Common Weakness Enumeration

CWE-415

Allowed

Double Free

Abstraction: Variant · Status: Draft

The product calls free() twice on the same memory address.

967 vulnerabilities reference this CWE, most recent first.

GHSA-CVHW-2593-5J2Q

Vulnerability from github – Published: 2021-10-12 22:00 – Updated: 2021-11-18 15:34
VLAI
Summary
Double Free in OpenCV
Details

OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. This issue was fixed in OpenCV version 3.3.1 (corresponding to OpenCV-Python and and OpenCV-Contrib-Python 3.3.1.11).

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.3.0.10"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "opencv-python"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.3.1.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.3.0.10"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "opencv-contrib-python"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.3.1.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-1516"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-10-08T18:44:07Z",
    "nvd_published_at": "2017-04-10T03:59:00Z",
    "severity": "HIGH"
  },
  "details": "OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. This issue was fixed in OpenCV version 3.3.1 (corresponding to OpenCV-Python and and OpenCV-Contrib-Python 3.3.1.11).",
  "id": "GHSA-cvhw-2593-5j2q",
  "modified": "2021-11-18T15:34:33Z",
  "published": "2021-10-12T22:00:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1516"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencv/opencv/issues/5956"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencv/opencv/pull/9376"
    },
    {
      "type": "WEB",
      "url": "https://arxiv.org/pdf/1701.04739.pdf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/opencv/opencv-python"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Double Free in OpenCV"
}

GHSA-CVJF-HV92-7HW3

Vulnerability from github – Published: 2022-04-13 00:00 – Updated: 2022-04-21 00:00
VLAI
Details

Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27416"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-12T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.",
  "id": "GHSA-cvjf-hv92-7hw3",
  "modified": "2022-04-21T00:00:43Z",
  "published": "2022-04-13T00:00:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27416"
    },
    {
      "type": "WEB",
      "url": "https://github.com/appneta/tcpreplay/issues/702"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202210-08"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CVX2-PHG2-QP2H

Vulnerability from github – Published: 2025-05-23 03:32 – Updated: 2025-05-27 18:30
VLAI
Details

A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5100"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-23T02:15:22Z",
    "severity": "HIGH"
  },
  "details": "A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution.",
  "id": "GHSA-cvx2-phg2-qp2h",
  "modified": "2025-05-27T18:30:48Z",
  "published": "2025-05-23T03:32:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5100"
    },
    {
      "type": "WEB",
      "url": "https://korelogic.com/Resources/Advisories/KL-001-2025-005.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CW7C-WP8J-JM6J

Vulnerability from github – Published: 2026-05-01 15:30 – Updated: 2026-05-07 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

accel/qaic: Handle DBC deactivation if the owner went away

When a DBC is released, the device sends a QAIC_TRANS_DEACTIVATE_FROM_DEV transaction to the host over the QAIC_CONTROL MHI channel. QAIC handles this by calling decode_deactivate() to release the resources allocated for that DBC. Since that handling is done in the qaic_manage_ioctl() context, if the user goes away before receiving and handling the deactivation, the host will be out-of-sync with the DBCs available for use, and the DBC resources will not be freed unless the device is removed. If another user loads and requests to activate a network, then the device assigns the same DBC to that network, QAIC will "indefinitely" wait for dbc->in_use = false, leading the user process to hang.

As a solution to this, handle QAIC_TRANS_DEACTIVATE_FROM_DEV transactions that are received after the user has gone away.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43007"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-01T15:16:44Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Handle DBC deactivation if the owner went away\n\nWhen a DBC is released, the device sends a QAIC_TRANS_DEACTIVATE_FROM_DEV\ntransaction to the host over the QAIC_CONTROL MHI channel. QAIC handles\nthis by calling decode_deactivate() to release the resources allocated for\nthat DBC. Since that handling is done in the qaic_manage_ioctl() context,\nif the user goes away before receiving and handling the deactivation, the\nhost will be out-of-sync with the DBCs available for use, and the DBC\nresources will not be freed unless the device is removed. If another user\nloads and requests to activate a network, then the device assigns the same\nDBC to that network, QAIC will \"indefinitely\" wait for dbc-\u003ein_use = false,\nleading the user process to hang.\n\nAs a solution to this, handle QAIC_TRANS_DEACTIVATE_FROM_DEV transactions\nthat are received after the user has gone away.",
  "id": "GHSA-cw7c-wp8j-jm6j",
  "modified": "2026-05-07T21:30:24Z",
  "published": "2026-05-01T15:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43007"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/08021f2d4a557d6491e3bcc288e96425f50aa3cf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2dd67966f39a2abf8ccb4865031c722e40e01b7f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2feec5ae5df785658924ab6bd91280dc3926507c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ee0180e77e6c8482644569632065411de844c515"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f403094d9075d7c565a3d81002b781c325cb3c07"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CW9H-69MP-F4JQ

Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-10 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ice: fix double free in ice_sf_eth_activate() error path

When auxiliary_device_add() fails, ice_sf_eth_activate() jumps to aux_dev_uninit and calls auxiliary_device_uninit(&sf_dev->adev).

The device release callback ice_sf_dev_release() frees sf_dev, but the current error path falls through to sf_dev_free and calls kfree(sf_dev) again, causing a double free.

Keep kfree(sf_dev) for the auxiliary_device_init() failure path, but avoid falling through to sf_dev_free after auxiliary_device_uninit().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46162"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-28T10:16:31Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix double free in ice_sf_eth_activate() error path\n\nWhen auxiliary_device_add() fails, ice_sf_eth_activate() jumps to\naux_dev_uninit and calls auxiliary_device_uninit(\u0026sf_dev-\u003eadev).\n\nThe device release callback ice_sf_dev_release() frees sf_dev, but\nthe current error path falls through to sf_dev_free and calls\nkfree(sf_dev) again, causing a double free.\n\nKeep kfree(sf_dev) for the auxiliary_device_init() failure path, but\navoid falling through to sf_dev_free after auxiliary_device_uninit().",
  "id": "GHSA-cw9h-69mp-f4jq",
  "modified": "2026-06-10T21:31:25Z",
  "published": "2026-05-28T12:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46162"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/121d1f253aed515cd85748f68c664a6cb756e8ad"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2ca30340b5028ddc3f17086a538feeff06167b1b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9aab1c3d7299285e2569cbc0ed5892d631a241b2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d0c6a4816609f145ffcc74e64baa214c571c17c6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CX22-P4FF-962Q

Vulnerability from github – Published: 2024-11-15 21:30 – Updated: 2024-11-15 21:30
VLAI
Details

In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-10934"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-15T20:15:17Z",
    "severity": "CRITICAL"
  },
  "details": "In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, \navoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.",
  "id": "GHSA-cx22-p4ff-962q",
  "modified": "2024-11-15T21:30:47Z",
  "published": "2024-11-15T21:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10934"
    },
    {
      "type": "WEB",
      "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/021_nfs.patch.sig"
    },
    {
      "type": "WEB",
      "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/008_nfs.patch.sig"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-CX4J-FXR7-JXG8

Vulnerability from github – Published: 2021-08-25 20:53 – Updated: 2023-06-13 18:09
VLAI
Summary
Double free in glsl-layout
Details

Affected versions of this crate did not guard against panic within the user-provided function f (2nd parameter of fn map_array), and thus panic within f causes double drop of a single object.

The flaw was corrected in the 0.4.0 release by wrapping the object vulnerable to a double drop within ManuallyDrop.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "glsl-layout"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-25902"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T18:43:30Z",
    "nvd_published_at": "2021-01-26T18:16:22Z",
    "severity": "HIGH"
  },
  "details": "Affected versions of this crate did not guard against panic within the user-provided function f (2nd parameter of fn map_array), and thus panic within f causes double drop of a single object.\n\nThe flaw was corrected in the 0.4.0 release by wrapping the object vulnerable to a double drop within ManuallyDrop\u003cT\u003e.",
  "id": "GHSA-cx4j-fxr7-jxg8",
  "modified": "2023-06-13T18:09:24Z",
  "published": "2021-08-25T20:53:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25902"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rustgd/glsl-layout/pull/10"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rustgd/glsl-layout"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2021-0005.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Double free in glsl-layout"
}

GHSA-CXXW-RFQC-PQX7

Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-05-24 19:13
VLAI
Details

A double free issue was addressed with improved memory management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-30703"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-08T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A double free issue was addressed with improved memory management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges.",
  "id": "GHSA-cxxw-rfqc-pqx7",
  "modified": "2022-05-24T19:13:24Z",
  "published": "2022-05-24T19:13:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30703"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212528"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212529"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212532"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212533"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212600"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212603"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-F3Q5-X55R-FCFP

Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2022-05-24 17:25
VLAI
Details

In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151456667

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-0241"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-11T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151456667",
  "id": "GHSA-f3q5-x55r-fcfp",
  "modified": "2022-05-24T17:25:15Z",
  "published": "2022-05-24T17:25:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0241"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2020-08-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-F446-9VW9-W973

Vulnerability from github – Published: 2022-04-04 00:00 – Updated: 2025-05-05 18:31
VLAI
Details

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-28388"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-03T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.",
  "id": "GHSA-f446-9vw9-w973",
  "modified": "2025-05-05T18:31:39Z",
  "published": "2022-04-04T00:00:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28388"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220513-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5127"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5173"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Choose a language that provides automatic memory management.

Mitigation
Implementation

Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.

Mitigation
Implementation

Use a static analysis tool to find double free instances.

No CAPEC attack patterns related to this CWE.