Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9805 vulnerabilities reference this CWE, most recent first.

GHSA-X6VG-GVF6-HMP9

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-10-27 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

blktrace: Fix uaf in blk_trace access after removing by sysfs

There is an use-after-free problem triggered by following process:

  P1(sda)               P2(sdb)
        echo 0 > /sys/block/sdb/trace/enable
          blk_trace_remove_queue
            synchronize_rcu
            blk_trace_free
              relay_close

rcu_read_lock __blk_add_trace trace_note_tsk (Iterate running_trace_list) relay_close_buf relay_destroy_buf kfree(buf) trace_note(sdb's bt) relay_reserve buf->offset <- nullptr deference (use-after-free) !!! rcu_read_unlock

[ 502.714379] BUG: kernel NULL pointer dereference, address: 0000000000000010 [ 502.715260] #PF: supervisor read access in kernel mode [ 502.715903] #PF: error_code(0x0000) - not-present page [ 502.716546] PGD 103984067 P4D 103984067 PUD 17592b067 PMD 0 [ 502.717252] Oops: 0000 [#1] SMP [ 502.720308] RIP: 0010:trace_note.isra.0+0x86/0x360 [ 502.732872] Call Trace: [ 502.733193] __blk_add_trace.cold+0x137/0x1a3 [ 502.733734] blk_add_trace_rq+0x7b/0xd0 [ 502.734207] blk_add_trace_rq_issue+0x54/0xa0 [ 502.734755] blk_mq_start_request+0xde/0x1b0 [ 502.735287] scsi_queue_rq+0x528/0x1140 ... [ 502.742704] sg_new_write.isra.0+0x16e/0x3e0 [ 502.747501] sg_ioctl+0x466/0x1100

Reproduce method: ioctl(/dev/sda, BLKTRACESETUP, blk_user_trace_setup[buf_size=127]) ioctl(/dev/sda, BLKTRACESTART) ioctl(/dev/sdb, BLKTRACESETUP, blk_user_trace_setup[buf_size=127]) ioctl(/dev/sdb, BLKTRACESTART)

echo 0 > /sys/block/sdb/trace/enable & // Add delay(mdelay/msleep) before kernel enters blk_trace_free()

ioctl$SG_IO(/dev/sda, SG_IO, ...) // Enters trace_note_tsk() after blk_trace_free() returned // Use mdelay in rcu region rather than msleep(which may schedule out)

Remove blk_trace from running_list before calling blk_trace_free() by sysfs if blk_trace is at Blktrace_running state.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47375"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:23Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblktrace: Fix uaf in blk_trace access after removing by sysfs\n\nThere is an use-after-free problem triggered by following process:\n\n      P1(sda)\t\t\t\tP2(sdb)\n\t\t\techo 0 \u003e /sys/block/sdb/trace/enable\n\t\t\t  blk_trace_remove_queue\n\t\t\t    synchronize_rcu\n\t\t\t    blk_trace_free\n\t\t\t      relay_close\nrcu_read_lock\n__blk_add_trace\n  trace_note_tsk\n  (Iterate running_trace_list)\n\t\t\t        relay_close_buf\n\t\t\t\t  relay_destroy_buf\n\t\t\t\t    kfree(buf)\n    trace_note(sdb\u0027s bt)\n      relay_reserve\n        buf-\u003eoffset \u003c- nullptr deference (use-after-free) !!!\nrcu_read_unlock\n\n[  502.714379] BUG: kernel NULL pointer dereference, address:\n0000000000000010\n[  502.715260] #PF: supervisor read access in kernel mode\n[  502.715903] #PF: error_code(0x0000) - not-present page\n[  502.716546] PGD 103984067 P4D 103984067 PUD 17592b067 PMD 0\n[  502.717252] Oops: 0000 [#1] SMP\n[  502.720308] RIP: 0010:trace_note.isra.0+0x86/0x360\n[  502.732872] Call Trace:\n[  502.733193]  __blk_add_trace.cold+0x137/0x1a3\n[  502.733734]  blk_add_trace_rq+0x7b/0xd0\n[  502.734207]  blk_add_trace_rq_issue+0x54/0xa0\n[  502.734755]  blk_mq_start_request+0xde/0x1b0\n[  502.735287]  scsi_queue_rq+0x528/0x1140\n...\n[  502.742704]  sg_new_write.isra.0+0x16e/0x3e0\n[  502.747501]  sg_ioctl+0x466/0x1100\n\nReproduce method:\n  ioctl(/dev/sda, BLKTRACESETUP, blk_user_trace_setup[buf_size=127])\n  ioctl(/dev/sda, BLKTRACESTART)\n  ioctl(/dev/sdb, BLKTRACESETUP, blk_user_trace_setup[buf_size=127])\n  ioctl(/dev/sdb, BLKTRACESTART)\n\n  echo 0 \u003e /sys/block/sdb/trace/enable \u0026\n  // Add delay(mdelay/msleep) before kernel enters blk_trace_free()\n\n  ioctl$SG_IO(/dev/sda, SG_IO, ...)\n  // Enters trace_note_tsk() after blk_trace_free() returned\n  // Use mdelay in rcu region rather than msleep(which may schedule out)\n\nRemove blk_trace from running_list before calling blk_trace_free() by\nsysfs if blk_trace is at Blktrace_running state.",
  "id": "GHSA-x6vg-gvf6-hmp9",
  "modified": "2024-10-27T15:30:43Z",
  "published": "2024-05-21T15:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47375"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3815fe7371d2411ce164281cef40d9fc7b323dee"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/488da313edf3abea7f7733efe011c96b23740ab5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5afedf670caf30a2b5a52da96eb7eac7dee6a9c9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/677e362ba807f3aafe6f405c07e0b37244da5222"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a5f8e86192612d0183047448d8bbe7918b3f1a26"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d56171d9360c0170c5c5f8f7e2362a2e999eca40"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dacfd5e4d1142bfb3809aab3634a375f6f373269"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ebb8d26d93c3ec3c7576c52a8373a2309423c069"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X6XM-M3J7-465M

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onBlur events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6334.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-17616"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-29T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onBlur events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6334.",
  "id": "GHSA-x6xm-m3j7-465m",
  "modified": "2022-05-13T01:34:02Z",
  "published": "2022-05-13T01:34:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17616"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://zerodayinitiative.com/advisories/ZDI-18-1097"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X74X-9VC6-FMQ8

Vulnerability from github – Published: 2023-08-10 15:30 – Updated: 2024-04-04 06:47
VLAI
Details

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38222"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-10T14:15:12Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-x74x-9vc6-fmq8",
  "modified": "2024-04-04T06:47:26Z",
  "published": "2023-08-10T15:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38222"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb23-30.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X75Q-532J-6F9M

Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09
VLAI
Details

Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-30581"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-03T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-x75q-532j-6f9m",
  "modified": "2022-05-24T19:09:42Z",
  "published": "2022-05-24T19:09:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30581"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1194431"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LVY4WIWTVVYKQMROJJS365TZBKEARCF"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-X77F-2WPM-X48R

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-03 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: dvbdev: adopts refcnt to avoid UAF

dvb_unregister_device() is known that prone to use-after-free. That is, the cleanup from dvb_unregister_device() releases the dvb_device even if there are pointers stored in file->private_data still refer to it.

This patch adds a reference counter into struct dvb_device and delays its deallocation until no pointer refers to the object.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50274"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:38Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: adopts refcnt to avoid UAF\n\ndvb_unregister_device() is known that prone to use-after-free.\nThat is, the cleanup from dvb_unregister_device() releases the dvb_device\neven if there are pointers stored in file-\u003eprivate_data still refer to it.\n\nThis patch adds a reference counter into struct dvb_device and delays its\ndeallocation until no pointer refers to the object.",
  "id": "GHSA-x77f-2wpm-x48r",
  "modified": "2025-12-03T18:30:20Z",
  "published": "2025-09-15T15:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50274"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0fc044b2b5e2d05a1fa1fb0d7f270367a7855d79"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/219b44bf94203bd433aa91b7796475bf656348e5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2abd73433872194bccdf1432a0980e4ec5273c2a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6d18b44bb44e1f4d97dfe0efe92ac0f0984739c2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/88a6f8a72d167294c0931c7874941bf37a41b6dd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9945d05d6693710574f354c5dbddc47f5101eb77"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a2f0a08aa613176c9688c81d7b598a7779974991"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ac521bbe3d00fa574e66a9361763f2b37725bc97"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X77R-6XXM-WJMX

Vulnerability from github – Published: 2024-02-04 18:30 – Updated: 2025-11-04 00:30
VLAI
Details

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-25062"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-04T16:15:45Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.",
  "id": "GHSA-x77r-6xxm-wjmx",
  "modified": "2025-11-04T00:30:45Z",
  "published": "2024-02-04T18:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25062"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20241018-0009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X78R-6W48-6G3Q

Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2025-11-04 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Disassociate vcpus from redistributor region on teardown

When tearing down a redistributor region, make sure we don't have any dangling pointer to that region stored in a vcpu.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-40989"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-12T13:15:20Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Disassociate vcpus from redistributor region on teardown\n\nWhen tearing down a redistributor region, make sure we don\u0027t have\nany dangling pointer to that region stored in a vcpu.",
  "id": "GHSA-x78r-6w48-6g3q",
  "modified": "2025-11-04T00:30:57Z",
  "published": "2024-07-12T15:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40989"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/152b4123f21e6aff31cea01158176ad96a999c76"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/48bb62859d47c5c4197a8c01128d0fa4f46ee58c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/68df4fc449fcc24347209e500ce26d5816705a77"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X79X-88MR-RG7Q

Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30
VLAI
Details

Kofax Power PDF U3D File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-20472.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38078"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T02:15:48Z",
    "severity": "LOW"
  },
  "details": "Kofax Power PDF U3D File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-20472.",
  "id": "GHSA-x79x-88mr-rg7q",
  "modified": "2024-05-03T03:30:54Z",
  "published": "2024-05-03T03:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38078"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-956"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X7FM-CX6H-8JQR

Vulnerability from github – Published: 2026-05-29 00:38 – Updated: 2026-05-29 12:31
VLAI
Details

Use after free in WebXR in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-9995"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-28T23:16:57Z",
    "severity": "HIGH"
  },
  "details": "Use after free in WebXR in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-x7fm-cx6h-8jqr",
  "modified": "2026-05-29T12:31:25Z",
  "published": "2026-05-29T00:38:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9995"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/513256572"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X7G8-97JM-3VPJ

Vulnerability from github – Published: 2022-09-10 00:00 – Updated: 2022-09-11 00:00
VLAI
Details

A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-36855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-09T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.",
  "id": "GHSA-x7g8-97jm-3vpj",
  "modified": "2022-09-11T00:00:30Z",
  "published": "2022-09-10T00:00:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36855"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=09"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.