Common Weakness Enumeration

CWE-415

Allowed

Double Free

Abstraction: Variant · Status: Draft

The product calls free() twice on the same memory address.

967 vulnerabilities reference this CWE, most recent first.

GHSA-5J8W-R7G8-5472

Vulnerability from github – Published: 2022-06-16 23:42 – Updated: 2022-06-16 23:42
VLAI
Summary
Arrow2 allows double free in `safe` code
Details

The struct Ffi_ArrowArray implements #derive(Clone) that is inconsistent with its custom implementation of Drop, resulting in a double free when cloned.

Cloning this struct in safe results in a segmentation fault, which is unsound.

This derive was removed from this struct. All users are advised to either: * bump the patch version of this crate (for versions v0.7,v0.8,v0.9), or * migrate to a more recent version of the crate (when using <0.7).

Doing so elimitates this vulnerability (code no longer compiles).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "arrow2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "arrow2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.8.0"
            },
            {
              "fixed": "0.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "arrow2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.9.0"
            },
            {
              "fixed": "0.9.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-16T23:42:08Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "The struct `Ffi_ArrowArray` implements `#derive(Clone)` that is inconsistent with\nits custom implementation of `Drop`, resulting in a double free when cloned.\n\nCloning this struct in `safe` results in a segmentation fault, which is unsound.\n\nThis derive was removed from this struct. All users are advised to either:\n* bump the patch version of this crate (for versions `v0.7,v0.8,v0.9`), or\n* migrate to a more recent version of  the crate (when using `\u003c0.7`).\n\nDoing so elimitates this vulnerability (code no longer compiles).\n",
  "id": "GHSA-5j8w-r7g8-5472",
  "modified": "2022-06-16T23:42:08Z",
  "published": "2022-06-16T23:42:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jorgecarleitao/arrow2/issues/880"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jorgecarleitao/arrow2"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2022-0012.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Arrow2 allows double free in `safe` code"
}

GHSA-5J9H-62W2-P327

Vulnerability from github – Published: 2022-05-03 03:18 – Updated: 2022-05-03 03:18
VLAI
Details

Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2007-1216"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-04-06T01:19:00Z",
    "severity": "HIGH"
  },
  "details": "Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an \"an invalid direction encoding\".",
  "id": "GHSA-5j9h-62w2-p327",
  "modified": "2022-05-03T03:18:04Z",
  "published": "2022-05-03T03:18:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1216"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33413"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11135"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=305391"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056923"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24706"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24735"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24736"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24740"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24750"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24757"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24785"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24786"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24817"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24966"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25388"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200704-02.xml"
    },
    {
      "type": "WEB",
      "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-003.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2007/dsa-1276"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/419344"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:077"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0095.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/464591/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/464666/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/464814/30/7170/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23282"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1017852"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-449-1"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-093B.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-109A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1218"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1470"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1916"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-5JFV-85HV-2CMX

Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-03-25 12:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: core: Fix handling of lrbp->cmd

ufshcd_queuecommand() may be called two times in a row for a SCSI command before it is completed. Hence make the following changes:

  • In the functions that submit a command, do not check the old value of lrbp->cmd nor clear lrbp->cmd in error paths.

  • In ufshcd_release_scsi_cmd(), do not clear lrbp->cmd.

See also scsi_send_eh_cmnd().

This commit prevents that the following appears if a command times out:

WARNING: at drivers/ufs/core/ufshcd.c:2965 ufshcd_queuecommand+0x6f8/0x9a8 Call trace: ufshcd_queuecommand+0x6f8/0x9a8 scsi_send_eh_cmnd+0x2c0/0x960 scsi_eh_test_devices+0x100/0x314 scsi_eh_ready_devs+0xd90/0x114c scsi_error_handler+0x2b4/0xb70 kthread+0x16c/0x1e0

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53510"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T12:15:54Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix handling of lrbp-\u003ecmd\n\nufshcd_queuecommand() may be called two times in a row for a SCSI command\nbefore it is completed. Hence make the following changes:\n\n - In the functions that submit a command, do not check the old value of\n   lrbp-\u003ecmd nor clear lrbp-\u003ecmd in error paths.\n\n - In ufshcd_release_scsi_cmd(), do not clear lrbp-\u003ecmd.\n\nSee also scsi_send_eh_cmnd().\n\nThis commit prevents that the following appears if a command times out:\n\nWARNING: at drivers/ufs/core/ufshcd.c:2965 ufshcd_queuecommand+0x6f8/0x9a8\nCall trace:\n ufshcd_queuecommand+0x6f8/0x9a8\n scsi_send_eh_cmnd+0x2c0/0x960\n scsi_eh_test_devices+0x100/0x314\n scsi_eh_ready_devs+0xd90/0x114c\n scsi_error_handler+0x2b4/0xb70\n kthread+0x16c/0x1e0",
  "id": "GHSA-5jfv-85hv-2cmx",
  "modified": "2026-03-25T12:30:18Z",
  "published": "2025-10-01T12:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53510"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/49234a401e161a2f2698f4612ab792c49b3cad1b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/549e91a9bbaa0ee480f59357868421a61d369770"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b6d76d63c6d21d5d26c301a46853a2aee72397d5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f3ee24af62681b942bbd799ac77b90a6d7e1fdb1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5JJ2-QHXW-RPQ6

Vulnerability from github – Published: 2026-02-23 21:31 – Updated: 2026-02-24 21:31
VLAI
Details

libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-61145"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-23T19:22:56Z",
    "severity": "MODERATE"
  },
  "details": "libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.",
  "id": "GHSA-5jj2-qhxw-rpq6",
  "modified": "2026-02-24T21:31:41Z",
  "published": "2026-02-23T21:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61145"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/optionGo/062f109569196dbffd8ac12020b42289"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libtiff/libtiff/-/issues/736"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/753"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5JRF-78P7-HW2R

Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2025-01-10 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF

In the unlikely event that workqueue allocation fails and returns NULL in mlx5_mkey_cache_init(), delete the call to mlx5r_umr_resource_cleanup() (which frees the QP) in mlx5_ib_stage_post_ib_reg_umr_init(). This will avoid attempted double free of the same QP when __mlx5_ib_add() does its cleanup.

Resolves a splat:

Syzkaller reported a UAF in ib_destroy_qp_user

workqueue: Failed to create a rescuer kthread for wq "mkey_cache": -EINTR infiniband mlx5_0: mlx5_mkey_cache_init:981:(pid 1642): failed to create work queue infiniband mlx5_0: mlx5_ib_stage_post_ib_reg_umr_init:4075:(pid 1642): mr cache init failed -12 ================================================================== BUG: KASAN: slab-use-after-free in ib_destroy_qp_user (drivers/infiniband/core/verbs.c:2073) Read of size 8 at addr ffff88810da310a8 by task repro_upstream/1642

Call Trace: kasan_report (mm/kasan/report.c:590) ib_destroy_qp_user (drivers/infiniband/core/verbs.c:2073) mlx5r_umr_resource_cleanup (drivers/infiniband/hw/mlx5/umr.c:198) __mlx5_ib_add (drivers/infiniband/hw/mlx5/main.c:4178) mlx5r_probe (drivers/infiniband/hw/mlx5/main.c:4402) ...

Allocated by task 1642: __kmalloc (./include/linux/kasan.h:198 mm/slab_common.c:1026 mm/slab_common.c:1039) create_qp (./include/linux/slab.h:603 ./include/linux/slab.h:720 ./include/rdma/ib_verbs.h:2795 drivers/infiniband/core/verbs.c:1209) ib_create_qp_kernel (drivers/infiniband/core/verbs.c:1347) mlx5r_umr_resource_init (drivers/infiniband/hw/mlx5/umr.c:164) mlx5_ib_stage_post_ib_reg_umr_init (drivers/infiniband/hw/mlx5/main.c:4070) __mlx5_ib_add (drivers/infiniband/hw/mlx5/main.c:4168) mlx5r_probe (drivers/infiniband/hw/mlx5/main.c:4402) ...

Freed by task 1642: __kmem_cache_free (mm/slub.c:1826 mm/slub.c:3809 mm/slub.c:3822) ib_destroy_qp_user (drivers/infiniband/core/verbs.c:2112) mlx5r_umr_resource_cleanup (drivers/infiniband/hw/mlx5/umr.c:198) mlx5_ib_stage_post_ib_reg_umr_init (drivers/infiniband/hw/mlx5/main.c:4076 drivers/infiniband/hw/mlx5/main.c:4065) __mlx5_ib_add (drivers/infiniband/hw/mlx5/main.c:4168) mlx5r_probe (drivers/infiniband/hw/mlx5/main.c:4402) ...

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52851"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T16:15:22Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF\n\nIn the unlikely event that workqueue allocation fails and returns NULL in\nmlx5_mkey_cache_init(), delete the call to\nmlx5r_umr_resource_cleanup() (which frees the QP) in\nmlx5_ib_stage_post_ib_reg_umr_init().  This will avoid attempted double\nfree of the same QP when __mlx5_ib_add() does its cleanup.\n\nResolves a splat:\n\n   Syzkaller reported a UAF in ib_destroy_qp_user\n\n   workqueue: Failed to create a rescuer kthread for wq \"mkey_cache\": -EINTR\n   infiniband mlx5_0: mlx5_mkey_cache_init:981:(pid 1642):\n   failed to create work queue\n   infiniband mlx5_0: mlx5_ib_stage_post_ib_reg_umr_init:4075:(pid 1642):\n   mr cache init failed -12\n   ==================================================================\n   BUG: KASAN: slab-use-after-free in ib_destroy_qp_user (drivers/infiniband/core/verbs.c:2073)\n   Read of size 8 at addr ffff88810da310a8 by task repro_upstream/1642\n\n   Call Trace:\n   \u003cTASK\u003e\n   kasan_report (mm/kasan/report.c:590)\n   ib_destroy_qp_user (drivers/infiniband/core/verbs.c:2073)\n   mlx5r_umr_resource_cleanup (drivers/infiniband/hw/mlx5/umr.c:198)\n   __mlx5_ib_add (drivers/infiniband/hw/mlx5/main.c:4178)\n   mlx5r_probe (drivers/infiniband/hw/mlx5/main.c:4402)\n   ...\n   \u003c/TASK\u003e\n\n   Allocated by task 1642:\n   __kmalloc (./include/linux/kasan.h:198 mm/slab_common.c:1026\n   mm/slab_common.c:1039)\n   create_qp (./include/linux/slab.h:603 ./include/linux/slab.h:720\n   ./include/rdma/ib_verbs.h:2795 drivers/infiniband/core/verbs.c:1209)\n   ib_create_qp_kernel (drivers/infiniband/core/verbs.c:1347)\n   mlx5r_umr_resource_init (drivers/infiniband/hw/mlx5/umr.c:164)\n   mlx5_ib_stage_post_ib_reg_umr_init (drivers/infiniband/hw/mlx5/main.c:4070)\n   __mlx5_ib_add (drivers/infiniband/hw/mlx5/main.c:4168)\n   mlx5r_probe (drivers/infiniband/hw/mlx5/main.c:4402)\n   ...\n\n   Freed by task 1642:\n   __kmem_cache_free (mm/slub.c:1826 mm/slub.c:3809 mm/slub.c:3822)\n   ib_destroy_qp_user (drivers/infiniband/core/verbs.c:2112)\n   mlx5r_umr_resource_cleanup (drivers/infiniband/hw/mlx5/umr.c:198)\n   mlx5_ib_stage_post_ib_reg_umr_init (drivers/infiniband/hw/mlx5/main.c:4076\n   drivers/infiniband/hw/mlx5/main.c:4065)\n   __mlx5_ib_add (drivers/infiniband/hw/mlx5/main.c:4168)\n   mlx5r_probe (drivers/infiniband/hw/mlx5/main.c:4402)\n   ...",
  "id": "GHSA-5jrf-78p7-hw2r",
  "modified": "2025-01-10T18:31:38Z",
  "published": "2024-05-21T18:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52851"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2ef422f063b74adcc4a4a9004b0a87bb55e0a836"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/437f033e30c897bb3723eac9e9003cd9f88d00a3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4f4a7a7d1404297f2a92df0046f7e64dc5c52dd9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6387f269d84e6e149499408c4d1fc805017729b2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5MJX-CFHC-V8VM

Vulnerability from github – Published: 2025-09-24 18:30 – Updated: 2025-09-24 18:30
VLAI
Details

Memory corruption due to double free when multiple threads race to set the timestamp store.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47316"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-24T16:15:36Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption due to double free when multiple threads race to set the timestamp store.",
  "id": "GHSA-5mjx-cfhc-v8vm",
  "modified": "2025-09-24T18:30:30Z",
  "published": "2025-09-24T18:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47316"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5MPG-37CW-J7G5

Vulnerability from github – Published: 2022-02-20 00:00 – Updated: 2026-04-24 15:32
VLAI
Details

In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46700"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-19T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.",
  "id": "GHSA-5mpg-37cw-j7g5",
  "modified": "2026-04-24T15:32:17Z",
  "published": "2022-02-20T00:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46700"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saitoha/libsixel/issues/158"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5P33-CX2M-4X9V

Vulnerability from github – Published: 2025-04-17 21:30 – Updated: 2025-04-17 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

md: fix double free of io_acct_set bioset

Now io_acct_set is alloc and free in personality. Remove the codes that free io_acct_set in md_free and md_stop.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49384"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:15Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix double free of io_acct_set bioset\n\nNow io_acct_set is alloc and free in personality. Remove the codes that\nfree io_acct_set in md_free and md_stop.",
  "id": "GHSA-5p33-cx2m-4x9v",
  "modified": "2025-04-17T21:30:43Z",
  "published": "2025-04-17T21:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49384"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/36a2fc44c574a59ee3b5e2cb327182f227b2b07e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/42b805af102471f53e3c7867b8c2b502ea4eef7e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ea7d7bd90079d96f9c86bdaf0b106e0cd2a70661"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f99d5b5dc8a42c807b5f1176b925aa45d61962ab"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5P3V-8PVQ-68MJ

Vulnerability from github – Published: 2024-04-09 18:30 – Updated: 2024-04-09 18:30
VLAI
Details

Microsoft Excel Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26257"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-09T17:15:47Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Excel Remote Code Execution Vulnerability",
  "id": "GHSA-5p3v-8pvq-68mj",
  "modified": "2024-04-09T18:30:26Z",
  "published": "2024-04-09T18:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26257"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26257"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5P7M-P5M3-7W56

Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31
VLAI
Details

Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47975"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T17:15:37Z",
    "severity": "HIGH"
  },
  "details": "Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-5p7m-p5m3-7w56",
  "modified": "2025-07-08T18:31:44Z",
  "published": "2025-07-08T18:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47975"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47975"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Choose a language that provides automatic memory management.

Mitigation
Implementation

Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.

Mitigation
Implementation

Use a static analysis tool to find double free instances.

No CAPEC attack patterns related to this CWE.