks between PCs — has been linked to a wave of memory‑consumption complaints on Windows 11 24H2 and 25H2 after December servicing, producing steady RAM growth in DoSvc (Delivery Optimization service) hosts, severe...

A small, surgical change to the Linux kernel’s MSCC PHY PTP code closes a subtle but operationally important memory leak that could quietly consume kernel memory on systems that use one‑step hardware timestamping. The fix—recorded as CVE‑2025‑38148—ensures that frames for which the NIC hardware...