CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
967 vulnerabilities reference this CWE, most recent first.
GHSA-CVHW-2593-5J2Q
Vulnerability from github – Published: 2021-10-12 22:00 – Updated: 2021-11-18 15:34OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. This issue was fixed in OpenCV version 3.3.1 (corresponding to OpenCV-Python and and OpenCV-Contrib-Python 3.3.1.11).
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.3.0.10"
},
"package": {
"ecosystem": "PyPI",
"name": "opencv-python"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.1.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.3.0.10"
},
"package": {
"ecosystem": "PyPI",
"name": "opencv-contrib-python"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.1.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-1516"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": true,
"github_reviewed_at": "2021-10-08T18:44:07Z",
"nvd_published_at": "2017-04-10T03:59:00Z",
"severity": "HIGH"
},
"details": "OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. This issue was fixed in OpenCV version 3.3.1 (corresponding to OpenCV-Python and and OpenCV-Contrib-Python 3.3.1.11).",
"id": "GHSA-cvhw-2593-5j2q",
"modified": "2021-11-18T15:34:33Z",
"published": "2021-10-12T22:00:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1516"
},
{
"type": "WEB",
"url": "https://github.com/opencv/opencv/issues/5956"
},
{
"type": "WEB",
"url": "https://github.com/opencv/opencv/pull/9376"
},
{
"type": "WEB",
"url": "https://arxiv.org/pdf/1701.04739.pdf"
},
{
"type": "PACKAGE",
"url": "https://github.com/opencv/opencv-python"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Double Free in OpenCV"
}
GHSA-CVJF-HV92-7HW3
Vulnerability from github – Published: 2022-04-13 00:00 – Updated: 2022-04-21 00:00Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.
{
"affected": [],
"aliases": [
"CVE-2022-27416"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-12T20:15:00Z",
"severity": "HIGH"
},
"details": "Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.",
"id": "GHSA-cvjf-hv92-7hw3",
"modified": "2022-04-21T00:00:43Z",
"published": "2022-04-13T00:00:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27416"
},
{
"type": "WEB",
"url": "https://github.com/appneta/tcpreplay/issues/702"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-08"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CVX2-PHG2-QP2H
Vulnerability from github – Published: 2025-05-23 03:32 – Updated: 2025-05-27 18:30A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2025-5100"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-23T02:15:22Z",
"severity": "HIGH"
},
"details": "A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution.",
"id": "GHSA-cvx2-phg2-qp2h",
"modified": "2025-05-27T18:30:48Z",
"published": "2025-05-23T03:32:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5100"
},
{
"type": "WEB",
"url": "https://korelogic.com/Resources/Advisories/KL-001-2025-005.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-CW7C-WP8J-JM6J
Vulnerability from github – Published: 2026-05-01 15:30 – Updated: 2026-05-07 21:30In the Linux kernel, the following vulnerability has been resolved:
accel/qaic: Handle DBC deactivation if the owner went away
When a DBC is released, the device sends a QAIC_TRANS_DEACTIVATE_FROM_DEV transaction to the host over the QAIC_CONTROL MHI channel. QAIC handles this by calling decode_deactivate() to release the resources allocated for that DBC. Since that handling is done in the qaic_manage_ioctl() context, if the user goes away before receiving and handling the deactivation, the host will be out-of-sync with the DBCs available for use, and the DBC resources will not be freed unless the device is removed. If another user loads and requests to activate a network, then the device assigns the same DBC to that network, QAIC will "indefinitely" wait for dbc->in_use = false, leading the user process to hang.
As a solution to this, handle QAIC_TRANS_DEACTIVATE_FROM_DEV transactions that are received after the user has gone away.
{
"affected": [],
"aliases": [
"CVE-2026-43007"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-01T15:16:44Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Handle DBC deactivation if the owner went away\n\nWhen a DBC is released, the device sends a QAIC_TRANS_DEACTIVATE_FROM_DEV\ntransaction to the host over the QAIC_CONTROL MHI channel. QAIC handles\nthis by calling decode_deactivate() to release the resources allocated for\nthat DBC. Since that handling is done in the qaic_manage_ioctl() context,\nif the user goes away before receiving and handling the deactivation, the\nhost will be out-of-sync with the DBCs available for use, and the DBC\nresources will not be freed unless the device is removed. If another user\nloads and requests to activate a network, then the device assigns the same\nDBC to that network, QAIC will \"indefinitely\" wait for dbc-\u003ein_use = false,\nleading the user process to hang.\n\nAs a solution to this, handle QAIC_TRANS_DEACTIVATE_FROM_DEV transactions\nthat are received after the user has gone away.",
"id": "GHSA-cw7c-wp8j-jm6j",
"modified": "2026-05-07T21:30:24Z",
"published": "2026-05-01T15:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43007"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/08021f2d4a557d6491e3bcc288e96425f50aa3cf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2dd67966f39a2abf8ccb4865031c722e40e01b7f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2feec5ae5df785658924ab6bd91280dc3926507c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ee0180e77e6c8482644569632065411de844c515"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f403094d9075d7c565a3d81002b781c325cb3c07"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CW9H-69MP-F4JQ
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-10 21:31In the Linux kernel, the following vulnerability has been resolved:
ice: fix double free in ice_sf_eth_activate() error path
When auxiliary_device_add() fails, ice_sf_eth_activate() jumps to aux_dev_uninit and calls auxiliary_device_uninit(&sf_dev->adev).
The device release callback ice_sf_dev_release() frees sf_dev, but the current error path falls through to sf_dev_free and calls kfree(sf_dev) again, causing a double free.
Keep kfree(sf_dev) for the auxiliary_device_init() failure path, but avoid falling through to sf_dev_free after auxiliary_device_uninit().
{
"affected": [],
"aliases": [
"CVE-2026-46162"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:31Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix double free in ice_sf_eth_activate() error path\n\nWhen auxiliary_device_add() fails, ice_sf_eth_activate() jumps to\naux_dev_uninit and calls auxiliary_device_uninit(\u0026sf_dev-\u003eadev).\n\nThe device release callback ice_sf_dev_release() frees sf_dev, but\nthe current error path falls through to sf_dev_free and calls\nkfree(sf_dev) again, causing a double free.\n\nKeep kfree(sf_dev) for the auxiliary_device_init() failure path, but\navoid falling through to sf_dev_free after auxiliary_device_uninit().",
"id": "GHSA-cw9h-69mp-f4jq",
"modified": "2026-06-10T21:31:25Z",
"published": "2026-05-28T12:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46162"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/121d1f253aed515cd85748f68c664a6cb756e8ad"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2ca30340b5028ddc3f17086a538feeff06167b1b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9aab1c3d7299285e2569cbc0ed5892d631a241b2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d0c6a4816609f145ffcc74e64baa214c571c17c6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CX22-P4FF-962Q
Vulnerability from github – Published: 2024-11-15 21:30 – Updated: 2024-11-15 21:30In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.
{
"affected": [],
"aliases": [
"CVE-2024-10934"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-15T20:15:17Z",
"severity": "CRITICAL"
},
"details": "In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, \navoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.",
"id": "GHSA-cx22-p4ff-962q",
"modified": "2024-11-15T21:30:47Z",
"published": "2024-11-15T21:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10934"
},
{
"type": "WEB",
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/021_nfs.patch.sig"
},
{
"type": "WEB",
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/008_nfs.patch.sig"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-CX4J-FXR7-JXG8
Vulnerability from github – Published: 2021-08-25 20:53 – Updated: 2023-06-13 18:09Affected versions of this crate did not guard against panic within the user-provided function f (2nd parameter of fn map_array), and thus panic within f causes double drop of a single object.
The flaw was corrected in the 0.4.0 release by wrapping the object vulnerable to a double drop within ManuallyDrop.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "glsl-layout"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-25902"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T18:43:30Z",
"nvd_published_at": "2021-01-26T18:16:22Z",
"severity": "HIGH"
},
"details": "Affected versions of this crate did not guard against panic within the user-provided function f (2nd parameter of fn map_array), and thus panic within f causes double drop of a single object.\n\nThe flaw was corrected in the 0.4.0 release by wrapping the object vulnerable to a double drop within ManuallyDrop\u003cT\u003e.",
"id": "GHSA-cx4j-fxr7-jxg8",
"modified": "2023-06-13T18:09:24Z",
"published": "2021-08-25T20:53:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25902"
},
{
"type": "WEB",
"url": "https://github.com/rustgd/glsl-layout/pull/10"
},
{
"type": "PACKAGE",
"url": "https://github.com/rustgd/glsl-layout"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0005.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Double free in glsl-layout"
}
GHSA-CXXW-RFQC-PQX7
Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-05-24 19:13A double free issue was addressed with improved memory management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges.
{
"affected": [],
"aliases": [
"CVE-2021-30703"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-08T15:15:00Z",
"severity": "HIGH"
},
"details": "A double free issue was addressed with improved memory management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges.",
"id": "GHSA-cxxw-rfqc-pqx7",
"modified": "2022-05-24T19:13:24Z",
"published": "2022-05-24T19:13:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30703"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212528"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212529"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212532"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212533"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212600"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212603"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-F3Q5-X55R-FCFP
Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2022-05-24 17:25In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151456667
{
"affected": [],
"aliases": [
"CVE-2020-0241"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-11T20:15:00Z",
"severity": "HIGH"
},
"details": "In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151456667",
"id": "GHSA-f3q5-x55r-fcfp",
"modified": "2022-05-24T17:25:15Z",
"published": "2022-05-24T17:25:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0241"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2020-08-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-F446-9VW9-W973
Vulnerability from github – Published: 2022-04-04 00:00 – Updated: 2025-05-05 18:31usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
{
"affected": [],
"aliases": [
"CVE-2022-28388"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-03T21:15:00Z",
"severity": "HIGH"
},
"details": "usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.",
"id": "GHSA-f446-9vw9-w973",
"modified": "2025-05-05T18:31:39Z",
"published": "2022-04-04T00:00:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28388"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220513-0001"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5127"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5173"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.