CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-597X-6F4C-7X29
Vulnerability from github – Published: 2022-05-24 22:00 – Updated: 2022-05-24 22:00In SensorManager::assertStateLocked of SensorManager.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2019-2174"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-05T22:15:00Z",
"severity": "HIGH"
},
"details": "In SensorManager::assertStateLocked of SensorManager.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-597x-6f4c-7x29",
"modified": "2022-05-24T22:00:26Z",
"published": "2022-05-24T22:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2174"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2019-09-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-59GP-QQM7-CW4J
Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2023-06-23 21:37Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "nokogiri"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-30560"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2023-06-23T21:37:02Z",
"nvd_published_at": "2021-08-03T19:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-59gp-qqm7-cw4j",
"modified": "2023-06-23T21:37:02Z",
"published": "2022-05-24T19:09:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30560"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1219209"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-30560.yml"
},
{
"type": "PACKAGE",
"url": "https://github.com/sparklemotion/nokogiri"
},
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202310-23"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5216"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Nokogiri has vulnerable dependencies on libxml2 and libxslt"
}
GHSA-59GQ-GVHQ-969M
Vulnerability from github – Published: 2022-12-13 21:30 – Updated: 2022-12-13 21:30Windows Kernel Elevation of Privilege Vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-44683"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-13T19:15:00Z",
"severity": "HIGH"
},
"details": "Windows Kernel Elevation of Privilege Vulnerability.",
"id": "GHSA-59gq-gvhq-969m",
"modified": "2022-12-13T21:30:27Z",
"published": "2022-12-13T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44683"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44683"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44683"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/170466/Windows-Kernel-NtNotifyChangeMultipleKeys-Use-After-Free.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-59M8-HG79-86PP
Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2024-10-24 21:31In the Linux kernel, the following vulnerability has been resolved:
net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free.
{
"affected": [],
"aliases": [
"CVE-2022-48962"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T20:15:08Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hisilicon: Fix potential use-after-free in hisi_femac_rx()\n\nThe skb is delivered to napi_gro_receive() which may free it, after\ncalling this, dereferencing skb may trigger use-after-free.",
"id": "GHSA-59m8-hg79-86pp",
"modified": "2024-10-24T21:31:02Z",
"published": "2024-10-21T21:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48962"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/196e12671cb629d9f3b77b4d8bec854fc445533a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/296a50aa8b2982117520713edc1375777a9f8506"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3501da8eb6d0f5f114a09ec953c54423f6f35885"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4640177049549de1a43e9bc49265f0cdfce08cfd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6f4798ac9c9e98f41553c4f5e6c832c8860a6942"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8595a2db8eb0ffcbb466eb9f4a7507a5ba06ebb9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aceec8ab752428d8e151321479e82cc1a40fee2e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e71a46cc8c9ad75f3bb0e4b361e81f79c0214cca"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-59MV-F2PF-CR57
Vulnerability from github – Published: 2022-05-17 03:46 – Updated: 2025-04-12 12:39The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors that leverage "type confusion" for callback processing.
{
"affected": [],
"aliases": [
"CVE-2014-3193"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-10-08T10:55:00Z",
"severity": "HIGH"
},
"details": "The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors that leverage \"type confusion\" for callback processing.",
"id": "GHSA-59mv-f2pf-cr57",
"modified": "2025-04-12T12:39:23Z",
"published": "2022-05-17T03:46:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3193"
},
{
"type": "WEB",
"url": "https://codereview.chromium.org/500143002"
},
{
"type": "WEB",
"url": "https://crbug.com/399655"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1626.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/70273"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-59PM-73XX-3PVC
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2025-01-14 21:31Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2021-27649"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-23T10:15:00Z",
"severity": "CRITICAL"
},
"details": "Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.",
"id": "GHSA-59pm-73xx-3pvc",
"modified": "2025-01-14T21:31:41Z",
"published": "2022-05-24T19:06:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27649"
},
{
"type": "WEB",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_26"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-59X3-J3QW-GJFX
Vulnerability from github – Published: 2025-05-09 09:33 – Updated: 2025-11-12 21:31In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Use local fence in error path of xe_migrate_clear
The intent of the error path in xe_migrate_clear is to wait on locally generated fence and then return. The code is waiting on m->fence which could be the local fence but this is only stable under the job mutex leading to a possible UAF. Fix code to wait on local fence.
(cherry picked from commit 762b7e95362170b3e13a8704f38d5e47eca4ba74)
{
"affected": [],
"aliases": [
"CVE-2025-37869"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-09T07:16:07Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Use local fence in error path of xe_migrate_clear\n\nThe intent of the error path in xe_migrate_clear is to wait on locally\ngenerated fence and then return. The code is waiting on m-\u003efence which\ncould be the local fence but this is only stable under the job mutex\nleading to a possible UAF. Fix code to wait on local fence.\n\n(cherry picked from commit 762b7e95362170b3e13a8704f38d5e47eca4ba74)",
"id": "GHSA-59x3-j3qw-gjfx",
"modified": "2025-11-12T21:31:02Z",
"published": "2025-05-09T09:33:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37869"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/20659d3150f1a2a258a173fe011013178ff2a197"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2ac5f466f62892a7d1ac2d1a3eb6cd14efbe2f2d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dc712938aa26b001f448d5e93f59d57fa80f2dbd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-59X3-PVMJ-2PW2
Vulnerability from github – Published: 2026-02-24 15:30 – Updated: 2026-06-30 03:35Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148 and Firefox ESR < 140.8.
{
"affected": [],
"aliases": [
"CVE-2026-2766"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-24T14:16:24Z",
"severity": "CRITICAL"
},
"details": "Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox \u003c 148 and Firefox ESR \u003c 140.8.",
"id": "GHSA-59x3-pvmj-2pw2",
"modified": "2026-06-30T03:35:43Z",
"published": "2026-02-24T15:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2766"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3981"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3982"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3983"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3984"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:4022"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:4152"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:4260"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:4432"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-2766"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013583"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442294"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2766.json"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-13"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-15"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-16"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-17"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3338"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3339"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3361"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3491"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3492"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3493"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3494"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3495"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3496"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3497"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3515"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3516"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3517"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3976"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3978"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3979"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3980"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5C2V-7JGP-GFHR
Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2025-11-04 00:30In the Linux kernel, the following vulnerability has been resolved:
net: bridge: mst: fix suspicious rcu usage in br_mst_set_state
I converted br_mst_set_state to RCU to avoid a vlan use-after-free but forgot to change the vlan group dereference helper. Switch to vlan group RCU deref helper to fix the suspicious rcu usage warning.
{
"affected": [],
"aliases": [
"CVE-2024-40920"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-12T13:15:15Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: fix suspicious rcu usage in br_mst_set_state\n\nI converted br_mst_set_state to RCU to avoid a vlan use-after-free\nbut forgot to change the vlan group dereference helper. Switch to vlan\ngroup RCU deref helper to fix the suspicious rcu usage warning.",
"id": "GHSA-5c2v-7jgp-gfhr",
"modified": "2025-11-04T00:30:53Z",
"published": "2024-07-12T15:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40920"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5C32-VRPQ-FGR5
Vulnerability from github – Published: 2023-08-16 21:31 – Updated: 2025-06-03 03:30A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.
{
"affected": [],
"aliases": [
"CVE-2023-4387"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-16T19:15:10Z",
"severity": "HIGH"
},
"details": "A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware\u0027s vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.",
"id": "GHSA-5c32-vrpq-fgr5",
"modified": "2025-06-03T03:30:31Z",
"published": "2023-08-16T21:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4387"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/9e7fef9521e73ca8afd7da9e58c14654b02dfad8"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:7683"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:8267"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-4387"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219270"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.