Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9813 vulnerabilities reference this CWE, most recent first.

GHSA-26HQ-7M9G-65CF

Vulnerability from github – Published: 2022-05-14 01:27 – Updated: 2022-05-14 01:27
VLAI
Details

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-4932"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-19T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
  "id": "GHSA-26hq-7m9g-65cf",
  "modified": "2022-05-14T01:27:35Z",
  "published": "2022-05-14T01:27:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4932"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1119"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201804-11"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103708"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040648"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-26P5-HQ43-Q649

Vulnerability from github – Published: 2024-01-19 18:30 – Updated: 2024-01-25 15:31
VLAI
Details

A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22915"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-19T18:15:08Z",
    "severity": "HIGH"
  },
  "details": "A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution.",
  "id": "GHSA-26p5-hq43-q649",
  "modified": "2024-01-25T15:31:52Z",
  "published": "2024-01-19T18:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22915"
    },
    {
      "type": "WEB",
      "url": "https://github.com/matthiaskramm/swftools/issues/215"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-26PQ-GVCV-RC9V

Vulnerability from github – Published: 2025-10-24 21:31 – Updated: 2025-10-24 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

tty: goldfish: Fix free_irq() on remove

Pass the correct dev_id to free_irq() to fix this splat when the driver is unbound:

WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irq Trying to free already-free IRQ 65 Call Trace: warn_slowpath_fmt free_irq goldfish_tty_remove platform_remove device_remove device_release_driver_internal device_driver_detach unbind_store drv_attr_store ...

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49724"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:48Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: goldfish: Fix free_irq() on remove\n\nPass the correct dev_id to free_irq() to fix this splat when the driver\nis unbound:\n\n WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irq\n Trying to free already-free IRQ 65\n Call Trace:\n  warn_slowpath_fmt\n  free_irq\n  goldfish_tty_remove\n  platform_remove\n  device_remove\n  device_release_driver_internal\n  device_driver_detach\n  unbind_store\n  drv_attr_store\n  ...",
  "id": "GHSA-26pq-gvcv-rc9v",
  "modified": "2025-10-24T21:31:09Z",
  "published": "2025-10-24T21:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49724"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/499e13aac6c762e1e828172b0f0f5275651d6512"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/65ca4db68b6819244df9024aea4be55edf8af1ef"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a6fcd7ffd76a9c1d998a2d02d518c78a55c5bed8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c4b0b8edccb0cfb15a8cecf4161e0571d3daac64"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c83a1d40dc624070a203eb383ef9fb60eb634136"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f7183c76d500324b8b5bd0af5e663cfa57b7b836"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fb15e79cacddfbc62264e6e807bde50ad688e988"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-26PV-M6P4-24P9

Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:32
VLAI
Details

Tungsten Automation Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of XPS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24464.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9748"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-22T21:15:28Z",
    "severity": "HIGH"
  },
  "details": "Tungsten Automation Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24464.",
  "id": "GHSA-26pv-m6p4-24p9",
  "modified": "2024-11-22T21:32:20Z",
  "published": "2024-11-22T21:32:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9748"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1339"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-26RF-29MW-GF9H

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-16 15:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

of: unittest: fix use-after-free in testdrv_probe()

The function testdrv_probe() retrieves the device_node from the PCI device, applies an overlay, and then immediately calls of_node_put(dn). This releases the reference held by the PCI core, potentially freeing the node if the reference count drops to zero. Later, the same freed pointer 'dn' is passed to of_platform_default_populate(), leading to a use-after-free.

The reference to pdev->dev.of_node is owned by the device model and should not be released by the driver. Remove the erroneous of_node_put() to prevent premature freeing.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45989"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:16Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: unittest: fix use-after-free in testdrv_probe()\n\nThe function testdrv_probe() retrieves the device_node from the PCI\ndevice, applies an overlay, and then immediately calls of_node_put(dn).\nThis releases the reference held by the PCI core, potentially freeing\nthe node if the reference count drops to zero. Later, the same freed\npointer \u0027dn\u0027 is passed to of_platform_default_populate(), leading to a\nuse-after-free.\n\nThe reference to pdev-\u003edev.of_node is owned by the device model and\nshould not be released by the driver. Remove the erroneous of_node_put()\nto prevent premature freeing.",
  "id": "GHSA-26rf-29mw-gf9h",
  "modified": "2026-06-16T15:33:39Z",
  "published": "2026-05-27T15:33:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45989"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/07fd339b2c253205794bea5d9b4b7548a4546c56"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0ba03e06f037df704d9b032e36d417633e2326bc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5b6122a67a295f8a08b7c18d908a1bd974dfaec8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6b2023286d2c6ed3bf964fb92e34c9c14d42eb69"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d68347b07b9801791c9eaab8f772770b52b8cd5c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-26V4-WJ6C-25PG

Vulnerability from github – Published: 2022-05-14 01:14 – Updated: 2022-05-14 01:14
VLAI
Details

In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9517"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-07T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.",
  "id": "GHSA-26v4-wj6c-25pg",
  "modified": "2022-05-14T01:14:00Z",
  "published": "2022-05-14T01:14:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9517"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2029"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2043"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2018-09-01"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3932-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3932-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-26V8-FFH8-7VQG

Vulnerability from github – Published: 2022-05-14 01:38 – Updated: 2025-11-16 18:30
VLAI
Details

Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-15982"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-18T17:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-26v8-ffh8-7vqg",
  "modified": "2025-11-16T18:30:14Z",
  "published": "2022-05-14T01:38:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15982"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cisagov/vulnrichment/issues/195"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3795"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-42.html"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-15982"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/46051"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106116"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-26WC-246G-R3WF

Vulnerability from github – Published: 2025-09-18 18:30 – Updated: 2025-12-11 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

xsk: Fix xsk_diag use-after-free error during socket cleanup

Fix a use-after-free error that is possible if the xsk_diag interface is used after the socket has been unbound from the device. This can happen either due to the socket being closed or the device disappearing. In the early days of AF_XDP, the way we tested that a socket was not bound to a device was to simply check if the netdevice pointer in the xsk socket structure was NULL. Later, a better system was introduced by having an explicit state variable in the xsk socket struct. For example, the state of a socket that is on the way to being closed and has been unbound from the device is XSK_UNBOUND.

The commit in the Fixes tag below deleted the old way of signalling that a socket is unbound, setting dev to NULL. This in the belief that all code using the old way had been exterminated. That was unfortunately not true as the xsk diagnostics code was still using the old way and thus does not work as intended when a socket is going down. Fix this by introducing a test against the state variable. If the socket is in the state XSK_UNBOUND, simply abort the diagnostic's netlink operation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53426"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T16:15:46Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix xsk_diag use-after-free error during socket cleanup\n\nFix a use-after-free error that is possible if the xsk_diag interface\nis used after the socket has been unbound from the device. This can\nhappen either due to the socket being closed or the device\ndisappearing. In the early days of AF_XDP, the way we tested that a\nsocket was not bound to a device was to simply check if the netdevice\npointer in the xsk socket structure was NULL. Later, a better system\nwas introduced by having an explicit state variable in the xsk socket\nstruct. For example, the state of a socket that is on the way to being\nclosed and has been unbound from the device is XSK_UNBOUND.\n\nThe commit in the Fixes tag below deleted the old way of signalling\nthat a socket is unbound, setting dev to NULL. This in the belief that\nall code using the old way had been exterminated. That was\nunfortunately not true as the xsk diagnostics code was still using the\nold way and thus does not work as intended when a socket is going\ndown. Fix this by introducing a test against the state variable. If\nthe socket is in the state XSK_UNBOUND, simply abort the diagnostic\u0027s\nnetlink operation.",
  "id": "GHSA-26wc-246g-r3wf",
  "modified": "2025-12-11T15:30:30Z",
  "published": "2025-09-18T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53426"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3e019d8a05a38abb5c85d4f1e85fda964610aa14"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/595931912357fa3507e522a7f8a0a76e423c23e4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5979985f2d6b565b6cf0f79a62670a2855c0e96c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6436973164ea5506a495f39e56be5aea375e7832"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2729-WMG7-HCHX

Vulnerability from github – Published: 2025-08-03 00:30 – Updated: 2025-08-03 00:30
VLAI
Details

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23281"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-02T22:15:44Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.",
  "id": "GHSA-2729-wmg7-hchx",
  "modified": "2025-08-03T00:30:24Z",
  "published": "2025-08-03T00:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23281"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5670"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-272M-XFQ8-PQMQ

Vulnerability from github – Published: 2024-04-02 21:30 – Updated: 2024-04-02 21:30
VLAI
Details

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23355.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-30371"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-02T21:15:50Z",
    "severity": "HIGH"
  },
  "details": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23355.",
  "id": "GHSA-272m-xfq8-pqmq",
  "modified": "2024-04-02T21:30:31Z",
  "published": "2024-04-02T21:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30371"
    },
    {
      "type": "WEB",
      "url": "https://www.foxit.com/support/security-bulletins.html"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-346"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.