Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9811 vulnerabilities reference this CWE, most recent first.

GHSA-722M-C232-CWQP

Vulnerability from github – Published: 2025-08-24 12:31 – Updated: 2025-08-24 12:31
VLAI
Details

A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.2-beta3 is sufficient to resolve this issue. You should upgrade the affected component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-9386"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-24T11:15:34Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.2-beta3 is sufficient to resolve this issue. You should upgrade the affected component.",
  "id": "GHSA-722m-c232-cwqp",
  "modified": "2025-08-24T12:31:34Z",
  "published": "2025-08-24T12:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9386"
    },
    {
      "type": "WEB",
      "url": "https://github.com/appneta/tcpreplay/issues/973"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/file/d/1DcQWaTmj1HSbRidOCWwe9vtgHsBnFuX7/view?usp=sharing"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.321219"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.321219"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.630498"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-722V-JVWH-6QG9

Vulnerability from github – Published: 2022-05-17 00:57 – Updated: 2022-05-17 00:57
VLAI
Details

Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of plug-in placeholders.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-5126"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-11-07T11:43:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of plug-in placeholders.",
  "id": "GHSA-722v-jvwh-6qg9",
  "modified": "2022-05-17T00:57:40Z",
  "published": "2022-05-17T00:57:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5126"
    },
    {
      "type": "WEB",
      "url": "https://code.google.com/p/chromium/issues/detail?id=156366"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79873"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15891"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/87082"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/56413"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-7245-JCXV-7Q52

Vulnerability from github – Published: 2023-10-06 18:30 – Updated: 2025-11-04 21:30
VLAI
Details

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-39928"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-06T16:15:13Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.",
  "id": "GHSA-7245-jcxv-7q52",
  "modified": "2025-11-04T21:30:43Z",
  "published": "2023-10-06T18:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39928"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-33"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1831"
    },
    {
      "type": "WEB",
      "url": "https://webkitgtk.org/security/WSA-2023-0009.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5527"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1831"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-724R-F3GV-FMX5

Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:32
VLAI
Details

Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24112.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9728"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-22T21:15:26Z",
    "severity": "HIGH"
  },
  "details": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24112.",
  "id": "GHSA-724r-f3gv-fmx5",
  "modified": "2024-11-22T21:32:20Z",
  "published": "2024-11-22T21:32:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9728"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1484"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7257-C3G3-GCF6

Vulnerability from github – Published: 2024-04-03 18:30 – Updated: 2025-01-14 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()

... cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request); list_del_init(&priv_req->list); ...

'priv_req' actually free at cdns3_gadget_ep_free_request(). But list_del_init() use priv_req->list after it.

[ 1542.642868][ T534] BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xd4 [ 1542.642868][ T534] [ 1542.653162][ T534] Use-after-free read at 0x000000009ed0ba99 (in kfence-#3): [ 1542.660311][ T534] __list_del_entry_valid+0x10/0xd4 [ 1542.665375][ T534] cdns3_gadget_ep_disable+0x1f8/0x388 [cdns3] [ 1542.671571][ T534] usb_ep_disable+0x44/0xe4 [ 1542.675948][ T534] ffs_func_eps_disable+0x64/0xc8 [ 1542.680839][ T534] ffs_func_set_alt+0x74/0x368 [ 1542.685478][ T534] ffs_func_disable+0x18/0x28

Move list_del_init() before cdns3_gadget_ep_free_request() to resolve this problem.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26749"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-03T17:15:51Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()\n\n  ...\n  cdns3_gadget_ep_free_request(\u0026priv_ep-\u003eendpoint, \u0026priv_req-\u003erequest);\n  list_del_init(\u0026priv_req-\u003elist);\n  ...\n\n\u0027priv_req\u0027 actually free at cdns3_gadget_ep_free_request(). But\nlist_del_init() use priv_req-\u003elist after it.\n\n[ 1542.642868][  T534] BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xd4\n[ 1542.642868][  T534]\n[ 1542.653162][  T534] Use-after-free read at 0x000000009ed0ba99 (in kfence-#3):\n[ 1542.660311][  T534]  __list_del_entry_valid+0x10/0xd4\n[ 1542.665375][  T534]  cdns3_gadget_ep_disable+0x1f8/0x388 [cdns3]\n[ 1542.671571][  T534]  usb_ep_disable+0x44/0xe4\n[ 1542.675948][  T534]  ffs_func_eps_disable+0x64/0xc8\n[ 1542.680839][  T534]  ffs_func_set_alt+0x74/0x368\n[ 1542.685478][  T534]  ffs_func_disable+0x18/0x28\n\nMove list_del_init() before cdns3_gadget_ep_free_request() to resolve this\nproblem.",
  "id": "GHSA-7257-c3g3-gcf6",
  "modified": "2025-01-14T18:31:49Z",
  "published": "2024-04-03T18:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26749"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2134e9906e17b1e5284300fab547869ebacfd7d9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/29e42e1578a10c611b3f1a38f3229b2d664b5d16"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4e5c73b15d95452c1ba9c771dd013a3fbe052ff3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9a07244f614bc417de527b799da779dcae780b5d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b40328eea93c75a5645891408010141a0159f643"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cfa9abb5570c489dabf6f7fb3a066cc576fc8824"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-727X-P98C-5CG7

Vulnerability from github – Published: 2024-09-04 21:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

atm: idt77252: prevent use after free in dequeue_rx()

We can't dereference "skb" after calling vcc->push() because the skb is released.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-44998"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-04T20:15:08Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: idt77252: prevent use after free in dequeue_rx()\n\nWe can\u0027t dereference \"skb\" after calling vcc-\u003epush() because the skb\nis released.",
  "id": "GHSA-727x-p98c-5cg7",
  "modified": "2025-11-04T00:31:23Z",
  "published": "2024-09-04T21:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44998"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/09e086a5f72ea27c758b3f3b419a69000c32adc1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1cece837e387c039225f19028df255df87a97c0d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/24cf390a5426aac9255205e9533cdd7b4235d518"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/379a6a326514a3e2f71b674091dfb0e0e7522b55"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/628ea82190a678a56d2ec38cda3addf3b3a6248d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/91b4850e7165a4b7180ef1e227733bcb41ccdf10"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a9a18e8f770c9b0703dab93580d0b02e199a4c79"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ef23c18ab88e33ce000d06a5c6aad0620f219bfd"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-72C2-78V3-V6CC

Vulnerability from github – Published: 2025-02-27 21:32 – Updated: 2025-02-27 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

iio: trigger: sysfs: fix use-after-free on remove

Ensure that the irq_work has completed before the trigger is freed.

================================================================== BUG: KASAN: use-after-free in irq_work_run_list Read of size 8 at addr 0000000064702248 by task python3/25

Call Trace: irq_work_run_list irq_work_tick update_process_times tick_sched_handle tick_sched_timer __hrtimer_run_queues hrtimer_interrupt

Allocated by task 25: kmem_cache_alloc_trace iio_sysfs_trig_add dev_attr_store sysfs_kf_write kernfs_fop_write_iter new_sync_write vfs_write ksys_write sys_write

Freed by task 25: kfree iio_sysfs_trig_remove dev_attr_store sysfs_kf_write kernfs_fop_write_iter new_sync_write vfs_write ksys_write sys_write

==================================================================

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49685"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:43Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: trigger: sysfs: fix use-after-free on remove\n\nEnsure that the irq_work has completed before the trigger is freed.\n\n ==================================================================\n BUG: KASAN: use-after-free in irq_work_run_list\n Read of size 8 at addr 0000000064702248 by task python3/25\n\n Call Trace:\n  irq_work_run_list\n  irq_work_tick\n  update_process_times\n  tick_sched_handle\n  tick_sched_timer\n  __hrtimer_run_queues\n  hrtimer_interrupt\n\n Allocated by task 25:\n  kmem_cache_alloc_trace\n  iio_sysfs_trig_add\n  dev_attr_store\n  sysfs_kf_write\n  kernfs_fop_write_iter\n  new_sync_write\n  vfs_write\n  ksys_write\n  sys_write\n\n Freed by task 25:\n  kfree\n  iio_sysfs_trig_remove\n  dev_attr_store\n  sysfs_kf_write\n  kernfs_fop_write_iter\n  new_sync_write\n  vfs_write\n  ksys_write\n  sys_write\n\n ==================================================================",
  "id": "GHSA-72c2-78v3-v6cc",
  "modified": "2025-02-27T21:32:15Z",
  "published": "2025-02-27T21:32:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49685"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/31ff3309b47d98313c61b8301bf595820cc3cc33"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4687c3f955240ca2a576bdc3f742d4d915b6272d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4ef1e521be610b720daeb7cf899fedc7db0274c4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5e39397d60dacc7f5d81d442c1c958eaaaf31128"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/78601726d4a59a291acc5a52da1d3a0a6831e4e8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b07a30a774b3c3e584a68dc91779c68ea2da4813"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d6111e7bdb8ec27eb43d01c4cd4ff1620a75f7f2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fd5d8fb298a2866c337da635c79d63c3afabcaf7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-72C5-432G-CFC7

Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19
VLAI
Details

A component of the HarmonyOS has a Use After Free vulnerability. Local attackers may exploit this vulnerability to cause kernel crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22466"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-28T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A component of the HarmonyOS has a Use After Free vulnerability. Local attackers may exploit this vulnerability to cause kernel crash.",
  "id": "GHSA-72c5-432g-cfc7",
  "modified": "2022-05-24T19:19:08Z",
  "published": "2022-05-24T19:19:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22466"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202107-0000001123874808"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-72F9-X2QQ-3795

Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2025-01-14 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

perf: hisi: Fix use-after-free when register pmu fails

When we fail to register the uncore pmu, the pmu context may not been allocated. The error handing will call cpuhp_state_remove_instance() to call uncore pmu offline callback, which migrate the pmu context. Since that's liable to lead to some kind of use-after-free.

Use cpuhp_state_remove_instance_nocalls() instead of cpuhp_state_remove_instance() so that the notifiers don't execute after the PMU device has been failed to register.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52859"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T16:15:22Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: hisi: Fix use-after-free when register pmu fails\n\nWhen we fail to register the uncore pmu, the pmu context may not been\nallocated. The error handing will call cpuhp_state_remove_instance()\nto call uncore pmu offline callback, which migrate the pmu context.\nSince that\u0027s liable to lead to some kind of use-after-free.\n\nUse cpuhp_state_remove_instance_nocalls() instead of\ncpuhp_state_remove_instance() so that the notifiers don\u0027t execute after\nthe PMU device has been failed to register.",
  "id": "GHSA-72f9-x2qq-3795",
  "modified": "2025-01-14T18:31:50Z",
  "published": "2024-05-21T18:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52859"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0e1e88bba286621b886218363de07b319d6208b2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3405f364f82d4f5407a8b4c519dc15d24b847fda"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/75bab28ffd05ec8879c197890b1bd1dfec8d3f63"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b660420f449d094b1fabfa504889810b3a63cdd5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b805cafc604bfdb671fae7347a57f51154afa735"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-72G6-VHCP-944P

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-04 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

jbd2: fix potential use-after-free in jbd2_fc_wait_bufs

In 'jbd2_fc_wait_bufs' use 'bh' after put buffer head reference count which may lead to use-after-free. So judge buffer if uptodate before put buffer head reference count.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50328"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:44Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: fix potential use-after-free in jbd2_fc_wait_bufs\n\nIn \u0027jbd2_fc_wait_bufs\u0027 use \u0027bh\u0027 after put buffer head reference count\nwhich may lead to use-after-free.\nSo judge buffer if uptodate before put buffer head reference count.",
  "id": "GHSA-72g6-vhcp-944p",
  "modified": "2025-12-04T15:30:31Z",
  "published": "2025-09-15T15:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50328"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1d4d16daec2a6689b6d3fbfc7d2078643adc6619"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/243d1a5d505d0b0460c9af0ad56ed4a56ef0bebd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2e6d9f381c1ed844531a577783fc352de7a44c8a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d11d2ded293976a1a0d9d9471827a44dc9e3c63f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/effd9b3c029ecdd853a11933dcf857f5a7ca8c3d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.