CWE-591
Sensitive Data Storage in Improperly Locked Memory
Extended description
On Windows systems the VirtualLock function can lock a page of memory to ensure that it will remain present in memory and not be swapped to disk. However, on older versions of Windows, such as 95, 98, or Me, the VirtualLock() function is only a stub and provides no protection. On POSIX systems the mlock() call ensures that a page will stay resident in memory but does not guarantee that the page will not appear in the swap. Therefore, it is unsuitable for use as a protection mechanism for sensitive data. Some platforms, in particular Linux, do make the guarantee that the page will not be swapped, but this is non-standard and is not portable. Calls to mlock() also require supervisor privilege. Return values for both of these calls must be checked to ensure that the lock operation was actually successful.
Common consequences1
- ConfidentialityRead Application DataRead Memory
Sensitive data that is written to a swap file may be exposed.
Potential mitigations2
- Architecture and Design
Identify data that needs to be protected from swapping and choose platform-appropriate protection mechanisms.
- Implementation
Check return values to ensure locking operations are successful.
Relationships1
- ChildOfCWE-413
CVEs referencing this CWE77
| CVE | Description | Severity | EPSS | Flags | Modified |
|---|---|---|---|---|---|
| CVE-2023-36005 | Windows Telephony Server Elevation of Privilege Vulnerability | HIGH8.1 | 24%p98 | 2025-01-01 | |
| CVE-2023-28220 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | HIGH8.1 | 16%p97 | 2025-01-23 | |
| CVE-2023-28219 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | HIGH8.1 | 16%p97 | 2025-01-23 | |
| CVE-2025-30394 | Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. | MEDIUM5.9 | 15%p96 | 2026-02-13 | |
| CVE-2025-21309 | Windows Remote Desktop Services Remote Code Execution Vulnerability | HIGH8.1 | 14%p96 | 2026-06-09 | |
| CVE-2024-38106 | Windows Kernel Elevation of Privilege Vulnerability | HIGH7.0 | 6.34%p93 | KEV | 2025-10-28 |
| CVE-2023-38159 | Windows Graphics Component Elevation of Privilege Vulnerability | HIGH7.0 | 5.59%p92 | 2025-04-14 | |
| CVE-2023-28229 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | HIGH7.0 | 1.87%p77 | KEVPoC | 2025-10-28 |
| CVE-2025-21224 | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | HIGH8.1 | 1.84%p76 | 2026-06-09 | |
| CVE-2025-24035 | Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | HIGH8.1 | 1.74%p75 | PoC | 2026-02-13 |
| CVE-2024-49091 | Windows Domain Name Service Remote Code Execution Vulnerability | HIGH7.2 | 1.65%p73 | 2026-06-09 | |
| CVE-2025-27482 | Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | HIGH8.1 | 1.59%p72 | 2026-02-13 | |
| CVE-2025-26686 | Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | HIGH7.5 | 1.38%p68 | PoC | 2026-02-13 |
| CVE-2025-24045 | Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | HIGH8.1 | 1.35%p68 | 2026-02-13 | |
| CVE-2024-38264 | Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability | MEDIUM5.9 | 1.30%p67 | 2025-07-08 | |
| CVE-2024-49126 | Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability | HIGH8.1 | 1.25%p65 | 2026-06-09 | |
| CVE-2025-21294 | Microsoft Digest Authentication Remote Code Execution Vulnerability | HIGH8.1 | 1.17%p63 | 2026-06-09 | |
| CVE-2024-49108 | Windows Remote Desktop Services Remote Code Execution Vulnerability | HIGH8.1 | 1.17%p63 | 2026-06-09 | |
| CVE-2024-49106 | Windows Remote Desktop Services Remote Code Execution Vulnerability | HIGH8.1 | 1.17%p63 | 2026-06-09 | |
| CVE-2024-38131 | Clipboard Virtual Channel Extension Remote Code Execution Vulnerability | HIGH8.8 | 1.17%p63 | 2025-07-10 | |
| CVE-2024-38263 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | HIGH7.5 | 1.16%p63 | 2024-12-31 | |
| CVE-2024-49128 | Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | HIGH8.1 | 1.13%p62 | 2026-06-09 | |
| CVE-2025-26671 | Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | HIGH8.1 | 1.11%p62 | 2026-02-13 | |
| CVE-2023-21546 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | HIGH8.1 | 1.10%p61 | 2025-01-01 | |
| CVE-2024-38262 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | HIGH7.5 | 1.09%p61 | 2026-06-09 | |
| CVE-2024-49115 | Windows Remote Desktop Services Remote Code Execution Vulnerability | HIGH8.1 | 1.08%p61 | 2026-06-09 | |
| CVE-2023-21535 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | HIGH8.1 | 1.08%p61 | 2025-01-01 | |
| CVE-2023-21548 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | HIGH8.1 | 1.08%p61 | 2025-01-01 | |
| CVE-2024-49132 | Windows Remote Desktop Services Remote Code Execution Vulnerability | HIGH8.1 | 1.06%p60 | 2026-06-09 | |
| CVE-2024-49123 | Windows Remote Desktop Services Remote Code Execution Vulnerability | HIGH8.1 | 1.06%p60 | 2026-06-09 | |
| CVE-2025-27471 | Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network. | MEDIUM5.9 | 1.04%p60 | 2026-02-13 | |
| CVE-2023-28283 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | HIGH8.1 | 0.97%p57 | 2025-07-10 | |
| CVE-2023-28238 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | HIGH7.5 | 0.88%p54 | 2025-01-23 | |
| CVE-2023-21766 | Windows Overlay Filter Information Disclosure Vulnerability | MEDIUM4.7 | 0.87%p54 | PoC | 2025-01-01 |
| CVE-2023-28278 | Windows DNS Server Remote Code Execution Vulnerability | MEDIUM6.6 | 0.85%p53 | 2025-01-23 | |
| CVE-2023-28256 | Windows DNS Server Remote Code Execution Vulnerability | MEDIUM6.6 | 0.84%p53 | 2025-01-23 | |
| CVE-2023-28255 | Windows DNS Server Remote Code Execution Vulnerability | MEDIUM6.6 | 0.84%p53 | 2025-01-23 | |
| CVE-2023-35309 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | HIGH7.5 | 0.69%p48 | 2025-02-28 | |
| CVE-2025-27484 | Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network. | HIGH7.5 | 0.68%p48 | 2026-02-13 | |
| CVE-2024-20686 | Win32k Elevation of Privilege Vulnerability | HIGH7.8 | 0.67%p47 | 2025-05-03 | |
| CVE-2024-21446 | NTFS Elevation of Privilege Vulnerability | HIGH7.8 | 0.66%p47 | 2025-05-03 | |
| CVE-2023-35346 | Windows DNS Server Remote Code Execution Vulnerability | MEDIUM6.6 | 0.61%p44 | 2025-01-01 | |
| CVE-2023-35345 | Windows DNS Server Remote Code Execution Vulnerability | MEDIUM6.6 | 0.61%p44 | 2025-01-01 | |
| CVE-2023-35344 | Windows DNS Server Remote Code Execution Vulnerability | MEDIUM6.6 | 0.61%p44 | 2025-01-01 | |
| CVE-2024-43633 | Windows Hyper-V Denial of Service Vulnerability | MEDIUM6.5 | 0.57%p43 | 2025-07-08 | |
| CVE-2023-35310 | Windows DNS Server Remote Code Execution Vulnerability | MEDIUM6.6 | 0.57%p43 | 2025-01-01 | |
| CVE-2023-21739 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | HIGH7.0 | 0.56%p42 | PoC | 2025-01-01 |
| CVE-2023-36403 | Windows Kernel Elevation of Privilege Vulnerability | HIGH7.0 | 0.53%p41 | 2025-10-08 | |
| CVE-2024-43563 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | HIGH7.8 | 0.45%p36 | 2026-06-09 | |
| CVE-2023-24946 | Windows Backup Service Elevation of Privilege Vulnerability | HIGH7.8 | 0.44%p35 | 2025-07-10 | |
| CVE-2024-49095 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | HIGH7.0 | 0.43%p34 | 2026-06-09 | |
| CVE-2024-49097 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | HIGH7.0 | 0.43%p34 | 2026-06-09 | |
| CVE-2024-38137 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | HIGH7.0 | 0.43%p34 | 2025-07-10 | |
| CVE-2025-26648 | Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally. | HIGH7.8 | 0.42%p34 | 2026-02-13 | |
| CVE-2023-21771 | Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability | HIGH7.0 | 0.40%p31 | 2025-04-12 | |
| CVE-2024-26236 | Windows Update Stack Elevation of Privilege Vulnerability | HIGH7.0 | 0.39%p30 | 2025-05-03 | |
| CVE-2023-28224 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | HIGH7.1 | 0.39%p31 | 2025-01-23 | |
| CVE-2023-23414 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | HIGH7.1 | 0.39%p31 | 2025-01-01 | |
| CVE-2023-23407 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | HIGH7.1 | 0.39%p31 | 2025-01-01 | |
| CVE-2024-21405 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | HIGH7.0 | 0.38%p30 | 2025-05-03 | |
| CVE-2023-33163 | Windows Network Load Balancing Remote Code Execution Vulnerability | HIGH7.5 | 0.36%p28 | 2025-01-01 | |
| CVE-2024-26242 | Windows Telephony Server Elevation of Privilege Vulnerability | HIGH7.0 | 0.35%p26 | 2025-05-03 | |
| CVE-2023-24899 | Windows Graphics Component Elevation of Privilege Vulnerability | HIGH7.0 | 0.34%p26 | 2025-07-10 | |
| CVE-2025-48819 | Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network. | HIGH7.1 | 0.33%p24 | 2026-02-13 | |
| CVE-2025-27475 | Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally. | HIGH7.0 | 0.32%p24 | 2026-02-13 | |
| CVE-2024-21355 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | HIGH7.0 | 0.32%p24 | 2025-05-09 | |
| CVE-2025-27732 | Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | HIGH7.0 | 0.31%p23 | 2026-02-13 | |
| CVE-2023-35360 | Windows Kernel Elevation of Privilege Vulnerability | HIGH7.0 | 0.30%p21 | 2025-01-01 | |
| CVE-2025-26665 | Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally. | HIGH7.0 | 0.29%p21 | 2026-02-13 | |
| CVE-2023-28236 | Windows Kernel Elevation of Privilege Vulnerability | HIGH7.8 | 0.29%p20 | 2025-01-23 | |
| CVE-2023-35362 | Windows Clip Service Elevation of Privilege Vulnerability | HIGH7.8 | 0.28%p20 | 2025-01-01 | |
| CVE-2023-32010 | Windows Bus Filter Driver Elevation of Privilege Vulnerability | HIGH7.0 | 0.28%p20 | 2025-01-01 | |
| CVE-2023-35340 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | HIGH7.8 | 0.27%p18 | 2025-01-01 | |
| CVE-2023-28273 | Windows Clip Service Elevation of Privilege Vulnerability | HIGH7.0 | 0.25%p16 | 2025-01-23 | |
| CVE-2023-23393 | Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability | HIGH7.0 | 0.25%p16 | 2025-01-01 | |
| CVE-2025-11711 | There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. | MEDIUM6.5 | 0.21%p11 | 2026-04-13 | |
| CVE-2024-34525 | FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file. | MEDIUM5.3 | 0.15%p5 | 2025-11-25 |