CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
965 vulnerabilities reference this CWE, most recent first.
GHSA-VPW8-43WM-RXW5
Vulnerability from github – Published: 2021-08-25 20:54 – Updated: 2021-08-19 17:21An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "endian_trait"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29929"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T17:21:10Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics.",
"id": "GHSA-vpw8-43wm-rxw5",
"modified": "2021-08-19T17:21:10Z",
"published": "2021-08-25T20:54:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29929"
},
{
"type": "PACKAGE",
"url": "https://gitlab.com/myrrlyn/endian_trait"
},
{
"type": "WEB",
"url": "https://gitlab.com/myrrlyn/endian_trait/-/issues/1"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0039.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Double free in endian_trait"
}
GHSA-VPWC-99C3-424V
Vulnerability from github – Published: 2022-05-14 02:00 – Updated: 2022-05-14 02:00In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code. This may result in data corruption.
{
"affected": [],
"aliases": [
"CVE-2018-11270"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-18T18:29:00Z",
"severity": "HIGH"
},
"details": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code. This may result in data corruption.",
"id": "GHSA-vpwc-99c3-424v",
"modified": "2022-05-14T02:00:27Z",
"published": "2022-05-14T02:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11270"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components"
},
{
"type": "WEB",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=d475e1aba3f8be3b135199014549ff9d5c315e1d"
},
{
"type": "WEB",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VRR6-JM4R-HQVP
Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2025-05-01 15:31A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.
{
"affected": [],
"aliases": [
"CVE-2022-3238"
],
"database_specific": {
"cwe_ids": [
"CWE-415",
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-14T21:15:00Z",
"severity": "HIGH"
},
"details": "A double-free flaw was found in the Linux kernel\u2019s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"id": "GHSA-vrr6-jm4r-hqvp",
"modified": "2025-05-01T15:31:31Z",
"published": "2023-07-06T19:24:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3238"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127927"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VVG8-QX8V-FP7M
Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-33838"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-12T18:17:05Z",
"severity": "HIGH"
},
"details": "Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-vvg8-qx8v-fp7m",
"modified": "2026-05-12T18:30:42Z",
"published": "2026-05-12T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33838"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33838"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VVR5-H9MX-R3G3
Vulnerability from github – Published: 2022-04-04 00:00 – Updated: 2022-04-10 00:01mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
{
"affected": [],
"aliases": [
"CVE-2022-28389"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-03T21:15:00Z",
"severity": "HIGH"
},
"details": "mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.",
"id": "GHSA-vvr5-h9mx-r3g3",
"modified": "2022-04-10T00:01:03Z",
"published": "2022-04-04T00:00:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28389"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/04c9b00ba83594a29813d6b1fb8fdc93a3915174"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220513-0001"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5127"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5173"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VW72-9RH3-2576
Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-01-22 21:33In the Linux kernel, the following vulnerability has been resolved:
media: dvb-core: Fix double free in dvb_register_device()
In function dvb_register_device() -> dvb_register_media_device() -> dvb_create_media_entity(), dvb->entity is allocated and initialized. If the initialization fails, it frees the dvb->entity, and return an error code. The caller takes the error code and handles the error by calling dvb_media_device_free(), which unregisters the entity and frees the field again if it is not NULL. As dvb->entity may not NULLed in dvb_create_media_entity() when the allocation of dvbdev->pad fails, a double free may occur. This may also cause an Use After free in media_device_unregister_entity().
Fix this by storing NULL to dvb->entity when it is freed.
{
"affected": [],
"aliases": [
"CVE-2022-50499"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-04T16:15:47Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-core: Fix double free in dvb_register_device()\n\nIn function dvb_register_device() -\u003e dvb_register_media_device() -\u003e\ndvb_create_media_entity(), dvb-\u003eentity is allocated and initialized. If\nthe initialization fails, it frees the dvb-\u003eentity, and return an error\ncode. The caller takes the error code and handles the error by calling\ndvb_media_device_free(), which unregisters the entity and frees the\nfield again if it is not NULL. As dvb-\u003eentity may not NULLed in\ndvb_create_media_entity() when the allocation of dvbdev-\u003epad fails, a\ndouble free may occur. This may also cause an Use After free in\nmedia_device_unregister_entity().\n\nFix this by storing NULL to dvb-\u003eentity when it is freed.",
"id": "GHSA-vw72-9rh3-2576",
"modified": "2026-01-22T21:33:43Z",
"published": "2025-10-04T18:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50499"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0588b12c418c3e4f927ced11f27b02ef4a5bfb07"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/123eddf92a114e03919942641d2c2b1f4ca56ea6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6b0d0477fce747d4137aa65856318b55fba72198"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/70bc51303871159796b55ba1a8f16637b46c2511"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/772892b29ac50c2c5e918fc80104aa6ede81d837"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7dd5a68cdbbbe7fc67ba701cb52ba10d8ba149f8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/acf984a3718c2458eb9e08b6714490a04f213c58"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b21f62b49ee9c3e0216d685d9cfd6003e5727271"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e9a78485b658361fab6a5547377be6c1af6f1b3d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VWC3-H3W8-Q85F
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-08 15:31In the Linux kernel, the following vulnerability has been resolved:
dm: clear cloned request bio pointer when last clone bio completes
Stale rq->bio values have been observed to cause double-initialization of cloned bios in request-based device-mapper targets, leading to use-after-free and double-free scenarios.
One such case occurs when using dm-multipath on top of a PCIe NVMe namespace, where cloned request bios are freed during blk_complete_request(), but rq->bio is left intact. Subsequent clone teardown then attempts to free the same bios again via blk_rq_unprep_clone().
The resulting double-free path looks like:
nvme_pci_complete_batch() nvme_complete_batch() blk_mq_end_request_batch() blk_complete_request() // called on a DM clone request bio_endio() // first free of all clone bios ... rq->end_io() // end_clone_request() dm_complete_request(tio->orig) dm_softirq_done() dm_done() dm_end_request() blk_rq_unprep_clone() // second free of clone bios
Fix this by clearing the clone request's bio pointer when the last cloned bio completes, ensuring that later teardown paths do not attempt to free already-released bios.
{
"affected": [],
"aliases": [
"CVE-2026-43278"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T12:16:49Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: clear cloned request bio pointer when last clone bio completes\n\nStale rq-\u003ebio values have been observed to cause double-initialization of\ncloned bios in request-based device-mapper targets, leading to\nuse-after-free and double-free scenarios.\n\nOne such case occurs when using dm-multipath on top of a PCIe NVMe\nnamespace, where cloned request bios are freed during\nblk_complete_request(), but rq-\u003ebio is left intact. Subsequent clone\nteardown then attempts to free the same bios again via\nblk_rq_unprep_clone().\n\nThe resulting double-free path looks like:\n\n nvme_pci_complete_batch()\n nvme_complete_batch()\n blk_mq_end_request_batch()\n blk_complete_request() // called on a DM clone request\n bio_endio() // first free of all clone bios\n ...\n rq-\u003eend_io() // end_clone_request()\n dm_complete_request(tio-\u003eorig)\n dm_softirq_done()\n dm_done()\n dm_end_request()\n blk_rq_unprep_clone() // second free of clone bios\n\nFix this by clearing the clone request\u0027s bio pointer when the last cloned\nbio completes, ensuring that later teardown paths do not attempt to free\nalready-released bios.",
"id": "GHSA-vwc3-h3w8-q85f",
"modified": "2026-05-08T15:31:19Z",
"published": "2026-05-06T12:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43278"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3d746b639be4b4f5cd8ce2b06aa52dc443f50edc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7daf279c674d515fb22a727a7bbc92aeb35c5442"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/83d72091804600ead96dc9e9f518ea56cb4942f6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8d9ddad561136f7e6a9346767bf97b4d79e38e67"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9a95b98202113045bc1a5bcb30388a500f25e050"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b1c1a2637ebd675aa2d71fee8c70da8791d73850"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e2e738e8dfbbf83bd2bae0467ec4420cc52da42a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fb8a6c18fb9a6561f7a15b58b272442b77a242dd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VX2C-WP58-579Q
Vulnerability from github – Published: 2023-09-28 21:30 – Updated: 2024-04-04 07:57Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2).
{
"affected": [],
"aliases": [
"CVE-2023-41911"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-28T21:15:09Z",
"severity": "MODERATE"
},
"details": "Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2).",
"id": "GHSA-vx2c-wp58-579q",
"modified": "2024-04-04T07:57:27Z",
"published": "2023-09-28T21:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41911"
},
{
"type": "WEB",
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VX5P-MMVV-8QVC
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Double free in Microsoft Printer Drivers allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-55004"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T17:17:08Z",
"severity": "HIGH"
},
"details": "Double free in Microsoft Printer Drivers allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-vx5p-mmvv-8qvc",
"modified": "2026-07-14T18:32:09Z",
"published": "2026-07-14T18:32:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55004"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VX72-C8CV-7PVQ
Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. This flaw may result in a write-what-where condition, allowing an attacker to execute arbitrary code impacting integrity and availability.
{
"affected": [],
"aliases": [
"CVE-2021-1119"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-29T20:15:00Z",
"severity": "HIGH"
},
"details": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. This flaw may result in a write-what-where condition, allowing an attacker to execute arbitrary code impacting integrity and availability.",
"id": "GHSA-vx72-c8cv-7pvq",
"modified": "2022-05-24T19:19:11Z",
"published": "2022-05-24T19:19:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1119"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.