Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9816 vulnerabilities reference this CWE, most recent first.

GHSA-777G-V2XH-6RVF

Vulnerability from github – Published: 2022-05-14 00:59 – Updated: 2022-05-14 00:59
VLAI
Details

In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-9798"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-03T06:59:00Z",
    "severity": "MODERATE"
  },
  "details": "In BlueZ 5.42, a use-after-free was identified in \"conf_opt\" function in \"tools/parser/l2cap.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.",
  "id": "GHSA-777g-v2xh-6rvf",
  "modified": "2022-05-14T00:59:56Z",
  "published": "2022-05-14T00:59:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9798"
    },
    {
      "type": "WEB",
      "url": "https://www.spinics.net/lists/linux-bluetooth/msg68892.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00071.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00072.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94652"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7792-F3H4-QXJQ

Vulnerability from github – Published: 2025-01-31 12:33 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

zram: fix potential UAF of zram table

If zram_meta_alloc failed early, it frees allocated zram->table without setting it NULL. Which will potentially cause zram_meta_free to access the table if user reset an failed and uninitialized device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21671"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-31T12:15:28Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: fix potential UAF of zram table\n\nIf zram_meta_alloc failed early, it frees allocated zram-\u003etable without\nsetting it NULL.  Which will potentially cause zram_meta_free to access\nthe table if user reset an failed and uninitialized device.",
  "id": "GHSA-7792-f3h4-qxjq",
  "modified": "2025-11-03T21:32:30Z",
  "published": "2025-01-31T12:33:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21671"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/212fe1c0df4a150fb6298db2cfff267ceaba5402"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/571d3f6045cd3a6d9f6aec33b678f3ffe97582ef"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/902ef8f16d5ca77edc77c30656be54186c1e99b7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fe3de867f94819ba0f28e035c0b0182150147d95"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7797-6FVM-V8XW

Vulnerability from github – Published: 2023-05-16 21:30 – Updated: 2025-05-05 18:32
VLAI
Details

Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2723"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-16T19:15:09Z",
    "severity": "HIGH"
  },
  "details": "Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-7797-6fvm-v8xw",
  "modified": "2025-05-05T18:32:39Z",
  "published": "2023-05-16T21:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2723"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1435166"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73XUIHJ6UT75VFPDPLJOXJON7MVIKVZI"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202309-17"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202311-11"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5404"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-779G-8Q6V-4G8G

Vulnerability from github – Published: 2023-01-10 21:30 – Updated: 2023-01-13 15:30
VLAI
Details

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0128"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-10T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-779g-8q6v-4g8g",
  "modified": "2023-01-13T15:30:26Z",
  "published": "2023-01-10T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0128"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1353208"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-10"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202311-11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-77CG-92PR-V53H

Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30
VLAI
Details

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-58733"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-14T17:15:55Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.",
  "id": "GHSA-77cg-92pr-v53h",
  "modified": "2025-10-14T18:30:33Z",
  "published": "2025-10-14T18:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58733"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58733"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-77CR-6GR8-7RR9

Vulnerability from github – Published: 2022-02-15 01:57 – Updated: 2023-10-02 15:17
VLAI
Summary
Use After Free in HashiCorp Nomad
Details

HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hashicorp/nomad"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.9.0"
            },
            {
              "fixed": "0.10.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hashicorp/nomad"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.11.0"
            },
            {
              "fixed": "0.11.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hashicorp/nomad"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.12.0"
            },
            {
              "fixed": "0.12.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-27195"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-12T21:58:02Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6",
  "id": "GHSA-77cr-6gr8-7rr9",
  "modified": "2023-10-02T15:17:55Z",
  "published": "2022-02-15T01:57:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27195"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hashicorp/nomad/issues/9129"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hashicorp/nomad/pull/9139"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0126-october-21-2020"
    },
    {
      "type": "PACKAGE",
      "url": "https://pkg.go.dev/github.com/hashicorp/nomad/client/allocrunner/taskrunner/template"
    },
    {
      "type": "WEB",
      "url": "https://www.nomadproject.io/downloads"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Use After Free in HashiCorp Nomad"
}

GHSA-77H3-779X-V4X3

Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-02-26 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency

Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still holds a reference and later executes *_put()/write on it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-68817"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-13T16:16:03Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency\n\nUnder high concurrency, A tree-connection object (tcon) is freed on\na disconnect path while another path still holds a reference and later\nexecutes *_put()/write on it.",
  "id": "GHSA-77h3-779x-v4x3",
  "modified": "2026-02-26T21:31:26Z",
  "published": "2026-01-13T18:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68817"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/063cbbc6f595ea36ad146e1b7d2af820894beb21"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/21a3d01fc6db5129f81edb0ab7cb94fd758bcbea"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/446beed646b2e426dd53d27358365f8678e1dd01"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b39a1833cc4a2755b02603eec3a71a85e9dff926"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d092de8a26c952379ded8e6b0bda31d89befac1a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d64977495e44855f2b28d8ce56107c963a7a50e4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-77HV-RQC3-4GM6

Vulnerability from github – Published: 2024-10-29 15:32 – Updated: 2025-11-04 00:31
VLAI
Details

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-10459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-29T13:15:03Z",
    "severity": "HIGH"
  },
  "details": "An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox \u003c 132, Firefox ESR \u003c 128.4, Firefox ESR \u003c 115.17, Thunderbird \u003c 128.4, and Thunderbird \u003c 132.",
  "id": "GHSA-77hv-rqc3-4gm6",
  "modified": "2025-11-04T00:31:53Z",
  "published": "2024-10-29T15:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10459"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1919087"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00034.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-55"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-56"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-57"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-58"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-59"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-77HV-X6Q3-C6J4

Vulnerability from github – Published: 2026-06-09 21:32 – Updated: 2026-06-09 21:32
VLAI
Details

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-47919"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T21:17:21Z",
    "severity": "HIGH"
  },
  "details": "Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-77hv-x6q3-c6j4",
  "modified": "2026-06-09T21:32:38Z",
  "published": "2026-06-09T21:32:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47919"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-77JH-978M-WQHM

Vulnerability from github – Published: 2026-05-01 15:30 – Updated: 2026-06-30 03:36
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

writeback: Fix use after free in inode_switch_wbs_work_fn()

inode_switch_wbs_work_fn() has a loop like:

wb_get(new_wb); while (1) { list = llist_del_all(&new_wb->switch_wbs_ctxs); / Nothing to do? / if (!list) break; ... process the items ... }

Now adding of items to the list looks like:

wb_queue_isw() if (llist_add(&isw->list, &wb->switch_wbs_ctxs)) queue_work(isw_wq, &wb->switch_work);

Because inode_switch_wbs_work_fn() loops when processing isw items, it can happen that wb->switch_work is pending while wb->switch_wbs_ctxs is empty. This is a problem because in that case wb can get freed (no isw items -> no wb reference) while the work is still pending causing use-after-free issues.

We cannot just fix this by cancelling work when freeing wb because that could still trigger problematic 0 -> 1 transitions on wb refcount due to wb_get() in inode_switch_wbs_work_fn(). It could be all handled with more careful code but that seems unnecessarily complex so let's avoid that until it is proven that the looping actually brings practical benefit. Just remove the loop from inode_switch_wbs_work_fn() instead. That way when wb_queue_isw() queues work, we are guaranteed we have added the first item to wb->switch_wbs_ctxs and nobody is going to remove it (and drop the wb reference it holds) until the queued work runs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31703"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416",
      "CWE-825"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-01T14:16:20Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwriteback: Fix use after free in inode_switch_wbs_work_fn()\n\ninode_switch_wbs_work_fn() has a loop like:\n\n  wb_get(new_wb);\n  while (1) {\n    list = llist_del_all(\u0026new_wb-\u003eswitch_wbs_ctxs);\n    /* Nothing to do? */\n    if (!list)\n      break;\n    ... process the items ...\n  }\n\nNow adding of items to the list looks like:\n\nwb_queue_isw()\n  if (llist_add(\u0026isw-\u003elist, \u0026wb-\u003eswitch_wbs_ctxs))\n    queue_work(isw_wq, \u0026wb-\u003eswitch_work);\n\nBecause inode_switch_wbs_work_fn() loops when processing isw items, it\ncan happen that wb-\u003eswitch_work is pending while wb-\u003eswitch_wbs_ctxs is\nempty. This is a problem because in that case wb can get freed (no isw\nitems -\u003e no wb reference) while the work is still pending causing\nuse-after-free issues.\n\nWe cannot just fix this by cancelling work when freeing wb because that\ncould still trigger problematic 0 -\u003e 1 transitions on wb refcount due to\nwb_get() in inode_switch_wbs_work_fn(). It could be all handled with\nmore careful code but that seems unnecessarily complex so let\u0027s avoid\nthat until it is proven that the looping actually brings practical\nbenefit. Just remove the loop from inode_switch_wbs_work_fn() instead.\nThat way when wb_queue_isw() queues work, we are guaranteed we have\nadded the first item to wb-\u003eswitch_wbs_ctxs and nobody is going to\nremove it (and drop the wb reference it holds) until the queued work\nruns.",
  "id": "GHSA-77jh-978m-wqhm",
  "modified": "2026-06-30T03:36:28Z",
  "published": "2026-05-01T15:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31703"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-31703"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464385"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/028103656b84273c73e9e271cf95c9f3421f4b8a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/156cc63691c1f20905510b1007896e090355e6c2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6689f01d6740cf358932b3e97ee968c6099800d9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9223e5f30403a9b506d6d0bff4f2e29a2d7d46af"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31703.json"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.