Common Weakness Enumeration

CWE-415

Allowed

Double Free

Abstraction: Variant · Status: Draft

The product calls free() twice on the same memory address.

965 vulnerabilities reference this CWE, most recent first.

GHSA-WW73-QP64-XM6Q

Vulnerability from github – Published: 2024-01-12 03:30 – Updated: 2024-01-12 03:30
VLAI
Details

A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).

In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed.

This issue affects Juniper Networks Junos OS on SRX Series:

  • All versions earlier than 20.4R3-S8;
  • 21.2 versions earlier than 21.2R3-S6;
  • 21.3 versions earlier than 21.3R3-S5;
  • 21.4 versions earlier than 21.4R3-S5;
  • 22.1 versions earlier than 22.1R3-S3;
  • 22.2 versions earlier than 22.2R3-S3;
  • 22.3 versions earlier than 22.3R3-S1;
  • 22.4 versions earlier than 22.4R2-S2, 22.4R3.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21606"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-12T01:15:48Z",
    "severity": "HIGH"
  },
  "details": "\nA Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIn a remote access VPN scenario, if a \"tcp-encap-profile\" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed.\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n  *  All versions earlier than 20.4R3-S8;\n  *  21.2 versions earlier than 21.2R3-S6;\n  *  21.3 versions earlier than 21.3R3-S5;\n  *  21.4 versions earlier than 21.4R3-S5;\n  *  22.1 versions earlier than 22.1R3-S3;\n  *  22.2 versions earlier than 22.2R3-S3;\n  *  22.3 versions earlier than 22.3R3-S1;\n  *  22.4 versions earlier than 22.4R2-S2, 22.4R3.\n\n\n\n\n\n\n",
  "id": "GHSA-ww73-qp64-xm6q",
  "modified": "2024-01-12T03:30:48Z",
  "published": "2024-01-12T03:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21606"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA75747"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WXRR-6R77-MPJF

Vulnerability from github – Published: 2024-10-21 15:32 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

firmware: arm_scmi: Fix double free in OPTEE transport

Channels can be shared between protocols, avoid freeing the same channel descriptors twice when unloading the stack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49853"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T13:15:06Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix double free in OPTEE transport\n\nChannels can be shared between protocols, avoid freeing the same channel\ndescriptors twice when unloading the stack.",
  "id": "GHSA-wxrr-6r77-mpjf",
  "modified": "2025-11-04T00:31:39Z",
  "published": "2024-10-21T15:32:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49853"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6699567b0bbb378600a4dc0a1f929439a4e84a2c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aef6ae124bb3cc12e34430fed91fbb7efd7a444d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d7f4fc2bc101e666da649605a9ece2bd42529c7a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dc9543a4f2a5498a4a12d6d2427492a6f1a28056"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e98dba934b2fc587eafb83f47ad64d9053b18ae0"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X2QR-244G-56Q9

Vulnerability from github – Published: 2024-03-12 18:31 – Updated: 2024-03-12 18:31
VLAI
Details

Windows USB Print Driver Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21445"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-12T17:15:54Z",
    "severity": "HIGH"
  },
  "details": "Windows USB Print Driver Elevation of Privilege Vulnerability",
  "id": "GHSA-x2qr-244g-56q9",
  "modified": "2024-03-12T18:31:13Z",
  "published": "2024-03-12T18:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21445"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21445"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X2QR-83FP-75QC

Vulnerability from github – Published: 2022-05-14 03:21 – Updated: 2022-05-14 03:21
VLAI
Details

The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29 has a double free vulnerability. An attacker can trick a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause system reboot.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7899"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-19T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29 has a double free vulnerability. An attacker can trick a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause system reboot.",
  "id": "GHSA-x2qr-83fp-75qc",
  "modified": "2022-05-14T03:21:42Z",
  "published": "2022-05-14T03:21:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7899"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-smartphone"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X2W5-7P4R-GXPQ

Vulnerability from github – Published: 2023-03-17 09:30 – Updated: 2023-03-23 18:30
VLAI
Details

A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gf_av1_reset_state of the file media_tools/av_parsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223294 is the identifier assigned to this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1449"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-17T07:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gf_av1_reset_state of the file media_tools/av_parsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223294 is the identifier assigned to this vulnerability.",
  "id": "GHSA-x2w5-7p4r-gxpq",
  "modified": "2023-03-23T18:30:20Z",
  "published": "2023-03-17T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1449"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/2387"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xxy1126/Vuln/blob/main/gpac/2"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.223294"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.223294"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5411"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X33H-VMCC-QX88

Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2023-03-03 18:30
VLAI
Details

Double Free in VLC versions <= 3.0.6 leads to a crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-5460"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-30T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Double Free in VLC versions \u003c= 3.0.6 leads to a crash.",
  "id": "GHSA-x33h-vmcc-qx88",
  "modified": "2023-03-03T18:30:25Z",
  "published": "2022-05-24T16:51:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5460"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/503208"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X34J-QCQJ-W3PM

Vulnerability from github – Published: 2026-05-01 15:30 – Updated: 2026-05-08 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: ulpi: fix double free in ulpi_register_interface() error path

When device_register() fails, ulpi_register() calls put_device() on ulpi->dev.

The device release callback ulpi_dev_release() drops the OF node reference and frees ulpi, but the current error path in ulpi_register_interface() then calls kfree(ulpi) again, causing a double free.

Let put_device() handle the cleanup through ulpi_dev_release() and avoid freeing ulpi again in ulpi_register_interface().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31759"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-01T15:16:38Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: ulpi: fix double free in ulpi_register_interface() error path\n\nWhen device_register() fails, ulpi_register() calls put_device() on\nulpi-\u003edev.\n\nThe device release callback ulpi_dev_release() drops the OF node\nreference and frees ulpi, but the current error path in\nulpi_register_interface() then calls kfree(ulpi) again, causing a\ndouble free.\n\nLet put_device() handle the cleanup through ulpi_dev_release() and\navoid freeing ulpi again in ulpi_register_interface().",
  "id": "GHSA-x34j-qcqj-w3pm",
  "modified": "2026-05-08T18:31:26Z",
  "published": "2026-05-01T15:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31759"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/01af542392b5d41fd659d487015a71f627accce3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/272a9b26c336a295e4e209157fed809706c1b1f7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2f70ba9dae13a190673cc3f9b4aad52179738f60"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/38c28fe25611099230f0965c925499bfcf46a795"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8763f8317bb389aded32a32b08f6751cfff657d2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a6e5461f076c2ef63159f18e5cdbd30b50f0bc15"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aaeae6533d77e6ed4def85baec01e2815ebbef61"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ee248e6e941e4f2e634df2bd43e5f1ef810ab6df"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X35G-752C-R3XH

Vulnerability from github – Published: 2024-07-29 18:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ata: libata-core: Fix double free on error

If e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump to the err_out label, which will call devres_release_group(). devres_release_group() will trigger a call to ata_host_release(). ata_host_release() calls kfree(host), so executing the kfree(host) in ata_host_alloc() will lead to a double free:

kernel BUG at mm/slub.c:553! Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 11 PID: 599 Comm: (udev-worker) Not tainted 6.10.0-rc5 #47 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014 RIP: 0010:kfree+0x2cf/0x2f0 Code: 5d 41 5e 41 5f 5d e9 80 d6 ff ff 4d 89 f1 41 b8 01 00 00 00 48 89 d9 48 89 da RSP: 0018:ffffc90000f377f0 EFLAGS: 00010246 RAX: ffff888112b1f2c0 RBX: ffff888112b1f2c0 RCX: ffff888112b1f320 RDX: 000000000000400b RSI: ffffffffc02c9de5 RDI: ffff888112b1f2c0 RBP: ffffc90000f37830 R08: 0000000000000000 R09: 0000000000000000 R10: ffffc90000f37610 R11: 617461203a736b6e R12: ffffea00044ac780 R13: ffff888100046400 R14: ffffffffc02c9de5 R15: 0000000000000006 FS: 00007f2f1cabe980(0000) GS:ffff88813b380000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2f1c3acf75 CR3: 0000000111724000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: ? __die_body.cold+0x19/0x27 ? die+0x2e/0x50 ? do_trap+0xca/0x110 ? do_error_trap+0x6a/0x90 ? kfree+0x2cf/0x2f0 ? exc_invalid_op+0x50/0x70 ? kfree+0x2cf/0x2f0 ? asm_exc_invalid_op+0x1a/0x20 ? ata_host_alloc+0xf5/0x120 [libata] ? ata_host_alloc+0xf5/0x120 [libata] ? kfree+0x2cf/0x2f0 ata_host_alloc+0xf5/0x120 [libata] ata_host_alloc_pinfo+0x14/0xa0 [libata] ahci_init_one+0x6c9/0xd20 [ahci]

Ensure that we will not call kfree(host) twice, by performing the kfree() only if the devres_open_group() call failed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41087"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-29T16:15:04Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-core: Fix double free on error\n\nIf e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump\nto the err_out label, which will call devres_release_group().\ndevres_release_group() will trigger a call to ata_host_release().\nata_host_release() calls kfree(host), so executing the kfree(host) in\nata_host_alloc() will lead to a double free:\n\nkernel BUG at mm/slub.c:553!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 11 PID: 599 Comm: (udev-worker) Not tainted 6.10.0-rc5 #47\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:kfree+0x2cf/0x2f0\nCode: 5d 41 5e 41 5f 5d e9 80 d6 ff ff 4d 89 f1 41 b8 01 00 00 00 48 89 d9 48 89 da\nRSP: 0018:ffffc90000f377f0 EFLAGS: 00010246\nRAX: ffff888112b1f2c0 RBX: ffff888112b1f2c0 RCX: ffff888112b1f320\nRDX: 000000000000400b RSI: ffffffffc02c9de5 RDI: ffff888112b1f2c0\nRBP: ffffc90000f37830 R08: 0000000000000000 R09: 0000000000000000\nR10: ffffc90000f37610 R11: 617461203a736b6e R12: ffffea00044ac780\nR13: ffff888100046400 R14: ffffffffc02c9de5 R15: 0000000000000006\nFS:  00007f2f1cabe980(0000) GS:ffff88813b380000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f2f1c3acf75 CR3: 0000000111724000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0xca/0x110\n ? do_error_trap+0x6a/0x90\n ? kfree+0x2cf/0x2f0\n ? exc_invalid_op+0x50/0x70\n ? kfree+0x2cf/0x2f0\n ? asm_exc_invalid_op+0x1a/0x20\n ? ata_host_alloc+0xf5/0x120 [libata]\n ? ata_host_alloc+0xf5/0x120 [libata]\n ? kfree+0x2cf/0x2f0\n ata_host_alloc+0xf5/0x120 [libata]\n ata_host_alloc_pinfo+0x14/0xa0 [libata]\n ahci_init_one+0x6c9/0xd20 [ahci]\n\nEnsure that we will not call kfree(host) twice, by performing the kfree()\nonly if the devres_open_group() call failed.",
  "id": "GHSA-x35g-752c-r3xh",
  "modified": "2025-11-04T00:31:03Z",
  "published": "2024-07-29T18:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41087"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/010de9acbea58fbcbda08e3793d6262086a493fe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/062e256516d7db5e7dcdef117f52025cd5c456e3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/290073b2b557e4dc21ee74a1e403d9ae79e393a2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/56f1c7e290cd6c69c948fcd2e2a49e6a637ec38f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5dde5f8b790274723640d29a07c5a97d57d62047"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/702c1edbafb2e6f9d20f6d391273b5be09d366a5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8106da4d88bbaed809e023cc8014b766223d6e76"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ab9e0c529eb7cafebdd31fe1644524e80a48b05d"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X36Q-999R-CW3G

Vulnerability from github – Published: 2026-01-06 03:31 – Updated: 2026-01-06 21:30
VLAI
Details

In seninf, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10251210; Issue ID: MSV-4926.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20801"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-06T02:15:44Z",
    "severity": "HIGH"
  },
  "details": "In seninf, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10251210; Issue ID: MSV-4926.",
  "id": "GHSA-x36q-999r-cw3g",
  "modified": "2026-01-06T21:30:34Z",
  "published": "2026-01-06T03:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20801"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/January-2026"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X3V2-FGR6-3WMM

Vulnerability from github – Published: 2021-08-25 20:53 – Updated: 2021-08-19 18:40
VLAI
Summary
Double free in fil-ocl
Details

An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From can lead to a double free.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "fil-ocl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-25908"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T18:40:57Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From\u003cEventList\u003e can lead to a double free.",
  "id": "GHSA-x3v2-fgr6-3wmm",
  "modified": "2021-08-19T18:40:57Z",
  "published": "2021-08-25T20:53:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25908"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cogciprocate/ocl/issues/194"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/filecoin-project/fil-ocl"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2021-0011.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Double free in fil-ocl"
}

Mitigation
Architecture and Design

Choose a language that provides automatic memory management.

Mitigation
Implementation

Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.

Mitigation
Implementation

Use a static analysis tool to find double free instances.

No CAPEC attack patterns related to this CWE.