CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-4HPX-4MPP-GQWV
Vulnerability from github – Published: 2023-01-11 00:30 – Updated: 2025-04-08 21:31A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial
{
"affected": [],
"aliases": [
"CVE-2022-4379"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-10T22:15:00Z",
"severity": "HIGH"
},
"details": "A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial",
"id": "GHSA-4hpx-4mpp-gqwv",
"modified": "2025-04-08T21:31:27Z",
"published": "2023-01-11T00:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4379"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeba12b26c79fc35e07e511f692a8907037d95da"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LECFVUHKIRBV5JJBE3KQCLGKNYJPBRCN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAVD6JIILAVSRHZ4VXSV3RAAGUXKVXZA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LECFVUHKIRBV5JJBE3KQCLGKNYJPBRCN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAVD6JIILAVSRHZ4VXSV3RAAGUXKVXZA"
},
{
"type": "WEB",
"url": "https://seclists.org/oss-sec/2022/q4/185"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230223-0004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4HQC-3J39-58MH
Vulnerability from github – Published: 2025-03-06 18:31 – Updated: 2025-03-06 18:31In the Linux kernel, the following vulnerability has been resolved:
bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing
There is a UAF report in the bpf_struct_ops when CONFIG_MODULES=n. In particular, the report is on tcp_congestion_ops that has a "struct module *owner" member.
For struct_ops that has a "struct module *owner" member, it can be extended either by the regular kernel module or by the bpf_struct_ops. bpf_try_module_get() will be used to do the refcounting and different refcount is done based on the owner pointer. When CONFIG_MODULES=n, the btf_id of the "struct module" is missing:
WARN: resolve_btfids: unresolved symbol module
Thus, the bpf_try_module_get() cannot do the correct refcounting.
Not all subsystem's struct_ops requires the "struct module *owner" member. e.g. the recent sched_ext_ops.
This patch is to disable bpf_struct_ops registration if the struct_ops has the "struct module *" member and the "struct module" btf_id is missing. The btf_type_is_fwd() helper is moved to the btf.h header file for this test.
This has happened since the beginning of bpf_struct_ops which has gone through many changes. The Fixes tag is set to a recent commit that this patch can apply cleanly. Considering CONFIG_MODULES=n is not common and the age of the issue, targeting for bpf-next also.
{
"affected": [],
"aliases": [
"CVE-2024-58060"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-06T16:15:52Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing\n\nThere is a UAF report in the bpf_struct_ops when CONFIG_MODULES=n.\nIn particular, the report is on tcp_congestion_ops that has\na \"struct module *owner\" member.\n\nFor struct_ops that has a \"struct module *owner\" member,\nit can be extended either by the regular kernel module or\nby the bpf_struct_ops. bpf_try_module_get() will be used\nto do the refcounting and different refcount is done\nbased on the owner pointer. When CONFIG_MODULES=n,\nthe btf_id of the \"struct module\" is missing:\n\nWARN: resolve_btfids: unresolved symbol module\n\nThus, the bpf_try_module_get() cannot do the correct refcounting.\n\nNot all subsystem\u0027s struct_ops requires the \"struct module *owner\" member.\ne.g. the recent sched_ext_ops.\n\nThis patch is to disable bpf_struct_ops registration if\nthe struct_ops has the \"struct module *\" member and the\n\"struct module\" btf_id is missing. The btf_type_is_fwd() helper\nis moved to the btf.h header file for this test.\n\nThis has happened since the beginning of bpf_struct_ops which has gone\nthrough many changes. The Fixes tag is set to a recent commit that this\npatch can apply cleanly. Considering CONFIG_MODULES=n is not\ncommon and the age of the issue, targeting for bpf-next also.",
"id": "GHSA-4hqc-3j39-58mh",
"modified": "2025-03-06T18:31:09Z",
"published": "2025-03-06T18:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58060"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2324fb4e92092837ee278fdd8d60c48ee1a619ce"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/96ea081ed52bf077cad6d00153b6fba68e510767"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b777b14c2a4a4e2322daf8e8ffd42d2b88831b17"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4HQM-7W7W-5W4R
Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2023-09-29 12:30vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.
{
"affected": [],
"aliases": [
"CVE-2019-17534"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-13T02:15:00Z",
"severity": "MODERATE"
},
"details": "vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.",
"id": "GHSA-4hqm-7w7w-5w4r",
"modified": "2023-09-29T12:30:16Z",
"published": "2022-05-24T16:58:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17534"
},
{
"type": "WEB",
"url": "https://github.com/libvips/libvips/commit/ce684dd008532ea0bf9d4a1d89bacb35f4a83f4d"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16796"
},
{
"type": "WEB",
"url": "https://github.com/libvips/libvips/compare/v8.8.1...v8.8.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4HRQ-5W6M-4FJ5
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2025-62553"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T18:16:00Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.",
"id": "GHSA-4hrq-5w6m-4fj5",
"modified": "2025-12-09T18:30:46Z",
"published": "2025-12-09T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62553"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62553"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4HRQ-JXXX-HJ3H
Vulnerability from github – Published: 2025-04-01 18:30 – Updated: 2026-02-06 18:30In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: cancel wiphy_work before freeing wiphy
A wiphy_work can be queued from the moment the wiphy is allocated and initialized (i.e. wiphy_new_nm). When a wiphy_work is queued, the rdev::wiphy_work is getting queued.
If wiphy_free is called before the rdev::wiphy_work had a chance to run, the wiphy memory will be freed, and then when it eventally gets to run it'll use invalid memory.
Fix this by canceling the work before freeing the wiphy.
{
"affected": [],
"aliases": [
"CVE-2025-21979"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-01T16:15:29Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: cancel wiphy_work before freeing wiphy\n\nA wiphy_work can be queued from the moment the wiphy is allocated and\ninitialized (i.e. wiphy_new_nm). When a wiphy_work is queued, the\nrdev::wiphy_work is getting queued.\n\nIf wiphy_free is called before the rdev::wiphy_work had a chance to run,\nthe wiphy memory will be freed, and then when it eventally gets to run\nit\u0027ll use invalid memory.\n\nFix this by canceling the work before freeing the wiphy.",
"id": "GHSA-4hrq-jxxx-hj3h",
"modified": "2026-02-06T18:30:26Z",
"published": "2025-04-01T18:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21979"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0272d4af7f92997541d8bbf4c51918b93ded6ee2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/72d520476a2fab6f3489e8388ab524985d6c4b90"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/75d262ad3c36d52852d764588fcd887f0fcd9138"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8930a3e1568cf534f86c8ed2def817c6d0528fc1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a5158d67bff06cb6fea31be39aeb319fd908ed8e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dea22de162058216a90f2706f0d0b36f0ff309fd"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4HVH-76HF-PJ59
Vulnerability from github – Published: 2025-04-23 18:30 – Updated: 2025-04-23 18:30Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23646.
{
"affected": [],
"aliases": [
"CVE-2025-1046"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-23T17:16:51Z",
"severity": "HIGH"
},
"details": "Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23646.",
"id": "GHSA-4hvh-76hf-pj59",
"modified": "2025-04-23T18:30:57Z",
"published": "2025-04-23T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1046"
},
{
"type": "WEB",
"url": "https://download.keyshot.com/cert/ksa-113962/ksa-113962.pdf?version=1.0\u0026_gl=1*1x6i3a*_gcl_au*MTU0ODMwNDI4Ny4xNzQzNTUyMjcx"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-231"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4HWJ-3PPP-CX8V
Vulnerability from github – Published: 2025-04-16 15:34 – Updated: 2025-04-29 21:31In the Linux kernel, the following vulnerability has been resolved:
exfat: fix random stack corruption after get_block
When get_block is called with a buffer_head allocated on the stack, such as do_mpage_readpage, stack corruption due to buffer_head UAF may occur in the following race condition situation.
<CPU 0> <CPU 1>
mpage_read_folio <> do_mpage_readpage exfat_get_block bh_read __bh_read get_bh(bh) submit_bh wait_on_buffer ... end_buffer_read_sync __end_buffer_read_notouch unlock_buffer <> ... ... ... ... <> . . another_function <> put_bh(bh) atomic_dec(bh->b_count) * stack corruption here *
This patch returns -EAGAIN if a folio does not have buffers when bh_read needs to be called. By doing this, the caller can fallback to functions like block_read_full_folio(), create a buffer_head in the folio, and then call get_block again.
Let's do not call bh_read() with on-stack buffer_head.
{
"affected": [],
"aliases": [
"CVE-2025-22036"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-16T15:15:56Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix random stack corruption after get_block\n\nWhen get_block is called with a buffer_head allocated on the stack, such\nas do_mpage_readpage, stack corruption due to buffer_head UAF may occur in\nthe following race condition situation.\n\n \u003cCPU 0\u003e \u003cCPU 1\u003e\nmpage_read_folio\n \u003c\u003cbh on stack\u003e\u003e\n do_mpage_readpage\n exfat_get_block\n bh_read\n __bh_read\n\t get_bh(bh)\n submit_bh\n wait_on_buffer\n ...\n end_buffer_read_sync\n __end_buffer_read_notouch\n unlock_buffer\n \u003c\u003ckeep going\u003e\u003e\n ...\n ...\n ...\n ...\n\u003c\u003cbh is not valid out of mpage_read_folio\u003e\u003e\n .\n .\nanother_function\n \u003c\u003cvariable A on stack\u003e\u003e\n put_bh(bh)\n atomic_dec(bh-\u003eb_count)\n * stack corruption here *\n\nThis patch returns -EAGAIN if a folio does not have buffers when bh_read\nneeds to be called. By doing this, the caller can fallback to functions\nlike block_read_full_folio(), create a buffer_head in the folio, and then\ncall get_block again.\n\nLet\u0027s do not call bh_read() with on-stack buffer_head.",
"id": "GHSA-4hwj-3ppp-cx8v",
"modified": "2025-04-29T21:31:47Z",
"published": "2025-04-16T15:34:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22036"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1bb7ff4204b6d4927e982cd256286c09ed4fd8ca"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/49b0a6ab8e528a0c1c50e37cef9b9c7c121365f2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7447286363dc1e410bf30b87d75168f3519f9cc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f807a6bf2005740fa26b4f59c4a003dc966b9afd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4HX4-54FM-QC8Q
Vulnerability from github – Published: 2026-04-15 21:30 – Updated: 2026-04-16 12:31Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2026-6319"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-15T20:16:42Z",
"severity": "HIGH"
},
"details": "Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-4hx4-54fm-qc8q",
"modified": "2026-04-16T12:31:41Z",
"published": "2026-04-15T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6319"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/499018889"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4J4F-7RWG-P4Q7
Vulnerability from github – Published: 2022-05-13 01:15 – Updated: 2025-10-22 03:30Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
{
"affected": [],
"aliases": [
"CVE-2013-1347"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-05-05T11:07:00Z",
"severity": "HIGH"
},
"details": "Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.",
"id": "GHSA-4j4f-7rwg-p4q7",
"modified": "2025-10-22T03:30:33Z",
"published": "2022-05-13T01:15:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1347"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1347"
},
{
"type": "WEB",
"url": "http://technet.microsoft.com/security/advisory/2847140"
},
{
"type": "WEB",
"url": "http://www.exploit-db.com/exploits/25294"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-134A"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4J5Q-JRMV-H6PP
Vulnerability from github – Published: 2024-09-11 18:31 – Updated: 2024-09-13 18:31In the Linux kernel, the following vulnerability has been resolved:
nvme: move stopping keep-alive into nvme_uninit_ctrl()
Commit 4733b65d82bd ("nvme: start keep-alive after admin queue setup") moves starting keep-alive from nvme_start_ctrl() into nvme_init_ctrl_finish(), but don't move stopping keep-alive into nvme_uninit_ctrl(), so keep-alive work can be started and keep pending after failing to start controller, finally use-after-free is triggered if nvme host driver is unloaded.
This patch fixes kernel panic when running nvme/004 in case that connection failure is triggered, by moving stopping keep-alive into nvme_uninit_ctrl().
This way is reasonable because keep-alive is now started in nvme_init_ctrl_finish().
{
"affected": [],
"aliases": [
"CVE-2024-45013"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-11T16:15:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: move stopping keep-alive into nvme_uninit_ctrl()\n\nCommit 4733b65d82bd (\"nvme: start keep-alive after admin queue setup\")\nmoves starting keep-alive from nvme_start_ctrl() into\nnvme_init_ctrl_finish(), but don\u0027t move stopping keep-alive into\nnvme_uninit_ctrl(), so keep-alive work can be started and keep pending\nafter failing to start controller, finally use-after-free is triggered if\nnvme host driver is unloaded.\n\nThis patch fixes kernel panic when running nvme/004 in case that connection\nfailure is triggered, by moving stopping keep-alive into nvme_uninit_ctrl().\n\nThis way is reasonable because keep-alive is now started in\nnvme_init_ctrl_finish().",
"id": "GHSA-4j5q-jrmv-h6pp",
"modified": "2024-09-13T18:31:41Z",
"published": "2024-09-11T18:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45013"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4101af98ab573554c4225e328d506fec2a74bc54"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a54a93d0e3599b05856971734e15418ac551a14c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.