Common Weakness Enumeration

CWE-415

Allowed

Double Free

Abstraction: Variant · Status: Draft

The product calls free() twice on the same memory address.

967 vulnerabilities reference this CWE, most recent first.

GHSA-G848-PPPP-VG6F

Vulnerability from github – Published: 2022-11-23 18:30 – Updated: 2025-04-28 21:30
VLAI
Details

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-40304"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415",
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-23T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.",
  "id": "GHSA-g848-pppp-vg6f",
  "modified": "2025-04-28T21:30:38Z",
  "published": "2022-11-23T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40304"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20221209-0003"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213531"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213533"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213534"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213535"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213536"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Dec/21"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Dec/24"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Dec/25"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Dec/26"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Dec/27"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G8HW-GXG5-V62G

Vulnerability from github – Published: 2024-06-13 18:31 – Updated: 2024-08-28 15:31
VLAI
Details

A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35325"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-13T17:15:50Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free.",
  "id": "GHSA-g8hw-gxg5-v62g",
  "modified": "2024-08-28T15:31:13Z",
  "published": "2024-06-13T18:31:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35325"
    },
    {
      "type": "WEB",
      "url": "https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/idhyt/pocs/tree/main/libyaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G925-Q6M2-GXVR

Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-05-24 19:01
VLAI
Details

Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1910"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-07T09:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
  "id": "GHSA-g925-q6m2-gxvr",
  "modified": "2022-05-24T19:01:48Z",
  "published": "2022-05-24T19:01:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1910"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-G934-MV7G-597H

Vulnerability from github – Published: 2025-10-07 18:31 – Updated: 2026-02-04 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix possible double unlock when moving a directory

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53626"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-07T16:15:45Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix possible double unlock when moving a directory",
  "id": "GHSA-g934-mv7g-597h",
  "modified": "2026-02-04T00:30:26Z",
  "published": "2025-10-07T18:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53626"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/020166bc6669ca9fb267ebd96bd88c4fb64a5d46"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1c93c42c7bb23057bde8a0a2ab834927ff64d20c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/43ce288ab5d7274a4a141d7f5e3ed2ab7b41f8a2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/70e42feab2e20618ddd0cbfc4ab4b08628236ecd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c16cbd8233d6c58fc488545393e49b5d55729990"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e71eb4dca41f0f36823724ced0406bb2dbdd5506"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G943-C7GQ-998H

Vulnerability from github – Published: 2025-07-10 09:32 – Updated: 2025-12-19 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

bus: fsl-mc: fix double-free on mc_dev

The blamed commit tried to simplify how the deallocations are done but, in the process, introduced a double-free on the mc_dev variable.

In case the MC device is a DPRC, a new mc_bus is allocated and the mc_dev variable is just a reference to one of its fields. In this circumstance, on the error path only the mc_bus should be freed.

This commit introduces back the following checkpatch warning which is a false-positive.

WARNING: kfree(NULL) is safe and this check is probably not required + if (mc_bus) + kfree(mc_bus);

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38313"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-10T08:15:30Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: fix double-free on mc_dev\n\nThe blamed commit tried to simplify how the deallocations are done but,\nin the process, introduced a double-free on the mc_dev variable.\n\nIn case the MC device is a DPRC, a new mc_bus is allocated and the\nmc_dev variable is just a reference to one of its fields. In this\ncircumstance, on the error path only the mc_bus should be freed.\n\nThis commit introduces back the following checkpatch warning which is a\nfalse-positive.\n\nWARNING: kfree(NULL) is safe and this check is probably not required\n+       if (mc_bus)\n+               kfree(mc_bus);",
  "id": "GHSA-g943-c7gq-998h",
  "modified": "2025-12-19T18:31:05Z",
  "published": "2025-07-10T09:32:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38313"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/12e4431e5078847791936820bd39df9e1ee26d2e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1d5baab39e5b09a76870b345cdee7933871b881f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3135e03a92f6b5259d0a7f25f728e9e7866ede3f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4b23c46eb2d88924b93aca647bde9a4b9cf62cf9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7002b954c4a8b9965ba0f139812ee4a6f71beac8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/873d47114fd5e5a1cad2018843671537cc71ac84"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b2057374f326303c86d8423415ab58656eebc695"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d694bf8a9acdbd061596f3e7549bc8cb70750a60"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G9CV-62XC-FJ2V

Vulnerability from github – Published: 2022-05-24 17:49 – Updated: 2022-05-24 17:49
VLAI
Details

There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious operation to cause the pointer double free. This may lead to module crash, compromising normal service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22332"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-28T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious operation to cause the pointer double free. This may lead to module crash, compromising normal service.",
  "id": "GHSA-g9cv-62xc-fj2v",
  "modified": "2022-05-24T17:49:04Z",
  "published": "2022-05-24T17:49:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22332"
    },
    {
      "type": "WEB",
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-doublefree-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-G9MR-VWVW-4VG9

Vulnerability from github – Published: 2022-05-17 02:42 – Updated: 2022-05-17 02:42
VLAI
Details

In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-9007"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-06T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.",
  "id": "GHSA-g9mr-vwvw-4vg9",
  "modified": "2022-05-17T02:42:21Z",
  "published": "2022-05-17T02:42:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9007"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-05-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98324"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GF42-J9G9-962C

Vulnerability from github – Published: 2024-05-01 06:31 – Updated: 2024-06-03 18:55
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix double free of the ha->vp_map pointer

Coverity scan reported potential risk of double free of the pointer ha->vp_map. ha->vp_map was freed in qla2x00_mem_alloc(), and again freed in function qla2x00_mem_free(ha).

Assign NULL to vp_map and kfree take care of NULL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26930"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-01T06:15:07Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix double free of the ha-\u003evp_map pointer\n\nCoverity scan reported potential risk of double free of the pointer\nha-\u003evp_map.  ha-\u003evp_map was freed in qla2x00_mem_alloc(), and again freed\nin function qla2x00_mem_free(ha).\n\nAssign NULL to vp_map and kfree take care of NULL.",
  "id": "GHSA-gf42-j9g9-962c",
  "modified": "2024-06-03T18:55:50Z",
  "published": "2024-05-01T06:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26930"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/825d63164a2e6bacb059a9afb5605425b485413f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b7deb675d674f44e0ddbab87fee8f9f098925e73"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e288285d47784fdcf7c81be56df7d65c6f10c58b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f14cee7a882cb79528f17a2335f53e9fd1848467"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GFCR-HR3X-V6R9

Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35
VLAI
Details

A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.34 in the process_symbol_table, as demonstrated in readelf, via a crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-16590"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-09T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.34 in the process_symbol_table, as demonstrated in readelf, via a crafted file.",
  "id": "GHSA-gfcr-hr3x-v6r9",
  "modified": "2022-05-24T17:35:30Z",
  "published": "2022-05-24T17:35:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16590"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210115-0003"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25821"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c98a4545dc7bf2bcaf1de539c4eb84784680eaa4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GJJR-QMJQ-GW5C

Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09
VLAI
Details

A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22425"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-03T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges.",
  "id": "GHSA-gjjr-qmjq-gw5c",
  "modified": "2022-05-24T19:09:48Z",
  "published": "2022-05-24T19:09:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22425"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/cn/docs/security/update/oem_security_update_phone_202106-0000001165452077"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design

Choose a language that provides automatic memory management.

Mitigation
Implementation

Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.

Mitigation
Implementation

Use a static analysis tool to find double free instances.

No CAPEC attack patterns related to this CWE.