CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-835R-7GV7-G577
Vulnerability from github – Published: 2024-03-05 09:31 – Updated: 2024-03-05 09:31Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2024 Release 1 due to race condition allows local attackers with system privilege to cause memory corruption.
{
"affected": [],
"aliases": [
"CVE-2024-20833"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-05T08:15:39Z",
"severity": "MODERATE"
},
"details": "Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2024 Release 1 due to race condition allows local attackers with system privilege to cause memory corruption.",
"id": "GHSA-835r-7gv7-g577",
"modified": "2024-03-05T09:31:19Z",
"published": "2024-03-05T09:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20833"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024\u0026month=03"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8374-7847-GP4W
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.
{
"affected": [],
"aliases": [
"CVE-2021-38381"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-10T18:15:00Z",
"severity": "MODERATE"
},
"details": "Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.",
"id": "GHSA-8374-7847-gp4w",
"modified": "2022-05-24T19:10:33Z",
"published": "2022-05-24T19:10:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38381"
},
{
"type": "WEB",
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021961.html"
},
{
"type": "WEB",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.09]"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-837Q-27J3-572Q
Vulnerability from github – Published: 2022-05-17 00:57 – Updated: 2022-05-17 00:57Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs.
{
"affected": [],
"aliases": [
"CVE-2012-5125"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-11-07T11:43:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs.",
"id": "GHSA-837q-27j3-572q",
"modified": "2022-05-17T00:57:40Z",
"published": "2022-05-17T00:57:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5125"
},
{
"type": "WEB",
"url": "https://code.google.com/p/chromium/issues/detail?id=156051"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79872"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15341"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/87083"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/56413"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8399-FJ6C-9HF7
Vulnerability from github – Published: 2022-05-17 02:39 – Updated: 2022-05-17 02:39There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
{
"affected": [],
"aliases": [
"CVE-2017-9953"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-26T23:29:00Z",
"severity": "HIGH"
},
"details": "There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.",
"id": "GHSA-8399-fj6c-9hf7",
"modified": "2022-05-17T02:39:34Z",
"published": "2022-05-17T02:39:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9953"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465061"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-839X-P2JC-Q87X
Vulnerability from github – Published: 2024-02-05 12:30 – Updated: 2024-07-03 18:33Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0.
{
"affected": [],
"aliases": [
"CVE-2023-5249"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-05T10:15:08Z",
"severity": "HIGH"
},
"details": "Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system\u2019s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0.\n\n",
"id": "GHSA-839x-p2jc-q87x",
"modified": "2024-07-03T18:33:27Z",
"published": "2024-02-05T12:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5249"
},
{
"type": "WEB",
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-83CG-48P4-2HXG
Vulnerability from github – Published: 2025-08-12 18:31 – Updated: 2025-08-12 18:31Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-53721"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-12T18:15:41Z",
"severity": "HIGH"
},
"details": "Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-83cg-48p4-2hxg",
"modified": "2025-08-12T18:31:32Z",
"published": "2025-08-12T18:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53721"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53721"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-83GR-6443-3Q7Q
Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-44808"
],
"database_specific": {
"cwe_ids": [
"CWE-122",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T17:17:16Z",
"severity": "HIGH"
},
"details": "Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-83gr-6443-3q7q",
"modified": "2026-06-09T18:30:47Z",
"published": "2026-06-09T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44808"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44808"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-83HH-PJ86-JR69
Vulnerability from github – Published: 2024-07-29 15:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
cachefiles: wait for ondemand_object_worker to finish when dropping object
When queuing ondemand_object_worker() to re-open the object, cachefiles_object is not pinned. The cachefiles_object may be freed when the pending read request is completed intentionally and the related erofs is umounted. If ondemand_object_worker() runs after the object is freed, it will incur use-after-free problem as shown below.
process A processs B process C process D
cachefiles_ondemand_send_req() // send a read req X // wait for its completion
// close ondemand fd
cachefiles_ondemand_fd_release()
// set object as CLOSE
cachefiles_ondemand_daemon_read()
// set object as REOPENING
queue_work(fscache_wq, &info->ondemand_work)
// close /dev/cachefiles
cachefiles_daemon_release
cachefiles_flush_reqs
complete(&req->done)
// read req X is completed // umount the erofs fs cachefiles_put_object() // object will be freed cachefiles_ondemand_deinit_obj_info() kmem_cache_free(object) // both info and object are freed ondemand_object_worker()
When dropping an object, it is no longer necessary to reopen the object, so use cancel_work_sync() to cancel or wait for ondemand_object_worker() to finish.
{
"affected": [],
"aliases": [
"CVE-2024-41051"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-29T15:15:13Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: wait for ondemand_object_worker to finish when dropping object\n\nWhen queuing ondemand_object_worker() to re-open the object,\ncachefiles_object is not pinned. The cachefiles_object may be freed when\nthe pending read request is completed intentionally and the related\nerofs is umounted. If ondemand_object_worker() runs after the object is\nfreed, it will incur use-after-free problem as shown below.\n\nprocess A processs B process C process D\n\ncachefiles_ondemand_send_req()\n// send a read req X\n// wait for its completion\n\n // close ondemand fd\n cachefiles_ondemand_fd_release()\n // set object as CLOSE\n\n cachefiles_ondemand_daemon_read()\n // set object as REOPENING\n queue_work(fscache_wq, \u0026info-\u003eondemand_work)\n\n // close /dev/cachefiles\n cachefiles_daemon_release\n cachefiles_flush_reqs\n complete(\u0026req-\u003edone)\n\n// read req X is completed\n// umount the erofs fs\ncachefiles_put_object()\n// object will be freed\ncachefiles_ondemand_deinit_obj_info()\nkmem_cache_free(object)\n // both info and object are freed\n ondemand_object_worker()\n\nWhen dropping an object, it is no longer necessary to reopen the object,\nso use cancel_work_sync() to cancel or wait for ondemand_object_worker()\nto finish.",
"id": "GHSA-83hh-pj86-jr69",
"modified": "2025-11-04T00:31:00Z",
"published": "2024-07-29T15:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41051"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/12e009d60852f7bce0afc373ca0b320f14150418"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b26525b2183632f16a3a4108fe6a4bfa8afac6ed"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d3179bae72b1b5e555ba839d6d9f40a350a4d78a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ec9289369259d982e735a71437e32e6b4035290c"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-83JF-V646-GP24
Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2024-10-24 06:30In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix use-after-free when reverting termination table
When having multiple dests with termination tables and second one or afterwards fails the driver reverts usage of term tables but doesn't reset the assignment in attr->dests[num_vport_dests].termtbl which case a use-after-free when releasing the rule. Fix by resetting the assignment of termtbl to null.
{
"affected": [],
"aliases": [
"CVE-2022-49025"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T20:15:13Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix use-after-free when reverting termination table\n\nWhen having multiple dests with termination tables and second one\nor afterwards fails the driver reverts usage of term tables but\ndoesn\u0027t reset the assignment in attr-\u003edests[num_vport_dests].termtbl\nwhich case a use-after-free when releasing the rule.\nFix by resetting the assignment of termtbl to null.",
"id": "GHSA-83jf-v646-gp24",
"modified": "2024-10-24T06:30:29Z",
"published": "2024-10-21T21:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49025"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0a2d73a77060c3cbdc6e801cd5d979d674cd404b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0d2f9d95d9fbe993f3c4bafb87d59897b0325aff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/372eb550faa0757349040fd43f59483cbfdb2c0b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/52c795af04441d76f565c4634f893e5b553df2ae"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e6d2d26a49c3a9cd46b232975e45236304810904"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-83MC-PMQP-53X3
Vulnerability from github – Published: 2022-05-14 03:38 – Updated: 2022-05-14 03:38The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.
{
"affected": [],
"aliases": [
"CVE-2017-12374"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-26T20:29:00Z",
"severity": "HIGH"
},
"details": "The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.",
"id": "GHSA-83mc-pmqp-53x3",
"modified": "2022-05-14T03:38:01Z",
"published": "2022-05-14T03:38:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12374"
},
{
"type": "WEB",
"url": "https://bugzilla.clamav.net/show_bug.cgi?id=11939"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3550-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3550-2"
},
{
"type": "WEB",
"url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.