Common Weakness Enumeration

CWE-415

Allowed

Double Free

Abstraction: Variant · Status: Draft

The product calls free() twice on the same memory address.

967 vulnerabilities reference this CWE, most recent first.

GHSA-7594-89X5-4CR4

Vulnerability from github – Published: 2022-05-17 03:03 – Updated: 2025-04-20 03:31
VLAI
Details

Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-3177"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-23T21:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.",
  "id": "GHSA-7594-89x5-4cr4",
  "modified": "2025-04-20T03:31:27Z",
  "published": "2022-05-17T03:03:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3177"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/giflib/bugs/83"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/03/16/12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-76G6-5V2W-PW2H

Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2025-01-10 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

vhost-vdpa: fix use after free in vhost_vdpa_probe()

The put_device() calls vhost_vdpa_release_dev() which calls ida_simple_remove() and frees "v". So this call to ida_simple_remove() is a use after free and a double free.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52795"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T16:15:18Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost-vdpa: fix use after free in vhost_vdpa_probe()\n\nThe put_device() calls vhost_vdpa_release_dev() which calls\nida_simple_remove() and frees \"v\".  So this call to\nida_simple_remove() is a use after free and a double free.",
  "id": "GHSA-76g6-5v2w-pw2h",
  "modified": "2025-01-10T18:31:37Z",
  "published": "2024-05-21T18:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52795"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ae8ea4e200675a940c365b496ef8e3fb4123601c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bf04132cd64ccde4e9e9765d489c83fe83c09b7f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c0f8b8fb7df9d1a38652eb5aa817afccd3c56111"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e07754e0a1ea2d63fb29574253d1fd7405607343"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-76M2-73WX-8HJ7

Vulnerability from github – Published: 2024-05-22 09:31 – Updated: 2025-01-06 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

regmap: Fix possible double-free in regcache_rbtree_exit()

In regcache_rbtree_insert_to_block(), when 'present' realloc failed, the 'blk' which is supposed to assign to 'rbnode->block' will be freed, so 'rbnode->block' points a freed memory, in the error handling path of regcache_rbtree_init(), 'rbnode->block' will be freed again in regcache_rbtree_exit(), KASAN will report double-free as follows:

BUG: KASAN: double-free or invalid-free in kfree+0xce/0x390 Call Trace: slab_free_freelist_hook+0x10d/0x240 kfree+0xce/0x390 regcache_rbtree_exit+0x15d/0x1a0 regcache_rbtree_init+0x224/0x2c0 regcache_init+0x88d/0x1310 __regmap_init+0x3151/0x4a80 __devm_regmap_init+0x7d/0x100 madera_spi_probe+0x10f/0x333 [madera_spi] spi_probe+0x183/0x210 really_probe+0x285/0xc30

To fix this, moving up the assignment of rbnode->block to immediately after the reallocation has succeeded so that the data structure stays valid even if the second reallocation fails.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47483"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-22T09:15:10Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: Fix possible double-free in regcache_rbtree_exit()\n\nIn regcache_rbtree_insert_to_block(), when \u0027present\u0027 realloc failed,\nthe \u0027blk\u0027 which is supposed to assign to \u0027rbnode-\u003eblock\u0027 will be freed,\nso \u0027rbnode-\u003eblock\u0027 points a freed memory, in the error handling path of\nregcache_rbtree_init(), \u0027rbnode-\u003eblock\u0027 will be freed again in\nregcache_rbtree_exit(), KASAN will report double-free as follows:\n\nBUG: KASAN: double-free or invalid-free in kfree+0xce/0x390\nCall Trace:\n slab_free_freelist_hook+0x10d/0x240\n kfree+0xce/0x390\n regcache_rbtree_exit+0x15d/0x1a0\n regcache_rbtree_init+0x224/0x2c0\n regcache_init+0x88d/0x1310\n __regmap_init+0x3151/0x4a80\n __devm_regmap_init+0x7d/0x100\n madera_spi_probe+0x10f/0x333 [madera_spi]\n spi_probe+0x183/0x210\n really_probe+0x285/0xc30\n\nTo fix this, moving up the assignment of rbnode-\u003eblock to immediately after\nthe reallocation has succeeded so that the data structure stays valid even\nif the second reallocation fails.",
  "id": "GHSA-76m2-73wx-8hj7",
  "modified": "2025-01-06T21:30:49Z",
  "published": "2024-05-22T09:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47483"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1cead23c1c0bc766dacb900a3b0269f651ad596f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/36e911a16b377bde0ad91a8c679069d0d310b1a6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3dae1a4eced3ee733d7222e69b8a55caf2d61091"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/50cc1462a668dc62949a1127388bc3af785ce047"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/55e6d8037805b3400096d621091dfbf713f97e83"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/758ced2c3878ff789801e6fee808e185c5cf08d6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e72dce9afbdbfa70d9b44f5908a50ff6c4858999"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fc081477b47dfc3a6cb50a96087fc29674013fc2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-774V-X675-J22M

Vulnerability from github – Published: 2025-07-08 15:32 – Updated: 2025-07-08 15:32
VLAI
Details

Memory corruption while retrieving the CBOR data from TA.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21432"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T13:15:29Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption while retrieving the CBOR data from TA.",
  "id": "GHSA-774v-x675-j22m",
  "modified": "2025-07-08T15:32:02Z",
  "published": "2025-07-08T15:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21432"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-77Q3-4VM7-HR7J

Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30
VLAI
Details

Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-32170"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-12T18:16:58Z",
    "severity": "MODERATE"
  },
  "details": "Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-77q3-4vm7-hr7j",
  "modified": "2026-05-12T18:30:41Z",
  "published": "2026-05-12T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32170"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32170"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7864-H326-5M8J

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44
VLAI
Details

In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174052148

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0397"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-10T16:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174052148",
  "id": "GHSA-7864-h326-5m8j",
  "modified": "2022-05-24T17:44:09Z",
  "published": "2022-05-24T17:44:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0397"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2021-03-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-78PF-52M8-MXJC

Vulnerability from github – Published: 2022-05-24 22:00 – Updated: 2022-05-24 22:00
VLAI
Details

In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-2115"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-05T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-78pf-52m8-mxjc",
  "modified": "2022-05-24T22:00:26Z",
  "published": "2022-05-24T22:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2115"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2019-09-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-7C73-PPWR-83WP

Vulnerability from github – Published: 2022-05-14 01:29 – Updated: 2022-05-14 01:29
VLAI
Details

The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7480"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-25T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.",
  "id": "GHSA-7c73-ppwr-83wp",
  "modified": "2022-05-14T01:29:14Z",
  "published": "2022-05-14T01:29:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7480"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/9b54d816e00425c3a517514e0d677bb3cec49258"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3654-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3654-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3656-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4188"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b54d816e00425c3a517514e0d677bb3cec49258"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7CJC-HVXF-GQH7

Vulnerability from github – Published: 2021-08-25 20:47 – Updated: 2021-08-19 21:18
VLAI
Summary
Use after free and double free in bitvec
Details

An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "bitvec"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.11.0"
            },
            {
              "fixed": "0.17.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-35862"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415",
      "CWE-416"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T21:18:16Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free.",
  "id": "GHSA-7cjc-hvxf-gqh7",
  "modified": "2021-08-19T21:18:16Z",
  "published": "2021-08-25T20:47:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35862"
    },
    {
      "type": "WEB",
      "url": "https://github.com/myrrlyn/bitvec/issues/55"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/myrrlyn/bitvec"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0007.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Use after free and double free in bitvec"
}

GHSA-7CWC-RHFJ-QP22

Vulnerability from github – Published: 2022-05-14 01:05 – Updated: 2022-05-14 01:05
VLAI
Details

GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-11139"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-10T03:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.",
  "id": "GHSA-7cwc-rhfj-qp22",
  "modified": "2022-05-14T01:05:48Z",
  "published": "2022-05-14T01:05:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11139"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4321"
    },
    {
      "type": "WEB",
      "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/4d0baa77245b"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99504"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Choose a language that provides automatic memory management.

Mitigation
Implementation

Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.

Mitigation
Implementation

Use a static analysis tool to find double free instances.

No CAPEC attack patterns related to this CWE.