memory leak

CVE-2026-23339 is a small-looking Linux kernel bug with the kind of lifecycle mistake that kernel engineers never ignore: nci_transceive() takes ownership of an skb, then returns early on several error paths without freeing it. The result is a memory leak on the -EPROTO, -EINVAL, and -EBUSY...

A recently assigned CVE, CVE-2026-22979, fixes a subtle but operationally meaningful memory-leak in the Linux network stack where skb_segment_list() mishandles socket memory accounting for GRO-aggregated packets, a bug that can leave per-socket memory counters non-zero and prevent sockets from...

A small, targeted memory leak in the YASM assembler has emerged as a quietly dangerous availability problem: CVE-2023-51258 identifies a leak in the new_Token routine of the NASM preprocessor module that can be triggered by local users and, when exploited repeatedly, can exhaust memory and deny...

A newly disclosed kernel flaw, tracked as CVE-2025-38258, allows an attacker with local write access to a DAMON sysfs control to repeatedly leak kernel memory by overwriting a filter’s cgroup path without freeing the previous buffer — a straightforward memory‑leak bug that has been fixed...

The Linux kernel’s ICE driver contains a subtle but consequential memory-management bug that can quietly erode system availability: during certain reset-driven reconfiguration paths the driver double‑allocates accelerated Receive Flow Steering (aRFS) data structures without freeing previously...

A small, surgical change in the Linux kernel’s Distributed Switch Architecture (DSA) driver tree — a single added call to free a PHY device reference — has been cataloged as CVE-2024-44971 and carries an outsized operational meaning for network hosts that use the Broadcom Starfighter‑2 (bcm_sf2)...

The glibc library’s getaddrinfo implementation suffered a subtle — but operationally important — regression in late 2023 that introduced a memory leak capable of producing denial‑of‑service conditions in networked services: CVE‑2023‑5156 is a memory‑leak bug in getaddrinfo.c, introduced as a...

A recently assigned Linux-kernel CVE — CVE-2025-37982 — tracks a memory‑leak bug in the Texas Instruments wl1251 Wi‑Fi driver (the kernel file drivers/net/wireless/ti/wl1251/tx.c). The defect causes a socket buffer (skb) dequeued from the driver's transmit queue to be lost when the driver's...

The Linux kernel vulnerability tracked as CVE‑2025‑68289 — described as "usb: gadget: f_eem: Fix memory leak in eem_unwrap" — closes a small but operationally important resource‑management hole in the USB gadget Ethernet Emulation Model (f_eem) function by hardening the error path for...

A narrowly scoped but operationally important memory leak in the Linux kernel SMB client has been assigned CVE-2025-68295 and fixed upstream — the bug causes leaked kernel memory when a multiuser CIFS mount is used with a domain= option together with cifscreds, and operators should prioritize...

A kernel-level fix landed this week to close a subtle eBPF map bug that could make kernel-held objects persist longer than intended: CVE-2025-68744 patches a missing cleanup in the BPF percpu hash and LRU-percpu hash update path so that special fields (notably kptr reference/per-CPU pointer...

Delivery Optimization — the Windows subsystem that quietly shares update chunks between PCs — has been linked to a wave of memory‑consumption complaints on Windows 11 24H2 and 25H2 after December servicing, producing steady RAM growth in DoSvc (Delivery Optimization service) hosts, severe...

A small, surgical change to the Linux kernel’s MSCC PHY PTP code closes a subtle but operationally important memory leak that could quietly consume kernel memory on systems that use one‑step hardware timestamping. The fix—recorded as CVE‑2025‑38148—ensures that frames for which the NIC hardware...

Windows 11’s built‑in update‑sharing engine, Delivery Optimization (service name DoSvc), is being blamed for steady RAM growth on many machines running 24H2 and 25H2 — a symptom that looks and behaves like a memory leak and that has left some 8 GB and 16 GB systems sluggish or unusable unless...

A subtle memory-management bug in the Nouveau DRM driver's firmware code has been assigned CVE-2025-68235 and patched upstream after a contributor added a missing kfree that prevents a persistent kmemleak warning by correctly freeing nvkm_falcon_fw::boot during teardown. Background The Linux...

A small but important memory-management bug in the Linux kernel’s CIFS/SMB client was assigned CVE-2025-68219 and fixed upstream: the patch closes a leak in the error path of smb3_fs_context_parse_param by ensuring allocated source strings are freed and pointers nulled on all failure paths...

HDF5 users and maintainers should treat a newly disclosed flaw — CVE-2025-7068 — as a real but limited operational risk: a memory‑leak in the HDF5 metadata/cache code that affects HDF5 1.14.6 and can be triggered by local operations that exercise the library’s metadata discard paths. Background...

A recently published Linux kernel vulnerability, tracked as CVE-2023-53367, fixes a memory leak in the Habana Labs accelerator driver (drivers/accel/habanalabs) that can be triggered during the driver’s management of user mappings when contexts are opened and hard resets occur. The issue does...

A small but real Linux-kernel vulnerability, tracked as CVE‑2023‑53410, fixes a memory leak in the USB ULPI driver where a missed dput after a debugfs_lookup call could let kernel memory accumulate over time — the practical impact is availability (resource exhaustion) rather than privilege...

The HP OMEN 25L GT15 listing that’s circulating on marketplace pages promises a high‑end, turnkey gaming desktop built around a 14th‑Gen Intel Core i7 and NVIDIA’s mid‑range Blackwell GPU — but the headline specs and the listing source require careful verification before anyone types a credit...