CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-7XFV-2P7X-FHMV
Vulnerability from github – Published: 2024-02-26 18:30 – Updated: 2024-08-29 00:31fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.
{
"affected": [],
"aliases": [
"CVE-2024-26455"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-26T18:15:07Z",
"severity": "HIGH"
},
"details": "fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.",
"id": "GHSA-7xfv-2p7x-fhmv",
"modified": "2024-08-29T00:31:34Z",
"published": "2024-02-26T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26455"
},
{
"type": "WEB",
"url": "https://github.com/LuMingYinDetect/fluent-bit_defects/blob/main/fluent-bit_detect_1.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7XH6-Q259-9VJ8
Vulnerability from github – Published: 2024-05-14 18:31 – Updated: 2024-05-14 18:31Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-30049"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T17:17:20Z",
"severity": "HIGH"
},
"details": "Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability",
"id": "GHSA-7xh6-q259-9vj8",
"modified": "2024-05-14T18:31:05Z",
"published": "2024-05-14T18:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30049"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30049"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7XJG-GXFF-2M4M
Vulnerability from github – Published: 2026-05-01 18:31 – Updated: 2026-05-01 18:31A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the system.
{
"affected": [],
"aliases": [
"CVE-2026-22166"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-01T16:16:29Z",
"severity": "CRITICAL"
},
"details": "A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the system.",
"id": "GHSA-7xjg-gxff-2m4m",
"modified": "2026-05-01T18:31:23Z",
"published": "2026-05-01T18:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22166"
},
{
"type": "WEB",
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7XPX-9CRG-RX5Q
Vulnerability from github – Published: 2026-07-03 21:31 – Updated: 2026-07-03 21:31Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
{
"affected": [],
"aliases": [
"CVE-2026-58287"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-03T21:17:03Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.",
"id": "GHSA-7xpx-9crg-rx5q",
"modified": "2026-07-03T21:31:40Z",
"published": "2026-07-03T21:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58287"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58287"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7XQ6-R35J-J33M
Vulnerability from github – Published: 2024-05-22 09:31 – Updated: 2025-01-14 18:31In the Linux kernel, the following vulnerability has been resolved:
can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv
It will trigger UAF for rx_kref of j1939_priv as following.
cpu0 cpu1
j1939_sk_bind(socket0, ndev0, ...) j1939_netdev_start j1939_sk_bind(socket1, ndev0, ...) j1939_netdev_start j1939_priv_set j1939_priv_get_by_ndev_locked j1939_jsk_add ..... j1939_netdev_stop kref_put_lock(&priv->rx_kref, ...) kref_get(&priv->rx_kref, ...) REFCOUNT_WARN("addition on 0;...")
==================================================== refcount_t: addition on 0; use-after-free. WARNING: CPU: 1 PID: 20874 at lib/refcount.c:25 refcount_warn_saturate+0x169/0x1e0 RIP: 0010:refcount_warn_saturate+0x169/0x1e0 Call Trace: j1939_netdev_start+0x68b/0x920 j1939_sk_bind+0x426/0xeb0 ? security_socket_bind+0x83/0xb0
The rx_kref's kref_get() and kref_put() should use j1939_netdev_lock to protect.
{
"affected": [],
"aliases": [
"CVE-2021-47459"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-22T07:15:10Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv\n\nIt will trigger UAF for rx_kref of j1939_priv as following.\n\n cpu0 cpu1\nj1939_sk_bind(socket0, ndev0, ...)\nj1939_netdev_start\n j1939_sk_bind(socket1, ndev0, ...)\n j1939_netdev_start\nj1939_priv_set\n j1939_priv_get_by_ndev_locked\nj1939_jsk_add\n.....\nj1939_netdev_stop\nkref_put_lock(\u0026priv-\u003erx_kref, ...)\n kref_get(\u0026priv-\u003erx_kref, ...)\n REFCOUNT_WARN(\"addition on 0;...\")\n\n====================================================\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 1 PID: 20874 at lib/refcount.c:25 refcount_warn_saturate+0x169/0x1e0\nRIP: 0010:refcount_warn_saturate+0x169/0x1e0\nCall Trace:\n j1939_netdev_start+0x68b/0x920\n j1939_sk_bind+0x426/0xeb0\n ? security_socket_bind+0x83/0xb0\n\nThe rx_kref\u0027s kref_get() and kref_put() should use j1939_netdev_lock to\nprotect.",
"id": "GHSA-7xq6-r35j-j33m",
"modified": "2025-01-14T18:31:50Z",
"published": "2024-05-22T09:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47459"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6e8811707e2df0c6ba920f0cad3a3bca7b42132f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/864e77771a24c877aaf53aee019f78619cbcd668"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a0e47d2833b4f65e6c799f28c6b636d36b8b936d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d9d52a3ebd284882f5562c88e55991add5d01586"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7XRR-C599-C43J
Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-05-24 17:46A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2021-1788"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-02T18:15:00Z",
"severity": "HIGH"
},
"details": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "GHSA-7xrr-c599-c43j",
"modified": "2022-05-24T17:46:21Z",
"published": "2022-05-24T17:46:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1788"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212146"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212147"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212148"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212149"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212152"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4923"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7XVC-FJV7-6J79
Vulnerability from github – Published: 2024-02-15 15:30 – Updated: 2024-02-15 18:30Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-20731"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-15T13:15:47Z",
"severity": "HIGH"
},
"details": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-7xvc-fjv7-6j79",
"modified": "2024-02-15T18:30:41Z",
"published": "2024-02-15T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20731"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1901"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7XVF-M26J-25FW
Vulnerability from github – Published: 2025-03-06 00:31 – Updated: 2025-03-06 00:31In the Linux kernel, the following vulnerability has been resolved:
block: disable the elevator int del_gendisk
The elevator is only used for file system requests, which are stopped in del_gendisk. Move disabling the elevator and freeing the scheduler tags to the end of del_gendisk instead of doing that work in disk_release and blk_cleanup_queue to avoid a use after free on q->tag_set from disk_release as the tag_set might not be alive at that point.
Move the blk_qos_exit call as well, as it just depends on the elevator exit and would be the only reason to keep the not exactly cheap queue freeze in disk_release.
{
"affected": [],
"aliases": [
"CVE-2022-49694"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:44Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: disable the elevator int del_gendisk\n\nThe elevator is only used for file system requests, which are stopped in\ndel_gendisk. Move disabling the elevator and freeing the scheduler tags\nto the end of del_gendisk instead of doing that work in disk_release and\nblk_cleanup_queue to avoid a use after free on q-\u003etag_set from\ndisk_release as the tag_set might not be alive at that point.\n\nMove the blk_qos_exit call as well, as it just depends on the elevator\nexit and would be the only reason to keep the not exactly cheap queue\nfreeze in disk_release.",
"id": "GHSA-7xvf-m26j-25fw",
"modified": "2025-03-06T00:31:56Z",
"published": "2025-03-06T00:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49694"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/50e34d78815e474d410f342fbe783b18192ca518"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f28699fafc047ec33299da01e928c3a0073c5cc6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7XWM-FQXV-H2Q5
Vulnerability from github – Published: 2023-04-19 06:30 – Updated: 2024-04-04 03:34Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2023-2135"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-19T04:15:31Z",
"severity": "HIGH"
},
"details": "Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-7xwm-fqxv-h2q5",
"modified": "2024-04-04T03:34:54Z",
"published": "2023-04-19T06:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2135"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1424337"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202309-17"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5393"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-822V-PGR4-6W5G
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug could only be triggered when accessibility was enabled.. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.
{
"affected": [],
"aliases": [
"CVE-2021-29970"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-05T20:15:00Z",
"severity": "HIGH"
},
"details": "A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.",
"id": "GHSA-822v-pgr4-6w5g",
"modified": "2022-05-24T19:10:12Z",
"published": "2022-05-24T19:10:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29970"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1709976"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-14"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-29"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-30"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.