CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
967 vulnerabilities reference this CWE, most recent first.
GHSA-8Q2P-WR8Q-HV7C
Vulnerability from github – Published: 2022-05-24 17:21 – Updated: 2022-09-03 00:00net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.
{
"affected": [],
"aliases": [
"CVE-2019-20892"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-25T10:15:00Z",
"severity": "MODERATE"
},
"details": "net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.",
"id": "GHSA-8q2p-wr8q-hv7c",
"modified": "2022-09-03T00:00:23Z",
"published": "2022-05-24T17:21:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20892"
},
{
"type": "WEB",
"url": "https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663027"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202008-12"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/net-snmp/bugs/2923"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4410-1"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/06/25/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8QCW-8M67-996H
Vulnerability from github – Published: 2022-05-14 02:03 – Updated: 2022-05-14 02:03An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.
{
"affected": [],
"aliases": [
"CVE-2017-18201"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-26T14:29:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.",
"id": "GHSA-8qcw-8m67-996h",
"modified": "2022-05-14T02:03:26Z",
"published": "2022-05-14T02:03:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18201"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3246"
},
{
"type": "WEB",
"url": "https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103190"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8R37-8JQ6-Q9M7
Vulnerability from github – Published: 2024-11-07 12:30 – Updated: 2024-11-13 18:31In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()
Clang static checker(scan-build) throws below warning: | drivers/firmware/arm_scmi/driver.c:line 2915, column 2 | Attempt to free released memory.
When devm_add_action_or_reset() fails, scmi_debugfs_common_cleanup() will run twice which causes double free of 'dbg->name'.
Remove the redundant scmi_debugfs_common_cleanup() to fix this problem.
{
"affected": [],
"aliases": [
"CVE-2024-50159"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-07T10:15:07Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()\n\nClang static checker(scan-build) throws below warning\uff1a\n | drivers/firmware/arm_scmi/driver.c:line 2915, column 2\n | Attempt to free released memory.\n\nWhen devm_add_action_or_reset() fails, scmi_debugfs_common_cleanup()\nwill run twice which causes double free of \u0027dbg-\u003ename\u0027.\n\nRemove the redundant scmi_debugfs_common_cleanup() to fix this problem.",
"id": "GHSA-8r37-8jq6-q9m7",
"modified": "2024-11-13T18:31:52Z",
"published": "2024-11-07T12:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50159"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/39b13dce1a91cdfc3bec9238f9e89094551bd428"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6d91d07913aee90556362d648d6a28a1eda419dc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fb324fdaf546bf14bc4c17e0037bca6cb952b121"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8R84-G6V2-VRQ6
Vulnerability from github – Published: 2026-05-01 15:30 – Updated: 2026-05-07 18:30In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: possible double-free of cctx->remote_heap
fastrpc_init_create_static_process() may free cctx->remote_heap on the err_map path but does not clear the pointer. Later, fastrpc_rpmsg_remove() frees cctx->remote_heap again if it is non-NULL, which can lead to a double-free if the INIT_CREATE_STATIC ioctl hits the error path and the rpmsg device is subsequently removed/unbound. Clear cctx->remote_heap after freeing it in the error path to prevent the later cleanup from freeing it again.
This issue was found by an in-house analysis workflow that extracts AST-based information and runs static checks, with LLM assistance for triage, and was confirmed by manual code review. No hardware testing was performed.
{
"affected": [],
"aliases": [
"CVE-2026-31730"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-01T15:16:35Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: possible double-free of cctx-\u003eremote_heap\n\nfastrpc_init_create_static_process() may free cctx-\u003eremote_heap on the\nerr_map path but does not clear the pointer. Later, fastrpc_rpmsg_remove()\nfrees cctx-\u003eremote_heap again if it is non-NULL, which can lead to a\ndouble-free if the INIT_CREATE_STATIC ioctl hits the error path and the rpmsg\ndevice is subsequently removed/unbound.\nClear cctx-\u003eremote_heap after freeing it in the error path to prevent the\nlater cleanup from freeing it again.\n\nThis issue was found by an in-house analysis workflow that extracts AST-based\ninformation and runs static checks, with LLM assistance for triage, and was\nconfirmed by manual code review.\nNo hardware testing was performed.",
"id": "GHSA-8r84-g6v2-vrq6",
"modified": "2026-05-07T18:30:34Z",
"published": "2026-05-01T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31730"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0bdee4118340c5a756220c1b29a7dab86bb0aa65"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3a164f640953cc982804746e772d379171aff5c6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b8e527aca357a6488680713bd88007cf8f547fe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ba2c83167b215da30fa2aae56b140198cf8d8408"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f67d368d26764a357691b2b3a33d3cb55b435bfc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8RM3-JG2C-HVFH
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2024-03-21 03:34** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes."
{
"affected": [],
"aliases": [
"CVE-2021-40145"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-26T01:15:00Z",
"severity": "HIGH"
},
"details": "** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor\u0027s position is \"The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.\"",
"id": "GHSA-8rm3-jg2c-hvfh",
"modified": "2024-03-21T03:34:06Z",
"published": "2022-05-24T19:12:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40145"
},
{
"type": "WEB",
"url": "https://github.com/libgd/libgd/issues/700"
},
{
"type": "WEB",
"url": "https://github.com/libgd/libgd/pull/713"
},
{
"type": "WEB",
"url": "https://github.com/libgd/libgd/commit/c5fd25ce0e48fd5618a972ca9f5e28d6d62006af"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8VHR-8V52-W97W
Vulnerability from github – Published: 2022-05-14 01:46 – Updated: 2022-05-14 01:46In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free.
{
"affected": [],
"aliases": [
"CVE-2017-18174"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-11T18:29:00Z",
"severity": "CRITICAL"
},
"details": "In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free.",
"id": "GHSA-8vhr-8v52-w97w",
"modified": "2022-05-14T01:46:16Z",
"published": "2022-05-14T01:46:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18174"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/251e22abde21833b3d29577e4d8c7aaccd650eee"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/8dca4a41f1ad65043a78c2338d9725f859c8d2c3"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3848-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3848-2"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=251e22abde21833b3d29577e4d8c7aaccd650eee"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8dca4a41f1ad65043a78c2338d9725f859c8d2c3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8VP8-PGP2-HM65
Vulnerability from github – Published: 2024-11-05 09:30 – Updated: 2024-11-05 09:30in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free.
{
"affected": [],
"aliases": [
"CVE-2024-47404"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-05T08:15:03Z",
"severity": "HIGH"
},
"details": "in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free.",
"id": "GHSA-8vp8-pgp2-hm65",
"modified": "2024-11-05T09:30:37Z",
"published": "2024-11-05T09:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47404"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-11.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8WGH-W2F4-V692
Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2024-11-07 00:30In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: fix a double-free in arfs_create_groups
When in allocated by kvzalloc fails, arfs_create_groups will free
ft->g and return an error. However, arfs_create_table, the only caller of
arfs_create_groups, will hold this error and call to
mlx5e_destroy_flow_table, in which the ft->g will be freed again.
{
"affected": [],
"aliases": [
"CVE-2024-35835"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T14:15:20Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: fix a double-free in arfs_create_groups\n\nWhen `in` allocated by kvzalloc fails, arfs_create_groups will free\nft-\u003eg and return an error. However, arfs_create_table, the only caller of\narfs_create_groups, will hold this error and call to\nmlx5e_destroy_flow_table, in which the ft-\u003eg will be freed again.",
"id": "GHSA-8wgh-w2f4-v692",
"modified": "2024-11-07T00:30:35Z",
"published": "2024-05-17T15:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35835"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2501afe6c4c9829d03abe9a368b83d9ea1b611b7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3c6d5189246f590e4e1f167991558bdb72a4738b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/42876db001bbea7558e8676d1019f08f9390addb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/66cc521a739ccd5da057a1cb3d6346c6d0e7619b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b21db3f1ab7967a81d6bbd328d28fe5a4c07a8a7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c57ca114eb00e03274dd38108d07a3750fa3c056"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cf116d9c3c2aebd653c2dfab5b10c278e9ec3ee5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e3d3ed8c152971dbe64c92c9ecb98fdb52abb629"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8WHQ-7XH2-JXHW
Vulnerability from github – Published: 2022-05-17 00:26 – Updated: 2022-05-17 00:26net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986.
{
"affected": [],
"aliases": [
"CVE-2017-6353"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-01T20:59:00Z",
"severity": "MODERATE"
},
"details": "net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986.",
"id": "GHSA-8whq-7xh2-jxhw",
"modified": "2022-05-17T00:26:57Z",
"published": "2022-05-17T00:26:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6353"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/dfcb9f4f99f1e9a49e43398a7bfbf56927544af1"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dfcb9f4f99f1e9a49e43398a7bfbf56927544af1"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3804"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/02/27/2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96473"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8WQR-CPQW-79WQ
Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2025-01-10 18:31In the Linux kernel, the following vulnerability has been resolved:
of: Fix double free in of_parse_phandle_with_args_map
In of_parse_phandle_with_args_map() the inner loop that iterates through the map entries calls of_node_put(new) to free the reference acquired by the previous iteration of the inner loop. This assumes that the value of "new" is NULL on the first iteration of the inner loop.
Make sure that this is true in all iterations of the outer loop by setting "new" to NULL after its value is assigned to "cur".
Extend the unittest to detect the double free and add an additional test case that actually triggers this path.
{
"affected": [],
"aliases": [
"CVE-2023-52679"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T15:15:19Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: Fix double free in of_parse_phandle_with_args_map\n\nIn of_parse_phandle_with_args_map() the inner loop that\niterates through the map entries calls of_node_put(new)\nto free the reference acquired by the previous iteration\nof the inner loop. This assumes that the value of \"new\" is\nNULL on the first iteration of the inner loop.\n\nMake sure that this is true in all iterations of the outer\nloop by setting \"new\" to NULL after its value is assigned to \"cur\".\n\nExtend the unittest to detect the double free and add an additional\ntest case that actually triggers this path.",
"id": "GHSA-8wqr-cpqw-79wq",
"modified": "2025-01-10T18:31:37Z",
"published": "2024-05-17T15:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52679"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/26b4d702c44f9e5cf3c5c001ae619a4a001889db"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4541004084527ce9e95a818ebbc4e6b293ffca21"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4dde83569832f9377362e50f7748463340c5db6b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a0a061151a6200c13149dbcdb6c065203c8425d2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b9d760dae5b10e73369b769073525acd7b3be2bd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cafa992134124e785609a406da4ff2b54052aff7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d5f490343c77e6708b6c4aa7dbbfbcbb9546adea"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.