CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9811 vulnerabilities reference this CWE, most recent first.
GHSA-6MRG-MHJW-QQPJ
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2022-05-24 16:46Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
{
"affected": [],
"aliases": [
"CVE-2019-7050"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-24T19:29:00Z",
"severity": "CRITICAL"
},
"details": "Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",
"id": "GHSA-6mrg-mhjw-qqpj",
"modified": "2022-05-24T16:46:40Z",
"published": "2022-05-24T16:46:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7050"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6MV5-3JXX-RPRV
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
{
"affected": [],
"aliases": [
"CVE-2018-18989"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-04T22:29:00Z",
"severity": "HIGH"
},
"details": "In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.",
"id": "GHSA-6mv5-3jxx-rprv",
"modified": "2022-05-13T01:33:40Z",
"published": "2022-05-13T01:33:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18989"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-338-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106106"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6MVM-83WH-44GH
Vulnerability from github – Published: 2022-05-17 02:21 – Updated: 2022-05-17 02:21Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.
{
"affected": [],
"aliases": [
"CVE-2016-6968"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-10-13T19:59:00Z",
"severity": "CRITICAL"
},
"details": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",
"id": "GHSA-6mvm-83wh-44gh",
"modified": "2022-05-17T02:21:29Z",
"published": "2022-05-17T02:21:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6968"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93491"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036986"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6MW3-7V65-29GJ
Vulnerability from github – Published: 2022-10-21 12:00 – Updated: 2022-10-26 12:00An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error
{
"affected": [],
"aliases": [
"CVE-2022-39823"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-20T21:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error",
"id": "GHSA-6mw3-7v65-29gj",
"modified": "2022-10-26T12:00:40Z",
"published": "2022-10-21T12:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39823"
},
{
"type": "WEB",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-8.html"
},
{
"type": "WEB",
"url": "https://www.softing.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6P26-7GX2-V5M2
Vulnerability from github – Published: 2025-01-14 18:32 – Updated: 2025-10-22 00:33Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2025-21335"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T18:15:58Z",
"severity": "HIGH"
},
"details": "Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability",
"id": "GHSA-6p26-7gx2-v5m2",
"modified": "2025-10-22T00:33:12Z",
"published": "2025-01-14T18:32:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21335"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21335"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21335"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6P7P-7664-CQRJ
Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2024-12-17 18:33Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation.
{
"affected": [],
"aliases": [
"CVE-2019-13511"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-15T19:15:00Z",
"severity": "MODERATE"
},
"details": "Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation.",
"id": "GHSA-6p7p-7664-cqrj",
"modified": "2024-12-17T18:33:39Z",
"published": "2022-05-24T16:53:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13511"
},
{
"type": "WEB",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-810"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-811"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-812"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-813"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-814"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6P7X-C5RV-9W7V
Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-06-30 03:36In the Linux kernel, the following vulnerability has been resolved:
can: isotp: fix tx.buf use-after-free in isotp_sendmsg()
isotp_sendmsg() uses only cmpxchg() on so->tx.state to serialize access to so->tx.buf. isotp_release() waits for ISOTP_IDLE via wait_event_interruptible() and then calls kfree(so->tx.buf).
If a signal interrupts the wait_event_interruptible() inside close() while tx.state is ISOTP_SENDING, the loop exits early and release proceeds to force ISOTP_SHUTDOWN and continues to kfree(so->tx.buf) while sendmsg may still be reading so->tx.buf for the final CAN frame in isotp_fill_dataframe().
The so->tx.buf can be allocated once when the standard tx.buf length needs to be extended. Move the kfree() of this potentially extended tx.buf to sk_destruct time when either isotp_sendmsg() and isotp_release() are done.
{
"affected": [],
"aliases": [
"CVE-2026-31474"
],
"database_specific": {
"cwe_ids": [
"CWE-364",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T14:16:44Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: isotp: fix tx.buf use-after-free in isotp_sendmsg()\n\nisotp_sendmsg() uses only cmpxchg() on so-\u003etx.state to serialize access\nto so-\u003etx.buf. isotp_release() waits for ISOTP_IDLE via\nwait_event_interruptible() and then calls kfree(so-\u003etx.buf).\n\nIf a signal interrupts the wait_event_interruptible() inside close()\nwhile tx.state is ISOTP_SENDING, the loop exits early and release\nproceeds to force ISOTP_SHUTDOWN and continues to kfree(so-\u003etx.buf)\nwhile sendmsg may still be reading so-\u003etx.buf for the final CAN frame\nin isotp_fill_dataframe().\n\nThe so-\u003etx.buf can be allocated once when the standard tx.buf length needs\nto be extended. Move the kfree() of this potentially extended tx.buf to\nsk_destruct time when either isotp_sendmsg() and isotp_release() are done.",
"id": "GHSA-6p7x-c5rv-9w7v",
"modified": "2026-06-30T03:36:22Z",
"published": "2026-04-22T15:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31474"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27288"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27731"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27789"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-31474"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460646"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e62e7051eca75a7f2e3d52d62ec10d7d7aa358c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/424e95d62110cdbc8fd12b40918f37e408e35a92"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9649d051e54413049c009638ec1dc23962c884a4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cb3d6efa78460e6d50bf68806d0db66265709f64"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eec8a1b18a79600bd4419079dc0026c1db72a830"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31474.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6P82-V9W6-85GX
Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
{
"affected": [],
"aliases": [
"CVE-2018-19364"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-13T19:29:00Z",
"severity": "MODERATE"
},
"details": "hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.",
"id": "GHSA-6p82-v9w6-85gx",
"modified": "2022-05-13T01:26:37Z",
"published": "2022-05-13T01:26:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19364"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg01139.html"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg02795.html"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/May/76"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3826-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2018/11/20/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6P8X-V4M8-8PVG
Vulnerability from github – Published: 2022-05-14 01:06 – Updated: 2022-05-14 01:06In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.
{
"affected": [],
"aliases": [
"CVE-2017-17670"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-15T09:29:00Z",
"severity": "HIGH"
},
"details": "In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.",
"id": "GHSA-6p8x-v4m8-8pvg",
"modified": "2022-05-14T01:06:24Z",
"published": "2022-05-14T01:06:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17670"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4203"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2017/12/15/1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102214"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040938"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6PF8-H7C8-42FV
Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-04-28 18:30In the Linux kernel, the following vulnerability has been resolved:
cxl/port: Fix use after free of parent_port in cxl_detach_ep()
cxl_detach_ep() is called during bottom-up removal when all CXL memory devices beneath a switch port have been removed. For each port in the hierarchy it locks both the port and its parent, removes the endpoint, and if the port is now empty, marks it dead and unregisters the port by calling delete_switch_port(). There are two places during this work where the parent_port may be used after freeing:
First, a concurrent detach may have already processed a port by the time a second worker finds it via bus_find_device(). Without pinning parent_port, it may already be freed when we discover port->dead and attempt to unlock the parent_port. In a production kernel that's a silent memory corruption, with lock debug, it looks like this:
[]DEBUG_LOCKS_WARN_ON(__owner_task(owner) != get_current()) []WARNING: kernel/locking/mutex.c:949 at __mutex_unlock_slowpath+0x1ee/0x310 []Call Trace: []mutex_unlock+0xd/0x20 []cxl_detach_ep+0x180/0x400 [cxl_core] []devm_action_release+0x10/0x20 []devres_release_all+0xa8/0xe0 []device_unbind_cleanup+0xd/0xa0 []really_probe+0x1a6/0x3e0
Second, delete_switch_port() releases three devm actions registered against parent_port. The last of those is unregister_port() and it calls device_unregister() on the child port, which can cascade. If parent_port is now also empty the device core may unregister and free it too. So by the time delete_switch_port() returns, parent_port may be free, and the subsequent device_unlock(&parent_port->dev) operates on freed memory. The kernel log looks same as above, with a different offset in cxl_detach_ep().
Both of these issues stem from the absence of a lifetime guarantee between a child port and its parent port.
Establish a lifetime rule for ports: child ports hold a reference to their parent device until release. Take the reference when the port is allocated and drop it when released. This ensures the parent is valid for the full lifetime of the child and eliminates the use after free window in cxl_detach_ep().
This is easily reproduced with a reload of cxl_acpi in QEMU with CXL devices present.
{
"affected": [],
"aliases": [
"CVE-2026-31530"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T14:16:53Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/port: Fix use after free of parent_port in cxl_detach_ep()\n\ncxl_detach_ep() is called during bottom-up removal when all CXL memory\ndevices beneath a switch port have been removed. For each port in the\nhierarchy it locks both the port and its parent, removes the endpoint,\nand if the port is now empty, marks it dead and unregisters the port\nby calling delete_switch_port(). There are two places during this work\nwhere the parent_port may be used after freeing:\n\nFirst, a concurrent detach may have already processed a port by the\ntime a second worker finds it via bus_find_device(). Without pinning\nparent_port, it may already be freed when we discover port-\u003edead and\nattempt to unlock the parent_port. In a production kernel that\u0027s a\nsilent memory corruption, with lock debug, it looks like this:\n\n[]DEBUG_LOCKS_WARN_ON(__owner_task(owner) != get_current())\n[]WARNING: kernel/locking/mutex.c:949 at __mutex_unlock_slowpath+0x1ee/0x310\n[]Call Trace:\n[]mutex_unlock+0xd/0x20\n[]cxl_detach_ep+0x180/0x400 [cxl_core]\n[]devm_action_release+0x10/0x20\n[]devres_release_all+0xa8/0xe0\n[]device_unbind_cleanup+0xd/0xa0\n[]really_probe+0x1a6/0x3e0\n\nSecond, delete_switch_port() releases three devm actions registered\nagainst parent_port. The last of those is unregister_port() and it\ncalls device_unregister() on the child port, which can cascade. If\nparent_port is now also empty the device core may unregister and free\nit too. So by the time delete_switch_port() returns, parent_port may\nbe free, and the subsequent device_unlock(\u0026parent_port-\u003edev) operates\non freed memory. The kernel log looks same as above, with a different\noffset in cxl_detach_ep().\n\nBoth of these issues stem from the absence of a lifetime guarantee\nbetween a child port and its parent port.\n\nEstablish a lifetime rule for ports: child ports hold a reference to\ntheir parent device until release. Take the reference when the port\nis allocated and drop it when released. This ensures the parent is\nvalid for the full lifetime of the child and eliminates the use after\nfree window in cxl_detach_ep().\n\nThis is easily reproduced with a reload of cxl_acpi in QEMU with CXL\ndevices present.",
"id": "GHSA-6pf8-h7c8-42fv",
"modified": "2026-04-28T18:30:30Z",
"published": "2026-04-22T15:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31530"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/19d2f0b97a131198efc2c4ca3eb7f980bba8c2b4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2c32141462045cf93d54a5146a0ba572b83533dd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d216a4bd138eb57cc4ae7c43b2f709e3482af7e2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7dc6f381a1e5f068333f1faa9265d6af1df4235"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.