CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9811 vulnerabilities reference this CWE, most recent first.
GHSA-69G4-9GMG-F5MG
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Use after free in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-56183"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:18:28Z",
"severity": "HIGH"
},
"details": "Use after free in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-69g4-9gmg-f5mg",
"modified": "2026-07-14T18:32:37Z",
"published": "2026-07-14T18:32:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56183"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56183"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-69G9-QC4V-M973
Vulnerability from github – Published: 2022-05-14 00:55 – Updated: 2022-05-14 00:55In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.
{
"affected": [],
"aliases": [
"CVE-2018-19827"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-03T19:29:00Z",
"severity": "HIGH"
},
"details": "In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.",
"id": "GHSA-69g9-qc4v-m973",
"modified": "2022-05-14T00:55:58Z",
"published": "2022-05-14T00:55:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19827"
},
{
"type": "WEB",
"url": "https://github.com/sass/libsass/issues/2782"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-69H7-V29J-QWRM
Vulnerability from github – Published: 2022-05-12 00:00 – Updated: 2022-05-12 00:00Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2022-28242"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-11T18:15:00Z",
"severity": "HIGH"
},
"details": "Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-69h7-v29j-qwrm",
"modified": "2022-05-12T00:00:52Z",
"published": "2022-05-12T00:00:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28242"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb22-16.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-69M3-G558-7XX3
Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2023-01-09 18:30A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.
{
"affected": [],
"aliases": [
"CVE-2021-30741"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-08T14:15:00Z",
"severity": "HIGH"
},
"details": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.",
"id": "GHSA-69m3-g558-7xx3",
"modified": "2023-01-09T18:30:28Z",
"published": "2022-05-24T19:13:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30741"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212528"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-69MG-VW3H-XM3V
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-25 21:31In the Linux kernel, the following vulnerability has been resolved:
Input: edt-ft5x06 - fix use-after-free in debugfs teardown
The commit 68743c500c6e ("Input: edt-ft5x06 - use per-client debugfs directory") removed the manual debugfs teardown, relying on the I2C core to handle it. However, this creates a window where debugfs files are still accessible after edt_ft5x06_ts_teardown_debugfs() frees tsdata->raw_buffer.
To prevent a use-after-free, protect the freeing of raw_buffer with the device mutex and set raw_buffer to NULL. The debugfs read function already checks if raw_buffer is NULL under the same mutex, so this safely avoids the use-after-free.
{
"affected": [],
"aliases": [
"CVE-2026-46097"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:31Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: edt-ft5x06 - fix use-after-free in debugfs teardown\n\nThe commit 68743c500c6e (\"Input: edt-ft5x06 - use per-client debugfs\ndirectory\") removed the manual debugfs teardown, relying on the I2C core\nto handle it. However, this creates a window where debugfs files are\nstill accessible after edt_ft5x06_ts_teardown_debugfs() frees\ntsdata-\u003eraw_buffer.\n\nTo prevent a use-after-free, protect the freeing of raw_buffer with the\ndevice mutex and set raw_buffer to NULL. The debugfs read function\nalready checks if raw_buffer is NULL under the same mutex, so this\nsafely avoids the use-after-free.",
"id": "GHSA-69mg-vw3h-xm3v",
"modified": "2026-06-25T21:31:21Z",
"published": "2026-05-27T15:33:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46097"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9f6c5e7b747d40e1c65cbfcb975857d25154c075"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a516d43886623e3cca5fa3446bed8fc7c7982be2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f5f9e07060519e2287e99019a6de1eb3ebb65c37"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-69PX-R2HQ-HMW3
Vulnerability from github – Published: 2022-05-14 01:04 – Updated: 2022-05-14 01:04Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.
{
"affected": [],
"aliases": [
"CVE-2014-0131"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-03-24T16:40:00Z",
"severity": "LOW"
},
"details": "Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.",
"id": "GHSA-69px-r2hq-hmw3",
"modified": "2022-05-14T01:04:04Z",
"published": "2022-05-14T01:04:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0131"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/1fd819ecb90cc9b822cd84d3056ddba315d3340f"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1074589"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1fd819ecb90cc9b822cd84d3056ddba315d3340f"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1fd819ecb90cc9b822cd84d3056ddba315d3340f"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2014/03/10/4"
},
{
"type": "WEB",
"url": "http://www.spinics.net/lists/netdev/msg274250.html"
},
{
"type": "WEB",
"url": "http://www.spinics.net/lists/netdev/msg274316.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-69Q2-QMCC-6RH3
Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-49677"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T17:15:52Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-69q2-qmcc-6rh3",
"modified": "2025-07-08T18:31:46Z",
"published": "2025-07-08T18:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49677"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49677"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-69Q9-9JGH-W2QC
Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-05-24 19:01A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
{
"affected": [],
"aliases": [
"CVE-2021-1891"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-07T09:15:00Z",
"severity": "HIGH"
},
"details": "A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"id": "GHSA-69q9-9jgh-w2qc",
"modified": "2022-05-24T19:01:48Z",
"published": "2022-05-24T19:01:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1891"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-69VJ-962M-HMHV
Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2022-05-24 17:32A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2019-8846"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-27T21:15:00Z",
"severity": "HIGH"
},
"details": "A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "GHSA-69vj-962m-hmhv",
"modified": "2022-05-24T17:32:27Z",
"published": "2022-05-24T17:32:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8846"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT210785"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT210790"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT210792"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT210793"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT210794"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT210795"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-69VV-8R9H-G8X5
Vulnerability from github – Published: 2022-10-21 12:00 – Updated: 2022-10-24 19:00A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-3625"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-21T06:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.",
"id": "GHSA-69vv-8r9h-g8x5",
"modified": "2022-10-24T19:00:17Z",
"published": "2022-10-21T12:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3625"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=6b4db2e528f650c7fb712961aac36455468d5902"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.211929"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.