CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-7J5G-6R5Q-HQ8R
Vulnerability from github – Published: 2026-06-26 21:32 – Updated: 2026-06-28 09:31In the Linux kernel, the following vulnerability has been resolved:
drm/xe/eustall: Fix drm_dev_put called before stream disable in close
In xe_eu_stall_stream_close(), drm_dev_put() is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures could be freed while the subsequent cleanup code still accesses them, leading to a use-after-free.
Fix this by moving drm_dev_put() after all device accesses are complete. This matches the ordering in xe_oa_release().
(cherry picked from commit 35aff528f7297e949e5e19c9cd7fd748cf1cf21c)
{
"affected": [],
"aliases": [
"CVE-2026-53290"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-26T20:17:21Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/eustall: Fix drm_dev_put called before stream disable in close\n\nIn xe_eu_stall_stream_close(), drm_dev_put() is called before the\nstream is disabled and its resources are freed. If this drops the\nlast reference, the device structures could be freed while the\nsubsequent cleanup code still accesses them, leading to a\nuse-after-free.\n\nFix this by moving drm_dev_put() after all device accesses are\ncomplete. This matches the ordering in xe_oa_release().\n\n(cherry picked from commit 35aff528f7297e949e5e19c9cd7fd748cf1cf21c)",
"id": "GHSA-7j5g-6r5q-hq8r",
"modified": "2026-06-28T09:31:48Z",
"published": "2026-06-26T21:32:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53290"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/84f2bfbe6e38f8b9815ca00826e53b7f51420402"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bebce43f34b5feb8a760aa832eba81e0f8a38871"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dc2d9842c67d883d3200ae33b9c3859dd9492408"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7J7P-8XPW-V444
Vulnerability from github – Published: 2024-12-12 03:33 – Updated: 2024-12-12 03:33Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-49118"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-12T02:04:38Z",
"severity": "HIGH"
},
"details": "Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability",
"id": "GHSA-7j7p-8xpw-v444",
"modified": "2024-12-12T03:33:05Z",
"published": "2024-12-12T03:33:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49118"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49118"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7JFF-7VVQ-8FXX
Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2025-10-22 03:30Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
{
"affected": [],
"aliases": [
"CVE-2013-3893"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-09-18T10:08:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.",
"id": "GHSA-7jff-7vvq-8fxx",
"modified": "2025-10-22T03:30:35Z",
"published": "2022-05-13T01:10:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3893"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-080"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18665"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-3893"
},
{
"type": "WEB",
"url": "http://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx"
},
{
"type": "WEB",
"url": "http://blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-addresses-two-vulnerabilities-under-limited-targeted-attacks.aspx"
},
{
"type": "WEB",
"url": "http://jvn.jp/en/jp/JVN27443259/index.html"
},
{
"type": "WEB",
"url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000093.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/162585/Microsoft-Internet-Explorer-8-SetMouseCapture-Use-After-Free.html"
},
{
"type": "WEB",
"url": "http://pastebin.com/raw.php?i=Hx1L5gu6"
},
{
"type": "WEB",
"url": "http://technet.microsoft.com/security/advisory/2887505"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/62453"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7JFQ-4VFX-P3RG
Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel.
{
"affected": [],
"aliases": [
"CVE-2018-9422"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-06T17:29:00Z",
"severity": "HIGH"
},
"details": "In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel.",
"id": "GHSA-7jfq-4vfx-p3rg",
"modified": "2022-05-14T00:53:48Z",
"published": "2022-05-14T00:53:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9422"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1102001\u0026_ga=2.244341506.661832603.1561012452-1774095668.1553066022"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-07-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7JG7-JHVR-3FWH
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
{
"affected": [],
"aliases": [
"CVE-2018-3966"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-03T15:29:00Z",
"severity": "HIGH"
},
"details": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software\u0027s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",
"id": "GHSA-7jg7-jhvr-3fwh",
"modified": "2022-05-13T01:01:50Z",
"published": "2022-05-13T01:01:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3966"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0631"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7JG9-9WP9-WH98
Vulnerability from github – Published: 2022-04-12 00:00 – Updated: 2022-04-16 00:01In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS05836642; Issue ID: ALPS05836642.
{
"affected": [],
"aliases": [
"CVE-2022-20052"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-11T20:15:00Z",
"severity": "MODERATE"
},
"details": "In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS05836642; Issue ID: ALPS05836642.",
"id": "GHSA-7jg9-9wp9-wh98",
"modified": "2022-04-16T00:01:08Z",
"published": "2022-04-12T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20052"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/April-2022"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7JGH-PJ67-JVFJ
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getDisplayItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6506.
{
"affected": [],
"aliases": [
"CVE-2018-17656"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-24T04:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getDisplayItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6506.",
"id": "GHSA-7jgh-pj67-jvfj",
"modified": "2022-05-13T01:33:55Z",
"published": "2022-05-13T01:33:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17656"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1210"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7JH9-V3VW-V9PX
Vulnerability from github – Published: 2024-10-21 12:30 – Updated: 2024-10-22 18:32In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway
Syzbot reports a UAF in hugetlb_fault(). This happens because vmf_anon_prepare() could drop the per-VMA lock and allow the current VMA to be freed before hugetlb_vma_unlock_read() is called.
We can fix this by using a modified version of vmf_anon_prepare() that doesn't release the VMA lock on failure, and then release it ourselves after hugetlb_vma_unlock_read().
{
"affected": [],
"aliases": [
"CVE-2024-47676"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T12:15:04Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb.c: fix UAF of vma in hugetlb fault pathway\n\nSyzbot reports a UAF in hugetlb_fault(). This happens because\nvmf_anon_prepare() could drop the per-VMA lock and allow the current VMA\nto be freed before hugetlb_vma_unlock_read() is called.\n\nWe can fix this by using a modified version of vmf_anon_prepare() that\ndoesn\u0027t release the VMA lock on failure, and then release it ourselves\nafter hugetlb_vma_unlock_read().",
"id": "GHSA-7jh9-v3vw-v9px",
"modified": "2024-10-22T18:32:09Z",
"published": "2024-10-21T12:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47676"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/98b74bb4d7e96b4da5ef3126511febe55b76b807"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d59ebc99dee0a2687a26df94b901eb8216dbf876"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e897d184a8dd4a4e1f39c8c495598e4d9472776c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7JP3-X6J5-68RR
Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2016-10051"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-23T17:59:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.",
"id": "GHSA-7jp3-x6j5-68rr",
"modified": "2022-05-13T01:13:30Z",
"published": "2022-05-13T01:13:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10051"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/548701354191a3dda5cffc6d415374b35b01d0b9"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/ecc03a2518c2b7dd375fde3a040fdae0bdf6a521"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410456"
},
{
"type": "WEB",
"url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=30245"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00031.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/12/26/9"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95187"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7JP6-72RV-7M74
Vulnerability from github – Published: 2025-06-04 15:30 – Updated: 2025-06-04 21:31An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation.
{
"affected": [],
"aliases": [
"CVE-2025-23101"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-04T15:15:23Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation.",
"id": "GHSA-7jp6-72rv-7m74",
"modified": "2025-06-04T21:31:14Z",
"published": "2025-06-04T15:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23101"
},
{
"type": "WEB",
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates"
},
{
"type": "WEB",
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-23101"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.