CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
965 vulnerabilities reference this CWE, most recent first.
GHSA-JJ4J-PRXW-RVRR
Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2024-04-04 00:53The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash.
{
"affected": [],
"aliases": [
"CVE-2019-5305"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-06T15:29:00Z",
"severity": "HIGH"
},
"details": "The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash.",
"id": "GHSA-jj4j-prxw-rvrr",
"modified": "2024-04-04T00:53:38Z",
"published": "2022-05-24T16:47:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5305"
},
{
"type": "WEB",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190128-01-ivp-en"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JJ52-XC36-FQ8R
Vulnerability from github – Published: 2022-04-29 01:25 – Updated: 2022-04-29 01:25Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
{
"affected": [],
"aliases": [
"CVE-2003-0015"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2003-02-07T05:00:00Z",
"severity": "HIGH"
},
"details": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.",
"id": "GHSA-jj52-xc36-fq8r",
"modified": "2022-04-29T01:25:40Z",
"published": "2022-04-29T01:25:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0015"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
},
{
"type": "WEB",
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
},
{
"type": "WEB",
"url": "http://security.e-matters.de/advisories/012003.html"
},
{
"type": "WEB",
"url": "http://www.cert.org/advisories/CA-2003-02.html"
},
{
"type": "WEB",
"url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2003/dsa-233"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/650937"
},
{
"type": "WEB",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/6650"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JM8J-3FG5-F3C9
Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-06-01 18:31In the Linux kernel, the following vulnerability has been resolved:
cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path
When kobject_init_and_add() fails, cpufreq_dbs_governor_init() calls kobject_put(&dbs_data->attr_set.kobj).
The kobject release callback cpufreq_dbs_data_release() calls gov->exit(dbs_data) and kfree(dbs_data), but the current error path then calls gov->exit(dbs_data) and kfree(dbs_data) again, causing a double free.
Keep the direct kfree(dbs_data) for the gov->init() failure path, but after kobject_init_and_add() has been called, let kobject_put() handle the cleanup through cpufreq_dbs_data_release().
{
"affected": [],
"aliases": [
"CVE-2026-43328"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T14:16:42Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path\n\nWhen kobject_init_and_add() fails, cpufreq_dbs_governor_init() calls\nkobject_put(\u0026dbs_data-\u003eattr_set.kobj).\n\nThe kobject release callback cpufreq_dbs_data_release() calls\ngov-\u003eexit(dbs_data) and kfree(dbs_data), but the current error path\nthen calls gov-\u003eexit(dbs_data) and kfree(dbs_data) again, causing a\ndouble free.\n\nKeep the direct kfree(dbs_data) for the gov-\u003einit() failure path, but\nafter kobject_init_and_add() has been called, let kobject_put() handle\nthe cleanup through cpufreq_dbs_data_release().",
"id": "GHSA-jm8j-3fg5-f3c9",
"modified": "2026-06-01T18:31:31Z",
"published": "2026-05-08T15:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43328"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/019ea28629720c220daedf38107c8787f330dc05"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3bf9d023d2329a0e5379f2fd09d06ef09729cd9d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/427d048e4f6acbfa01b5a8062449fe0ee8987c0d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b9118e93d2499bb2808ef3742fa0ce06f4f8117"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/56bc91ee78babe9578585a2bc137abc4b3115ff3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6dcf9d0064ce2f3e3dfe5755f98b93abe6a98e1e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d2703b4f8fb7cc6f0dfdb2dc2359cc46189e7357"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/da39ee627fd82b52068d4d5f115749a8b7d271f9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JMFR-J3PX-2WQQ
Vulnerability from github – Published: 2025-10-01 09:30 – Updated: 2026-01-16 21:30In the Linux kernel, the following vulnerability has been resolved:
tracing: Silence warning when chunk allocation fails in trace_pid_write
Syzkaller trigger a fault injection warning:
WARNING: CPU: 1 PID: 12326 at tracepoint_add_func+0xbfc/0xeb0 Modules linked in: CPU: 1 UID: 0 PID: 12326 Comm: syz.6.10325 Tainted: G U 6.14.0-rc5-syzkaller #0 Tainted: [U]=USER Hardware name: Google Compute Engine/Google Compute Engine RIP: 0010:tracepoint_add_func+0xbfc/0xeb0 kernel/tracepoint.c:294 Code: 09 fe ff 90 0f 0b 90 0f b6 74 24 43 31 ff 41 bc ea ff ff ff RSP: 0018:ffffc9000414fb48 EFLAGS: 00010283 RAX: 00000000000012a1 RBX: ffffffff8e240ae0 RCX: ffffc90014b78000 RDX: 0000000000080000 RSI: ffffffff81bbd78b RDI: 0000000000000001 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffffffffffffffef R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff81c264f0 FS: 00007f27217f66c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2e80dff8 CR3: 00000000268f8000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: tracepoint_probe_register_prio+0xc0/0x110 kernel/tracepoint.c:464 register_trace_prio_sched_switch include/trace/events/sched.h:222 [inline] register_pid_events kernel/trace/trace_events.c:2354 [inline] event_pid_write.isra.0+0x439/0x7a0 kernel/trace/trace_events.c:2425 vfs_write+0x24c/0x1150 fs/read_write.c:677 ksys_write+0x12b/0x250 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f
We can reproduce the warning by following the steps below: 1. echo 8 >> set_event_notrace_pid. Let tr->filtered_pids owns one pid and register sched_switch tracepoint. 2. echo ' ' >> set_event_pid, and perform fault injection during chunk allocation of trace_pid_list_alloc. Let pid_list with no pid and assign to tr->filtered_pids. 3. echo ' ' >> set_event_pid. Let pid_list is NULL and assign to tr->filtered_pids. 4. echo 9 >> set_event_pid, will trigger the double register sched_switch tracepoint warning.
The reason is that syzkaller injects a fault into the chunk allocation in trace_pid_list_alloc, causing a failure in trace_pid_list_set, which may trigger double register of the same tracepoint. This only occurs when the system is about to crash, but to suppress this warning, let's add failure handling logic to trace_pid_list_set.
{
"affected": [],
"aliases": [
"CVE-2025-39914"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T08:15:34Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Silence warning when chunk allocation fails in trace_pid_write\n\nSyzkaller trigger a fault injection warning:\n\nWARNING: CPU: 1 PID: 12326 at tracepoint_add_func+0xbfc/0xeb0\nModules linked in:\nCPU: 1 UID: 0 PID: 12326 Comm: syz.6.10325 Tainted: G U 6.14.0-rc5-syzkaller #0\nTainted: [U]=USER\nHardware name: Google Compute Engine/Google Compute Engine\nRIP: 0010:tracepoint_add_func+0xbfc/0xeb0 kernel/tracepoint.c:294\nCode: 09 fe ff 90 0f 0b 90 0f b6 74 24 43 31 ff 41 bc ea ff ff ff\nRSP: 0018:ffffc9000414fb48 EFLAGS: 00010283\nRAX: 00000000000012a1 RBX: ffffffff8e240ae0 RCX: ffffc90014b78000\nRDX: 0000000000080000 RSI: ffffffff81bbd78b RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffffffffffffffef\nR13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff81c264f0\nFS: 00007f27217f66c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b2e80dff8 CR3: 00000000268f8000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tracepoint_probe_register_prio+0xc0/0x110 kernel/tracepoint.c:464\n register_trace_prio_sched_switch include/trace/events/sched.h:222 [inline]\n register_pid_events kernel/trace/trace_events.c:2354 [inline]\n event_pid_write.isra.0+0x439/0x7a0 kernel/trace/trace_events.c:2425\n vfs_write+0x24c/0x1150 fs/read_write.c:677\n ksys_write+0x12b/0x250 fs/read_write.c:731\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWe can reproduce the warning by following the steps below:\n1. echo 8 \u003e\u003e set_event_notrace_pid. Let tr-\u003efiltered_pids owns one pid\n and register sched_switch tracepoint.\n2. echo \u0027 \u0027 \u003e\u003e set_event_pid, and perform fault injection during chunk\n allocation of trace_pid_list_alloc. Let pid_list with no pid and\nassign to tr-\u003efiltered_pids.\n3. echo \u0027 \u0027 \u003e\u003e set_event_pid. Let pid_list is NULL and assign to\n tr-\u003efiltered_pids.\n4. echo 9 \u003e\u003e set_event_pid, will trigger the double register\n sched_switch tracepoint warning.\n\nThe reason is that syzkaller injects a fault into the chunk allocation\nin trace_pid_list_alloc, causing a failure in trace_pid_list_set, which\nmay trigger double register of the same tracepoint. This only occurs\nwhen the system is about to crash, but to suppress this warning, let\u0027s\nadd failure handling logic to trace_pid_list_set.",
"id": "GHSA-jmfr-j3px-2wqq",
"modified": "2026-01-16T21:30:28Z",
"published": "2025-10-01T09:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39914"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1262bda871dace8c6efae25f3b6a2d34f6f06d54"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7583a73c53f1d1ae7a39b130eb7190a11f0a902f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/793338906ff57d8c683f44fe48ca99d49c8782a7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/88525accf16947ab459f8e91c27c8c53e1d612d7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cd4453c5e983cf1fd5757e9acb915adb1e4602b6"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JMXW-F4W9-294J
Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: fix double free issue during amdgpu module unload
Flexible endpoints use DIGs from available inflexible endpoints, so only the encoders of inflexible links need to be freed. Otherwise, a double free issue may occur when unloading the amdgpu module.
[ 279.190523] RIP: 0010:__slab_free+0x152/0x2f0 [ 279.190577] Call Trace: [ 279.190580] [ 279.190582] ? show_regs+0x69/0x80 [ 279.190590] ? die+0x3b/0x90 [ 279.190595] ? do_trap+0xc8/0xe0 [ 279.190601] ? do_error_trap+0x73/0xa0 [ 279.190605] ? __slab_free+0x152/0x2f0 [ 279.190609] ? exc_invalid_op+0x56/0x70 [ 279.190616] ? __slab_free+0x152/0x2f0 [ 279.190642] ? asm_exc_invalid_op+0x1f/0x30 [ 279.190648] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191096] ? __slab_free+0x152/0x2f0 [ 279.191102] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191469] kfree+0x260/0x2b0 [ 279.191474] dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191821] link_destroy+0xd7/0x130 [amdgpu] [ 279.192248] dc_destruct+0x90/0x270 [amdgpu] [ 279.192666] dc_destroy+0x19/0x40 [amdgpu] [ 279.193020] amdgpu_dm_fini+0x16e/0x200 [amdgpu] [ 279.193432] dm_hw_fini+0x26/0x40 [amdgpu] [ 279.193795] amdgpu_device_fini_hw+0x24c/0x400 [amdgpu] [ 279.194108] amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu] [ 279.194436] amdgpu_pci_remove+0x40/0x80 [amdgpu] [ 279.194632] pci_device_remove+0x3a/0xa0 [ 279.194638] device_remove+0x40/0x70 [ 279.194642] device_release_driver_internal+0x1ad/0x210 [ 279.194647] driver_detach+0x4e/0xa0 [ 279.194650] bus_remove_driver+0x6f/0xf0 [ 279.194653] driver_unregister+0x33/0x60 [ 279.194657] pci_unregister_driver+0x44/0x90 [ 279.194662] amdgpu_exit+0x19/0x1f0 [amdgpu] [ 279.194939] __do_sys_delete_module.isra.0+0x198/0x2f0 [ 279.194946] __x64_sys_delete_module+0x16/0x20 [ 279.194950] do_syscall_64+0x58/0x120 [ 279.194954] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 279.194980]
{
"affected": [],
"aliases": [
"CVE-2024-49989"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:19Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix double free issue during amdgpu module unload\n\nFlexible endpoints use DIGs from available inflexible endpoints,\nso only the encoders of inflexible links need to be freed.\nOtherwise, a double free issue may occur when unloading the\namdgpu module.\n\n[ 279.190523] RIP: 0010:__slab_free+0x152/0x2f0\n[ 279.190577] Call Trace:\n[ 279.190580] \u003cTASK\u003e\n[ 279.190582] ? show_regs+0x69/0x80\n[ 279.190590] ? die+0x3b/0x90\n[ 279.190595] ? do_trap+0xc8/0xe0\n[ 279.190601] ? do_error_trap+0x73/0xa0\n[ 279.190605] ? __slab_free+0x152/0x2f0\n[ 279.190609] ? exc_invalid_op+0x56/0x70\n[ 279.190616] ? __slab_free+0x152/0x2f0\n[ 279.190642] ? asm_exc_invalid_op+0x1f/0x30\n[ 279.190648] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[ 279.191096] ? __slab_free+0x152/0x2f0\n[ 279.191102] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[ 279.191469] kfree+0x260/0x2b0\n[ 279.191474] dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[ 279.191821] link_destroy+0xd7/0x130 [amdgpu]\n[ 279.192248] dc_destruct+0x90/0x270 [amdgpu]\n[ 279.192666] dc_destroy+0x19/0x40 [amdgpu]\n[ 279.193020] amdgpu_dm_fini+0x16e/0x200 [amdgpu]\n[ 279.193432] dm_hw_fini+0x26/0x40 [amdgpu]\n[ 279.193795] amdgpu_device_fini_hw+0x24c/0x400 [amdgpu]\n[ 279.194108] amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu]\n[ 279.194436] amdgpu_pci_remove+0x40/0x80 [amdgpu]\n[ 279.194632] pci_device_remove+0x3a/0xa0\n[ 279.194638] device_remove+0x40/0x70\n[ 279.194642] device_release_driver_internal+0x1ad/0x210\n[ 279.194647] driver_detach+0x4e/0xa0\n[ 279.194650] bus_remove_driver+0x6f/0xf0\n[ 279.194653] driver_unregister+0x33/0x60\n[ 279.194657] pci_unregister_driver+0x44/0x90\n[ 279.194662] amdgpu_exit+0x19/0x1f0 [amdgpu]\n[ 279.194939] __do_sys_delete_module.isra.0+0x198/0x2f0\n[ 279.194946] __x64_sys_delete_module+0x16/0x20\n[ 279.194950] do_syscall_64+0x58/0x120\n[ 279.194954] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 279.194980] \u003c/TASK\u003e",
"id": "GHSA-jmxw-f4w9-294j",
"modified": "2025-11-03T21:31:26Z",
"published": "2024-10-21T18:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49989"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/20b5a8f9f4670a8503aa9fa95ca632e77c6bf55d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3c0ff4de45ce2c5f7997a1ffa6eefee4b79e6b58"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/43c296870740a3a264cdca9f18db12e12e9cfbdb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7af9e6fa63dbd43a61d4ecc8f59426596a75e507"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cf6f3ebd6312d465fee096d1f58089b177c7c67f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/df948b5ba6858d5da34f622d408e5517057cec07"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JPJ2-8X9F-59J6
Vulnerability from github – Published: 2025-03-17 18:31 – Updated: 2025-03-17 18:31In the Linux kernel, the following vulnerability has been resolved:
misc: ocxl: fix possible double free in ocxl_file_register_afu
info_release() will be called in device_unregister() when info->dev's reference count is 0. So there is no need to call ocxl_afu_put() and kfree() again.
Fix this by adding free_minor() and return to err_unregister error path.
{
"affected": [],
"aliases": [
"CVE-2022-49455"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:21Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: ocxl: fix possible double free in ocxl_file_register_afu\n\ninfo_release() will be called in device_unregister() when info-\u003edev\u0027s\nreference count is 0. So there is no need to call ocxl_afu_put() and\nkfree() again.\n\nFix this by adding free_minor() and return to err_unregister error path.",
"id": "GHSA-jpj2-8x9f-59j6",
"modified": "2025-03-17T18:31:49Z",
"published": "2025-03-17T18:31:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49455"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/252768d32e92c1214aeebb5fec0844ca479bcf5c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8fb674216835e1f0c143762696d645facebb4685"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/950cf957fe34d40d63dfa3bf3968210430b6491e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9e9087cf34ee69f4e95d146ac29385d6e367a97b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/de65c32ace9aa70d51facc61ba986607075e3a25"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ee89d8dee55ab4b3b8ad8b70866b2841ba334767"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JPWV-4M4R-JF75
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:44Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2019-7784"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-22T14:29:00Z",
"severity": "CRITICAL"
},
"details": "Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution.",
"id": "GHSA-jpwv-4m4r-jf75",
"modified": "2024-04-04T00:44:37Z",
"published": "2022-05-24T16:46:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7784"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108321"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JQCF-FRH4-X2VJ
Vulnerability from github – Published: 2023-05-16 00:30 – Updated: 2024-04-04 04:11In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-265016072References: Upstream kernel
{
"affected": [],
"aliases": [
"CVE-2023-21106"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-15T22:15:11Z",
"severity": "HIGH"
},
"details": "In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-265016072References: Upstream kernel",
"id": "GHSA-jqcf-frh4-x2vj",
"modified": "2024-04-04T04:11:28Z",
"published": "2023-05-16T00:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21106"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2023-05-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JQCR-784R-MRG6
Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-01-13 18:31Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2026-20832"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T18:16:11Z",
"severity": "HIGH"
},
"details": "Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability",
"id": "GHSA-jqcr-784r-mrg6",
"modified": "2026-01-13T18:31:09Z",
"published": "2026-01-13T18:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20832"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20832"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JQRJ-PMVG-62W8
Vulnerability from github – Published: 2022-05-24 17:12 – Updated: 2022-05-24 17:12An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2020-6072"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-24T21:15:00Z",
"severity": "HIGH"
},
"details": "An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function\u0027s return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.",
"id": "GHSA-jqrj-pmvg-62w8",
"modified": "2022-05-24T17:12:34Z",
"published": "2022-05-24T17:12:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6072"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4671"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.