CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9813 vulnerabilities reference this CWE, most recent first.
GHSA-26HQ-7M9G-65CF
Vulnerability from github – Published: 2022-05-14 01:27 – Updated: 2022-05-14 01:27Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
{
"affected": [],
"aliases": [
"CVE-2018-4932"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-19T17:29:00Z",
"severity": "HIGH"
},
"details": "Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
"id": "GHSA-26hq-7m9g-65cf",
"modified": "2022-05-14T01:27:35Z",
"published": "2022-05-14T01:27:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4932"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1119"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201804-11"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103708"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040648"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26P5-HQ43-Q649
Vulnerability from github – Published: 2024-01-19 18:30 – Updated: 2024-01-25 15:31A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution.
{
"affected": [],
"aliases": [
"CVE-2024-22915"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-19T18:15:08Z",
"severity": "HIGH"
},
"details": "A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution.",
"id": "GHSA-26p5-hq43-q649",
"modified": "2024-01-25T15:31:52Z",
"published": "2024-01-19T18:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22915"
},
{
"type": "WEB",
"url": "https://github.com/matthiaskramm/swftools/issues/215"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26PQ-GVCV-RC9V
Vulnerability from github – Published: 2025-10-24 21:31 – Updated: 2025-10-24 21:31In the Linux kernel, the following vulnerability has been resolved:
tty: goldfish: Fix free_irq() on remove
Pass the correct dev_id to free_irq() to fix this splat when the driver is unbound:
WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irq Trying to free already-free IRQ 65 Call Trace: warn_slowpath_fmt free_irq goldfish_tty_remove platform_remove device_remove device_release_driver_internal device_driver_detach unbind_store drv_attr_store ...
{
"affected": [],
"aliases": [
"CVE-2022-49724"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:48Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: goldfish: Fix free_irq() on remove\n\nPass the correct dev_id to free_irq() to fix this splat when the driver\nis unbound:\n\n WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irq\n Trying to free already-free IRQ 65\n Call Trace:\n warn_slowpath_fmt\n free_irq\n goldfish_tty_remove\n platform_remove\n device_remove\n device_release_driver_internal\n device_driver_detach\n unbind_store\n drv_attr_store\n ...",
"id": "GHSA-26pq-gvcv-rc9v",
"modified": "2025-10-24T21:31:09Z",
"published": "2025-10-24T21:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49724"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/499e13aac6c762e1e828172b0f0f5275651d6512"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/65ca4db68b6819244df9024aea4be55edf8af1ef"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a6fcd7ffd76a9c1d998a2d02d518c78a55c5bed8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c4b0b8edccb0cfb15a8cecf4161e0571d3daac64"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c83a1d40dc624070a203eb383ef9fb60eb634136"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7183c76d500324b8b5bd0af5e663cfa57b7b836"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fb15e79cacddfbc62264e6e807bde50ad688e988"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26PV-M6P4-24P9
Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:32Tungsten Automation Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XPS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24464.
{
"affected": [],
"aliases": [
"CVE-2024-9748"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-22T21:15:28Z",
"severity": "HIGH"
},
"details": "Tungsten Automation Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24464.",
"id": "GHSA-26pv-m6p4-24p9",
"modified": "2024-11-22T21:32:20Z",
"published": "2024-11-22T21:32:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9748"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1339"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26RF-29MW-GF9H
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-16 15:33In the Linux kernel, the following vulnerability has been resolved:
of: unittest: fix use-after-free in testdrv_probe()
The function testdrv_probe() retrieves the device_node from the PCI device, applies an overlay, and then immediately calls of_node_put(dn). This releases the reference held by the PCI core, potentially freeing the node if the reference count drops to zero. Later, the same freed pointer 'dn' is passed to of_platform_default_populate(), leading to a use-after-free.
The reference to pdev->dev.of_node is owned by the device model and should not be released by the driver. Remove the erroneous of_node_put() to prevent premature freeing.
{
"affected": [],
"aliases": [
"CVE-2026-45989"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:16Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: unittest: fix use-after-free in testdrv_probe()\n\nThe function testdrv_probe() retrieves the device_node from the PCI\ndevice, applies an overlay, and then immediately calls of_node_put(dn).\nThis releases the reference held by the PCI core, potentially freeing\nthe node if the reference count drops to zero. Later, the same freed\npointer \u0027dn\u0027 is passed to of_platform_default_populate(), leading to a\nuse-after-free.\n\nThe reference to pdev-\u003edev.of_node is owned by the device model and\nshould not be released by the driver. Remove the erroneous of_node_put()\nto prevent premature freeing.",
"id": "GHSA-26rf-29mw-gf9h",
"modified": "2026-06-16T15:33:39Z",
"published": "2026-05-27T15:33:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45989"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/07fd339b2c253205794bea5d9b4b7548a4546c56"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0ba03e06f037df704d9b032e36d417633e2326bc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5b6122a67a295f8a08b7c18d908a1bd974dfaec8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6b2023286d2c6ed3bf964fb92e34c9c14d42eb69"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d68347b07b9801791c9eaab8f772770b52b8cd5c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26V4-WJ6C-25PG
Vulnerability from github – Published: 2022-05-14 01:14 – Updated: 2022-05-14 01:14In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.
{
"affected": [],
"aliases": [
"CVE-2018-9517"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-07T23:29:00Z",
"severity": "HIGH"
},
"details": "In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.",
"id": "GHSA-26v4-wj6c-25pg",
"modified": "2022-05-14T01:14:00Z",
"published": "2022-05-14T01:14:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9517"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2018-09-01"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3932-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3932-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26V8-FFH8-7VQG
Vulnerability from github – Published: 2022-05-14 01:38 – Updated: 2025-11-16 18:30Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2018-15982"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-18T17:29:00Z",
"severity": "CRITICAL"
},
"details": "Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",
"id": "GHSA-26v8-ffh8-7vqg",
"modified": "2025-11-16T18:30:14Z",
"published": "2022-05-14T01:38:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15982"
},
{
"type": "WEB",
"url": "https://github.com/cisagov/vulnrichment/issues/195"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3795"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb18-42.html"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-15982"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/46051"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106116"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26WC-246G-R3WF
Vulnerability from github – Published: 2025-09-18 18:30 – Updated: 2025-12-11 15:30In the Linux kernel, the following vulnerability has been resolved:
xsk: Fix xsk_diag use-after-free error during socket cleanup
Fix a use-after-free error that is possible if the xsk_diag interface is used after the socket has been unbound from the device. This can happen either due to the socket being closed or the device disappearing. In the early days of AF_XDP, the way we tested that a socket was not bound to a device was to simply check if the netdevice pointer in the xsk socket structure was NULL. Later, a better system was introduced by having an explicit state variable in the xsk socket struct. For example, the state of a socket that is on the way to being closed and has been unbound from the device is XSK_UNBOUND.
The commit in the Fixes tag below deleted the old way of signalling that a socket is unbound, setting dev to NULL. This in the belief that all code using the old way had been exterminated. That was unfortunately not true as the xsk diagnostics code was still using the old way and thus does not work as intended when a socket is going down. Fix this by introducing a test against the state variable. If the socket is in the state XSK_UNBOUND, simply abort the diagnostic's netlink operation.
{
"affected": [],
"aliases": [
"CVE-2023-53426"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T16:15:46Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix xsk_diag use-after-free error during socket cleanup\n\nFix a use-after-free error that is possible if the xsk_diag interface\nis used after the socket has been unbound from the device. This can\nhappen either due to the socket being closed or the device\ndisappearing. In the early days of AF_XDP, the way we tested that a\nsocket was not bound to a device was to simply check if the netdevice\npointer in the xsk socket structure was NULL. Later, a better system\nwas introduced by having an explicit state variable in the xsk socket\nstruct. For example, the state of a socket that is on the way to being\nclosed and has been unbound from the device is XSK_UNBOUND.\n\nThe commit in the Fixes tag below deleted the old way of signalling\nthat a socket is unbound, setting dev to NULL. This in the belief that\nall code using the old way had been exterminated. That was\nunfortunately not true as the xsk diagnostics code was still using the\nold way and thus does not work as intended when a socket is going\ndown. Fix this by introducing a test against the state variable. If\nthe socket is in the state XSK_UNBOUND, simply abort the diagnostic\u0027s\nnetlink operation.",
"id": "GHSA-26wc-246g-r3wf",
"modified": "2025-12-11T15:30:30Z",
"published": "2025-09-18T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53426"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3e019d8a05a38abb5c85d4f1e85fda964610aa14"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/595931912357fa3507e522a7f8a0a76e423c23e4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5979985f2d6b565b6cf0f79a62670a2855c0e96c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6436973164ea5506a495f39e56be5aea375e7832"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2729-WMG7-HCHX
Vulnerability from github – Published: 2025-08-03 00:30 – Updated: 2025-08-03 00:30NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.
{
"affected": [],
"aliases": [
"CVE-2025-23281"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-02T22:15:44Z",
"severity": "HIGH"
},
"details": "NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.",
"id": "GHSA-2729-wmg7-hchx",
"modified": "2025-08-03T00:30:24Z",
"published": "2025-08-03T00:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23281"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5670"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-272M-XFQ8-PQMQ
Vulnerability from github – Published: 2024-04-02 21:30 – Updated: 2024-04-02 21:30Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23355.
{
"affected": [],
"aliases": [
"CVE-2024-30371"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-02T21:15:50Z",
"severity": "HIGH"
},
"details": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23355.",
"id": "GHSA-272m-xfq8-pqmq",
"modified": "2024-04-02T21:30:31Z",
"published": "2024-04-02T21:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30371"
},
{
"type": "WEB",
"url": "https://www.foxit.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-346"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.