CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
967 vulnerabilities reference this CWE, most recent first.
GHSA-G848-PPPP-VG6F
Vulnerability from github – Published: 2022-11-23 18:30 – Updated: 2025-04-28 21:30An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
{
"affected": [],
"aliases": [
"CVE-2022-40304"
],
"database_specific": {
"cwe_ids": [
"CWE-415",
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-23T18:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.",
"id": "GHSA-g848-pppp-vg6f",
"modified": "2025-04-28T21:30:38Z",
"published": "2022-11-23T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40304"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20221209-0003"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213531"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213533"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213534"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213535"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213536"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Dec/21"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Dec/24"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Dec/25"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Dec/26"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Dec/27"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G8HW-GXG5-V62G
Vulnerability from github – Published: 2024-06-13 18:31 – Updated: 2024-08-28 15:31A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free.
{
"affected": [],
"aliases": [
"CVE-2024-35325"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-13T17:15:50Z",
"severity": "CRITICAL"
},
"details": "A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free.",
"id": "GHSA-g8hw-gxg5-v62g",
"modified": "2024-08-28T15:31:13Z",
"published": "2024-06-13T18:31:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35325"
},
{
"type": "WEB",
"url": "https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c"
},
{
"type": "WEB",
"url": "https://github.com/idhyt/pocs/tree/main/libyaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G925-Q6M2-GXVR
Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-05-24 19:01Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
{
"affected": [],
"aliases": [
"CVE-2021-1910"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-07T09:15:00Z",
"severity": "CRITICAL"
},
"details": "Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"id": "GHSA-g925-q6m2-gxvr",
"modified": "2022-05-24T19:01:48Z",
"published": "2022-05-24T19:01:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1910"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-G934-MV7G-597H
Vulnerability from github – Published: 2025-10-07 18:31 – Updated: 2026-02-04 00:30In the Linux kernel, the following vulnerability has been resolved:
ext4: fix possible double unlock when moving a directory
{
"affected": [],
"aliases": [
"CVE-2023-53626"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-07T16:15:45Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix possible double unlock when moving a directory",
"id": "GHSA-g934-mv7g-597h",
"modified": "2026-02-04T00:30:26Z",
"published": "2025-10-07T18:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53626"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/020166bc6669ca9fb267ebd96bd88c4fb64a5d46"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1c93c42c7bb23057bde8a0a2ab834927ff64d20c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/43ce288ab5d7274a4a141d7f5e3ed2ab7b41f8a2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/70e42feab2e20618ddd0cbfc4ab4b08628236ecd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c16cbd8233d6c58fc488545393e49b5d55729990"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e71eb4dca41f0f36823724ced0406bb2dbdd5506"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G943-C7GQ-998H
Vulnerability from github – Published: 2025-07-10 09:32 – Updated: 2025-12-19 18:31In the Linux kernel, the following vulnerability has been resolved:
bus: fsl-mc: fix double-free on mc_dev
The blamed commit tried to simplify how the deallocations are done but, in the process, introduced a double-free on the mc_dev variable.
In case the MC device is a DPRC, a new mc_bus is allocated and the mc_dev variable is just a reference to one of its fields. In this circumstance, on the error path only the mc_bus should be freed.
This commit introduces back the following checkpatch warning which is a false-positive.
WARNING: kfree(NULL) is safe and this check is probably not required + if (mc_bus) + kfree(mc_bus);
{
"affected": [],
"aliases": [
"CVE-2025-38313"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-10T08:15:30Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: fix double-free on mc_dev\n\nThe blamed commit tried to simplify how the deallocations are done but,\nin the process, introduced a double-free on the mc_dev variable.\n\nIn case the MC device is a DPRC, a new mc_bus is allocated and the\nmc_dev variable is just a reference to one of its fields. In this\ncircumstance, on the error path only the mc_bus should be freed.\n\nThis commit introduces back the following checkpatch warning which is a\nfalse-positive.\n\nWARNING: kfree(NULL) is safe and this check is probably not required\n+ if (mc_bus)\n+ kfree(mc_bus);",
"id": "GHSA-g943-c7gq-998h",
"modified": "2025-12-19T18:31:05Z",
"published": "2025-07-10T09:32:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38313"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/12e4431e5078847791936820bd39df9e1ee26d2e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1d5baab39e5b09a76870b345cdee7933871b881f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3135e03a92f6b5259d0a7f25f728e9e7866ede3f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b23c46eb2d88924b93aca647bde9a4b9cf62cf9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7002b954c4a8b9965ba0f139812ee4a6f71beac8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/873d47114fd5e5a1cad2018843671537cc71ac84"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b2057374f326303c86d8423415ab58656eebc695"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d694bf8a9acdbd061596f3e7549bc8cb70750a60"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G9CV-62XC-FJ2V
Vulnerability from github – Published: 2022-05-24 17:49 – Updated: 2022-05-24 17:49There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious operation to cause the pointer double free. This may lead to module crash, compromising normal service.
{
"affected": [],
"aliases": [
"CVE-2021-22332"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-28T13:15:00Z",
"severity": "HIGH"
},
"details": "There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious operation to cause the pointer double free. This may lead to module crash, compromising normal service.",
"id": "GHSA-g9cv-62xc-fj2v",
"modified": "2022-05-24T17:49:04Z",
"published": "2022-05-24T17:49:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22332"
},
{
"type": "WEB",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-doublefree-en"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-G9MR-VWVW-4VG9
Vulnerability from github – Published: 2022-05-17 02:42 – Updated: 2022-05-17 02:42In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.
{
"affected": [],
"aliases": [
"CVE-2015-9007"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-06T14:29:00Z",
"severity": "HIGH"
},
"details": "In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.",
"id": "GHSA-g9mr-vwvw-4vg9",
"modified": "2022-05-17T02:42:21Z",
"published": "2022-05-17T02:42:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9007"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-05-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98324"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GF42-J9G9-962C
Vulnerability from github – Published: 2024-05-01 06:31 – Updated: 2024-06-03 18:55In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix double free of the ha->vp_map pointer
Coverity scan reported potential risk of double free of the pointer ha->vp_map. ha->vp_map was freed in qla2x00_mem_alloc(), and again freed in function qla2x00_mem_free(ha).
Assign NULL to vp_map and kfree take care of NULL.
{
"affected": [],
"aliases": [
"CVE-2024-26930"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T06:15:07Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix double free of the ha-\u003evp_map pointer\n\nCoverity scan reported potential risk of double free of the pointer\nha-\u003evp_map. ha-\u003evp_map was freed in qla2x00_mem_alloc(), and again freed\nin function qla2x00_mem_free(ha).\n\nAssign NULL to vp_map and kfree take care of NULL.",
"id": "GHSA-gf42-j9g9-962c",
"modified": "2024-06-03T18:55:50Z",
"published": "2024-05-01T06:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26930"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/825d63164a2e6bacb059a9afb5605425b485413f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b7deb675d674f44e0ddbab87fee8f9f098925e73"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e288285d47784fdcf7c81be56df7d65c6f10c58b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f14cee7a882cb79528f17a2335f53e9fd1848467"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GFCR-HR3X-V6R9
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.34 in the process_symbol_table, as demonstrated in readelf, via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2020-16590"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-09T21:15:00Z",
"severity": "MODERATE"
},
"details": "A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.34 in the process_symbol_table, as demonstrated in readelf, via a crafted file.",
"id": "GHSA-gfcr-hr3x-v6r9",
"modified": "2022-05-24T17:35:30Z",
"published": "2022-05-24T17:35:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16590"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210115-0003"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25821"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c98a4545dc7bf2bcaf1de539c4eb84784680eaa4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GJJR-QMJQ-GW5C
Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges.
{
"affected": [],
"aliases": [
"CVE-2021-22425"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-03T18:15:00Z",
"severity": "HIGH"
},
"details": "A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges.",
"id": "GHSA-gjjr-qmjq-gw5c",
"modified": "2022-05-24T19:09:48Z",
"published": "2022-05-24T19:09:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22425"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/cn/docs/security/update/oem_security_update_phone_202106-0000001165452077"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.