Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-7XFV-2P7X-FHMV

Vulnerability from github – Published: 2024-02-26 18:30 – Updated: 2024-08-29 00:31
VLAI
Details

fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26455"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-26T18:15:07Z",
    "severity": "HIGH"
  },
  "details": "fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.",
  "id": "GHSA-7xfv-2p7x-fhmv",
  "modified": "2024-08-29T00:31:34Z",
  "published": "2024-02-26T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26455"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LuMingYinDetect/fluent-bit_defects/blob/main/fluent-bit_detect_1.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7XH6-Q259-9VJ8

Vulnerability from github – Published: 2024-05-14 18:31 – Updated: 2024-05-14 18:31
VLAI
Details

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-30049"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T17:17:20Z",
    "severity": "HIGH"
  },
  "details": "Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability",
  "id": "GHSA-7xh6-q259-9vj8",
  "modified": "2024-05-14T18:31:05Z",
  "published": "2024-05-14T18:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30049"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30049"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7XJG-GXFF-2M4M

Vulnerability from github – Published: 2026-05-01 18:31 – Updated: 2026-05-01 18:31
VLAI
Details

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-22166"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-01T16:16:29Z",
    "severity": "CRITICAL"
  },
  "details": "A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the system.",
  "id": "GHSA-7xjg-gxff-2m4m",
  "modified": "2026-05-01T18:31:23Z",
  "published": "2026-05-01T18:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22166"
    },
    {
      "type": "WEB",
      "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7XPX-9CRG-RX5Q

Vulnerability from github – Published: 2026-07-03 21:31 – Updated: 2026-07-03 21:31
VLAI
Details

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-58287"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-03T21:17:03Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.",
  "id": "GHSA-7xpx-9crg-rx5q",
  "modified": "2026-07-03T21:31:40Z",
  "published": "2026-07-03T21:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58287"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58287"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7XQ6-R35J-J33M

Vulnerability from github – Published: 2024-05-22 09:31 – Updated: 2025-01-14 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv

It will trigger UAF for rx_kref of j1939_priv as following.

    cpu0                                    cpu1

j1939_sk_bind(socket0, ndev0, ...) j1939_netdev_start j1939_sk_bind(socket1, ndev0, ...) j1939_netdev_start j1939_priv_set j1939_priv_get_by_ndev_locked j1939_jsk_add ..... j1939_netdev_stop kref_put_lock(&priv->rx_kref, ...) kref_get(&priv->rx_kref, ...) REFCOUNT_WARN("addition on 0;...")

==================================================== refcount_t: addition on 0; use-after-free. WARNING: CPU: 1 PID: 20874 at lib/refcount.c:25 refcount_warn_saturate+0x169/0x1e0 RIP: 0010:refcount_warn_saturate+0x169/0x1e0 Call Trace: j1939_netdev_start+0x68b/0x920 j1939_sk_bind+0x426/0xeb0 ? security_socket_bind+0x83/0xb0

The rx_kref's kref_get() and kref_put() should use j1939_netdev_lock to protect.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-22T07:15:10Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv\n\nIt will trigger UAF for rx_kref of j1939_priv as following.\n\n        cpu0                                    cpu1\nj1939_sk_bind(socket0, ndev0, ...)\nj1939_netdev_start\n                                        j1939_sk_bind(socket1, ndev0, ...)\n                                        j1939_netdev_start\nj1939_priv_set\n                                        j1939_priv_get_by_ndev_locked\nj1939_jsk_add\n.....\nj1939_netdev_stop\nkref_put_lock(\u0026priv-\u003erx_kref, ...)\n                                        kref_get(\u0026priv-\u003erx_kref, ...)\n                                        REFCOUNT_WARN(\"addition on 0;...\")\n\n====================================================\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 1 PID: 20874 at lib/refcount.c:25 refcount_warn_saturate+0x169/0x1e0\nRIP: 0010:refcount_warn_saturate+0x169/0x1e0\nCall Trace:\n j1939_netdev_start+0x68b/0x920\n j1939_sk_bind+0x426/0xeb0\n ? security_socket_bind+0x83/0xb0\n\nThe rx_kref\u0027s kref_get() and kref_put() should use j1939_netdev_lock to\nprotect.",
  "id": "GHSA-7xq6-r35j-j33m",
  "modified": "2025-01-14T18:31:50Z",
  "published": "2024-05-22T09:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47459"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6e8811707e2df0c6ba920f0cad3a3bca7b42132f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/864e77771a24c877aaf53aee019f78619cbcd668"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a0e47d2833b4f65e6c799f28c6b636d36b8b936d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d9d52a3ebd284882f5562c88e55991add5d01586"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7XRR-C599-C43J

Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-05-24 17:46
VLAI
Details

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1788"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-02T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.",
  "id": "GHSA-7xrr-c599-c43j",
  "modified": "2022-05-24T17:46:21Z",
  "published": "2022-05-24T17:46:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1788"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212146"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212147"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212148"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212149"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212152"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4923"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7XVC-FJV7-6J79

Vulnerability from github – Published: 2024-02-15 15:30 – Updated: 2024-02-15 18:30
VLAI
Details

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20731"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-15T13:15:47Z",
    "severity": "HIGH"
  },
  "details": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-7xvc-fjv7-6j79",
  "modified": "2024-02-15T18:30:41Z",
  "published": "2024-02-15T15:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20731"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1901"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7XVF-M26J-25FW

Vulnerability from github – Published: 2025-03-06 00:31 – Updated: 2025-03-06 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

block: disable the elevator int del_gendisk

The elevator is only used for file system requests, which are stopped in del_gendisk. Move disabling the elevator and freeing the scheduler tags to the end of del_gendisk instead of doing that work in disk_release and blk_cleanup_queue to avoid a use after free on q->tag_set from disk_release as the tag_set might not be alive at that point.

Move the blk_qos_exit call as well, as it just depends on the elevator exit and would be the only reason to keep the not exactly cheap queue freeze in disk_release.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49694"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:44Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: disable the elevator int del_gendisk\n\nThe elevator is only used for file system requests, which are stopped in\ndel_gendisk.  Move disabling the elevator and freeing the scheduler tags\nto the end of del_gendisk instead of doing that work in disk_release and\nblk_cleanup_queue to avoid a use after free on q-\u003etag_set from\ndisk_release as the tag_set might not be alive at that point.\n\nMove the blk_qos_exit call as well, as it just depends on the elevator\nexit and would be the only reason to keep the not exactly cheap queue\nfreeze in disk_release.",
  "id": "GHSA-7xvf-m26j-25fw",
  "modified": "2025-03-06T00:31:56Z",
  "published": "2025-03-06T00:31:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49694"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/50e34d78815e474d410f342fbe783b18192ca518"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f28699fafc047ec33299da01e928c3a0073c5cc6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7XWM-FQXV-H2Q5

Vulnerability from github – Published: 2023-04-19 06:30 – Updated: 2024-04-04 03:34
VLAI
Details

Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2135"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-19T04:15:31Z",
    "severity": "HIGH"
  },
  "details": "Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-7xwm-fqxv-h2q5",
  "modified": "2024-04-04T03:34:54Z",
  "published": "2023-04-19T06:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2135"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1424337"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202309-17"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5393"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-822V-PGR4-6W5G

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10
VLAI
Details

A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug could only be triggered when accessibility was enabled.. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-29970"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-05T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.",
  "id": "GHSA-822v-pgr4-6w5g",
  "modified": "2022-05-24T19:10:12Z",
  "published": "2022-05-24T19:10:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29970"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1709976"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202202-03"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-14"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-28"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-29"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-30"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.