Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9811 vulnerabilities reference this CWE, most recent first.

GHSA-WX5Q-W2FH-F8W8

Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-03-25 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl()

In xe_oa_add_config_ioctl(), we accessed oa_config->id after dropping metrics_lock. Since this lock protects the lifetime of oa_config, an attacker could guess the id and call xe_oa_remove_config_ioctl() with perfect timing, freeing oa_config before we dereference it, leading to a potential use-after-free.

Fix this by caching the id in a local variable while holding the lock.

v2: (Matt A) - Dropped mutex_unlock(&oa->metrics_lock) ordering change from xe_oa_remove_config_ioctl()

(cherry picked from commit 28aeaed130e8e587fd1b73b6d66ca41ccc5a1a31)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-71099"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-13T16:16:09Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl()\n\nIn xe_oa_add_config_ioctl(), we accessed oa_config-\u003eid after dropping\nmetrics_lock. Since this lock protects the lifetime of oa_config, an\nattacker could guess the id and call xe_oa_remove_config_ioctl() with\nperfect timing, freeing oa_config before we dereference it, leading to\na potential use-after-free.\n\nFix this by caching the id in a local variable while holding the lock.\n\nv2: (Matt A)\n- Dropped mutex_unlock(\u0026oa-\u003emetrics_lock) ordering change from\n  xe_oa_remove_config_ioctl()\n\n(cherry picked from commit 28aeaed130e8e587fd1b73b6d66ca41ccc5a1a31)",
  "id": "GHSA-wx5q-w2fh-f8w8",
  "modified": "2026-03-25T18:31:34Z",
  "published": "2026-01-13T18:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71099"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7cdb9a9da935c687563cc682155461fef5f9b48d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c6d30b65b7a44dac52ad49513268adbf19eab4a2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dcb171931954c51a1a7250d558f02b8f36570783"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WX6Q-Q8RV-CM38

Vulnerability from github – Published: 2025-03-06 00:31 – Updated: 2025-03-06 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

bfq: Make sure bfqg for which we are queueing requests is online

Bios queued into BFQ IO scheduler can be associated with a cgroup that was already offlined. This may then cause insertion of this bfq_group into a service tree. But this bfq_group will get freed as soon as last bio associated with it is completed leading to use after free issues for service tree users. Fix the problem by making sure we always operate on online bfq_group. If the bfq_group associated with the bio is not online, we pick the first online parent.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49411"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:17Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbfq: Make sure bfqg for which we are queueing requests is online\n\nBios queued into BFQ IO scheduler can be associated with a cgroup that\nwas already offlined. This may then cause insertion of this bfq_group\ninto a service tree. But this bfq_group will get freed as soon as last\nbio associated with it is completed leading to use after free issues for\nservice tree users. Fix the problem by making sure we always operate on\nonline bfq_group. If the bfq_group associated with the bio is not\nonline, we pick the first online parent.",
  "id": "GHSA-wx6q-q8rv-cm38",
  "modified": "2025-03-06T00:31:55Z",
  "published": "2025-03-06T00:31:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49411"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/075a53b78b815301f8d3dd1ee2cd99554e34f0dd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/51f724bffa3403a5236597e6b75df7329c1ec6e9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6ee0868b0c3ccead5907685fcdcdd0c08dfe4b0b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7781c38552e6cc54ed8e9040279561340516b881"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/97bd6c56bdcb41079e488e31df56809e3b2ce628"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ccddf8cd411c1800863ed357064e56ceffd356bb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WX82-F75F-HQ8V

Vulnerability from github – Published: 2022-12-14 06:30 – Updated: 2023-11-25 12:30
VLAI
Details

Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4440"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-14T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
  "id": "GHSA-wx82-f75f-hq8v",
  "modified": "2023-11-25T12:30:21Z",
  "published": "2022-12-14T06:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4440"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1382761"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-10"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202311-11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WX98-PMV5-4PF5

Vulnerability from github – Published: 2024-12-06 00:31 – Updated: 2024-12-06 21:30
VLAI
Details

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a use-after-free in the nav2_amcl process. This vulnerability is triggered via sending a request to change dynamic parameters.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-38910"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-05T23:15:06Z",
    "severity": "HIGH"
  },
  "details": "Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a use-after-free in the nav2_amcl process. This vulnerability is triggered via sending a request to change dynamic parameters.",
  "id": "GHSA-wx98-pmv5-4pf5",
  "modified": "2024-12-06T21:30:38Z",
  "published": "2024-12-06T00:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38910"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ros-navigation/navigation2/issues/4379"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ros-navigation/navigation2/pull/4397"
    },
    {
      "type": "WEB",
      "url": "https://github.com/GoesM/ROS-CVE-CNVDs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WXG9-XX37-XJ49

Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2026-04-13 18:30
VLAI
Details

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-9715"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-19T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .",
  "id": "GHSA-wxg9-xx37-xj49",
  "modified": "2026-04-13T18:30:34Z",
  "published": "2022-05-24T17:26:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9715"
    },
    {
      "type": "WEB",
      "url": "https://blog.exodusintel.com/2021/04/20/analysis-of-a-use-after-free-vulnerability-in-adobe-acrobat-reader-dc"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-48.html"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9715"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-991"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WXH2-RW77-9FHP

Vulnerability from github – Published: 2022-05-14 01:15 – Updated: 2022-05-14 01:15
VLAI
Details

ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-12929"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-28T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.",
  "id": "GHSA-wxh2-rw77-9fhp",
  "modified": "2022-05-14T01:15:39Z",
  "published": "2022-05-14T01:15:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12929"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:0641"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403"
    },
    {
      "type": "WEB",
      "url": "https://marc.info/?l=linux-ntfs-dev\u0026m=152413769810234\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104588"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WXRG-WM3P-QGWQ

Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2022-05-24 17:25
VLAI
Details

There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152236803

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-0252"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-11T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152236803",
  "id": "GHSA-wxrg-wm3p-qgwq",
  "modified": "2022-05-24T17:25:16Z",
  "published": "2022-05-24T17:25:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0252"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2020-08-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-X223-RPPX-MP7X

Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of templates. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7170.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-17697"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-24T04:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of templates. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7170.",
  "id": "GHSA-x223-rppx-mp7x",
  "modified": "2022-05-13T01:33:50Z",
  "published": "2022-05-13T01:33:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17697"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1215"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X238-W8CX-RJVX

Vulnerability from github – Published: 2022-05-17 03:04 – Updated: 2022-05-17 03:04
VLAI
Details

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to validation functionality. Successful exploitation could lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-2961"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-11T04:59:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to validation functionality. Successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-x238-w8cx-rjvx",
  "modified": "2022-05-17T03:04:02Z",
  "published": "2022-05-17T03:04:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2961"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95343"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037574"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X23F-9G5C-6QMP

Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30
VLAI
Details

Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-27908"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-14T18:16:57Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-x23f-9g5c-6qmp",
  "modified": "2026-04-14T18:30:38Z",
  "published": "2026-04-14T18:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27908"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27908"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.