CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9820 vulnerabilities reference this CWE, most recent first.
GHSA-2H7M-JH29-4FMG
Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 15:35Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2026-13918"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T23:17:05Z",
"severity": "HIGH"
},
"details": "Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-2h7m-jh29-4fmg",
"modified": "2026-07-01T15:35:03Z",
"published": "2026-07-01T00:34:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13918"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/509712284"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2H7P-XM3F-96JX
Vulnerability from github – Published: 2022-05-17 02:21 – Updated: 2022-05-17 02:21Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.
{
"affected": [],
"aliases": [
"CVE-2016-6963"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-10-13T19:59:00Z",
"severity": "CRITICAL"
},
"details": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",
"id": "GHSA-2h7p-xm3f-96jx",
"modified": "2022-05-17T02:21:29Z",
"published": "2022-05-17T02:21:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6963"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93491"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036986"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2H9J-HXW7-2JF3
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2026-47290"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:17:17Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.",
"id": "GHSA-2h9j-hxw7-2jf3",
"modified": "2026-07-14T18:32:13Z",
"published": "2026-07-14T18:32:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47290"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47290"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2H9X-7QVF-96J8
Vulnerability from github – Published: 2023-12-05 03:30 – Updated: 2023-12-05 03:30Memory Corruption in Audio while invoking IOCTLs calls from the user-space.
{
"affected": [],
"aliases": [
"CVE-2023-22668"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-05T03:15:08Z",
"severity": "MODERATE"
},
"details": "Memory Corruption in Audio while invoking IOCTLs calls from the user-space.",
"id": "GHSA-2h9x-7qvf-96j8",
"modified": "2023-12-05T03:30:22Z",
"published": "2023-12-05T03:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22668"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2HFR-4CGX-VGJV
Vulnerability from github – Published: 2022-04-06 00:01 – Updated: 2022-04-12 00:00Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2022-0605"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-05T00:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-2hfr-4cgx-vgjv",
"modified": "2022-04-12T00:00:49Z",
"published": "2022-04-06T00:01:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0605"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1286940"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2HGR-CPRG-9825
Vulnerability from github – Published: 2026-06-09 00:33 – Updated: 2026-06-09 03:31Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-11649"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T00:16:47Z",
"severity": "HIGH"
},
"details": "Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-2hgr-cprg-9825",
"modified": "2026-06-09T03:31:39Z",
"published": "2026-06-09T00:33:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11649"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/511270083"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2HH5-254V-JPF4
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix use-after-free of encap entry in neigh update handler
Function mlx5e_rep_neigh_update() wasn't updated to accommodate rtnl lock removal from TC filter update path and properly handle concurrent encap entry insertion/deletion which can lead to following use-after-free:
[23827.464923] ================================================================== [23827.469446] BUG: KASAN: use-after-free in mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.470971] Read of size 4 at addr ffff8881d132228c by task kworker/u20:6/21635 [23827.472251] [23827.472615] CPU: 9 PID: 21635 Comm: kworker/u20:6 Not tainted 5.13.0-rc3+ #5 [23827.473788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [23827.475639] Workqueue: mlx5e mlx5e_rep_neigh_update [mlx5_core] [23827.476731] Call Trace: [23827.477260] dump_stack+0xbb/0x107 [23827.477906] print_address_description.constprop.0+0x18/0x140 [23827.478896] ? mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.479879] ? mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.480905] kasan_report.cold+0x7c/0xd8 [23827.481701] ? mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.482744] kasan_check_range+0x145/0x1a0 [23827.493112] mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.494054] ? mlx5e_tc_tun_encap_info_equal_generic+0x140/0x140 [mlx5_core] [23827.495296] mlx5e_rep_neigh_update+0x41e/0x5e0 [mlx5_core] [23827.496338] ? mlx5e_rep_neigh_entry_release+0xb80/0xb80 [mlx5_core] [23827.497486] ? read_word_at_a_time+0xe/0x20 [23827.498250] ? strscpy+0xa0/0x2a0 [23827.498889] process_one_work+0x8ac/0x14e0 [23827.499638] ? lockdep_hardirqs_on_prepare+0x400/0x400 [23827.500537] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [23827.501359] ? rwlock_bug.part.0+0x90/0x90 [23827.502116] worker_thread+0x53b/0x1220 [23827.502831] ? process_one_work+0x14e0/0x14e0 [23827.503627] kthread+0x328/0x3f0 [23827.504254] ? _raw_spin_unlock_irq+0x24/0x40 [23827.505065] ? __kthread_bind_mask+0x90/0x90 [23827.505912] ret_from_fork+0x1f/0x30 [23827.506621] [23827.506987] Allocated by task 28248: [23827.507694] kasan_save_stack+0x1b/0x40 [23827.508476] __kasan_kmalloc+0x7c/0x90 [23827.509197] mlx5e_attach_encap+0xde1/0x1d40 [mlx5_core] [23827.510194] mlx5e_tc_add_fdb_flow+0x397/0xc40 [mlx5_core] [23827.511218] __mlx5e_add_fdb_flow+0x519/0xb30 [mlx5_core] [23827.512234] mlx5e_configure_flower+0x191c/0x4870 [mlx5_core] [23827.513298] tc_setup_cb_add+0x1d5/0x420 [23827.514023] fl_hw_replace_filter+0x382/0x6a0 [cls_flower] [23827.514975] fl_change+0x2ceb/0x4a51 [cls_flower] [23827.515821] tc_new_tfilter+0x89a/0x2070 [23827.516548] rtnetlink_rcv_msg+0x644/0x8c0 [23827.517300] netlink_rcv_skb+0x11d/0x340 [23827.518021] netlink_unicast+0x42b/0x700 [23827.518742] netlink_sendmsg+0x743/0xc20 [23827.519467] sock_sendmsg+0xb2/0xe0 [23827.520131] _syssendmsg+0x590/0x770 [23827.520851] _sys_sendmsg+0xd8/0x160 [23827.521552] __sys_sendmsg+0xb7/0x140 [23827.522238] do_syscall_64+0x3a/0x70 [23827.522907] entry_SYSCALL_64_after_hwframe+0x44/0xae [23827.523797] [23827.524163] Freed by task 25948: [23827.524780] kasan_save_stack+0x1b/0x40 [23827.525488] kasan_set_track+0x1c/0x30 [23827.526187] kasan_set_free_info+0x20/0x30 [23827.526968] __kasan_slab_free+0xed/0x130 [23827.527709] slab_free_freelist_hook+0xcf/0x1d0 [23827.528528] kmem_cache_free_bulk+0x33a/0x6e0 [23827.529317] kfree_rcu_work+0x55f/0xb70 [23827.530024] process_one_work+0x8ac/0x14e0 [23827.530770] worker_thread+0x53b/0x1220 [23827.531480] kthread+0x328/0x3f0 [23827.532114] ret_from_fork+0x1f/0x30 [23827.532785] [23827.533147] Last potentially related work creation: [23827.534007] kasan_save_stack+0x1b/0x40 [23827.534710] kasan_record_aux_stack+0xab/0xc0 [23827.535492] kvfree_call_rcu+0x31/0x7b0 [23827.536206] mlx5e_tc_del ---truncated---
{
"affected": [],
"aliases": [
"CVE-2021-47247"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:13Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix use-after-free of encap entry in neigh update handler\n\nFunction mlx5e_rep_neigh_update() wasn\u0027t updated to accommodate rtnl lock\nremoval from TC filter update path and properly handle concurrent encap\nentry insertion/deletion which can lead to following use-after-free:\n\n [23827.464923] ==================================================================\n [23827.469446] BUG: KASAN: use-after-free in mlx5e_encap_take+0x72/0x140 [mlx5_core]\n [23827.470971] Read of size 4 at addr ffff8881d132228c by task kworker/u20:6/21635\n [23827.472251]\n [23827.472615] CPU: 9 PID: 21635 Comm: kworker/u20:6 Not tainted 5.13.0-rc3+ #5\n [23827.473788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n [23827.475639] Workqueue: mlx5e mlx5e_rep_neigh_update [mlx5_core]\n [23827.476731] Call Trace:\n [23827.477260] dump_stack+0xbb/0x107\n [23827.477906] print_address_description.constprop.0+0x18/0x140\n [23827.478896] ? mlx5e_encap_take+0x72/0x140 [mlx5_core]\n [23827.479879] ? mlx5e_encap_take+0x72/0x140 [mlx5_core]\n [23827.480905] kasan_report.cold+0x7c/0xd8\n [23827.481701] ? mlx5e_encap_take+0x72/0x140 [mlx5_core]\n [23827.482744] kasan_check_range+0x145/0x1a0\n [23827.493112] mlx5e_encap_take+0x72/0x140 [mlx5_core]\n [23827.494054] ? mlx5e_tc_tun_encap_info_equal_generic+0x140/0x140 [mlx5_core]\n [23827.495296] mlx5e_rep_neigh_update+0x41e/0x5e0 [mlx5_core]\n [23827.496338] ? mlx5e_rep_neigh_entry_release+0xb80/0xb80 [mlx5_core]\n [23827.497486] ? read_word_at_a_time+0xe/0x20\n [23827.498250] ? strscpy+0xa0/0x2a0\n [23827.498889] process_one_work+0x8ac/0x14e0\n [23827.499638] ? lockdep_hardirqs_on_prepare+0x400/0x400\n [23827.500537] ? pwq_dec_nr_in_flight+0x2c0/0x2c0\n [23827.501359] ? rwlock_bug.part.0+0x90/0x90\n [23827.502116] worker_thread+0x53b/0x1220\n [23827.502831] ? process_one_work+0x14e0/0x14e0\n [23827.503627] kthread+0x328/0x3f0\n [23827.504254] ? _raw_spin_unlock_irq+0x24/0x40\n [23827.505065] ? __kthread_bind_mask+0x90/0x90\n [23827.505912] ret_from_fork+0x1f/0x30\n [23827.506621]\n [23827.506987] Allocated by task 28248:\n [23827.507694] kasan_save_stack+0x1b/0x40\n [23827.508476] __kasan_kmalloc+0x7c/0x90\n [23827.509197] mlx5e_attach_encap+0xde1/0x1d40 [mlx5_core]\n [23827.510194] mlx5e_tc_add_fdb_flow+0x397/0xc40 [mlx5_core]\n [23827.511218] __mlx5e_add_fdb_flow+0x519/0xb30 [mlx5_core]\n [23827.512234] mlx5e_configure_flower+0x191c/0x4870 [mlx5_core]\n [23827.513298] tc_setup_cb_add+0x1d5/0x420\n [23827.514023] fl_hw_replace_filter+0x382/0x6a0 [cls_flower]\n [23827.514975] fl_change+0x2ceb/0x4a51 [cls_flower]\n [23827.515821] tc_new_tfilter+0x89a/0x2070\n [23827.516548] rtnetlink_rcv_msg+0x644/0x8c0\n [23827.517300] netlink_rcv_skb+0x11d/0x340\n [23827.518021] netlink_unicast+0x42b/0x700\n [23827.518742] netlink_sendmsg+0x743/0xc20\n [23827.519467] sock_sendmsg+0xb2/0xe0\n [23827.520131] ____sys_sendmsg+0x590/0x770\n [23827.520851] ___sys_sendmsg+0xd8/0x160\n [23827.521552] __sys_sendmsg+0xb7/0x140\n [23827.522238] do_syscall_64+0x3a/0x70\n [23827.522907] entry_SYSCALL_64_after_hwframe+0x44/0xae\n [23827.523797]\n [23827.524163] Freed by task 25948:\n [23827.524780] kasan_save_stack+0x1b/0x40\n [23827.525488] kasan_set_track+0x1c/0x30\n [23827.526187] kasan_set_free_info+0x20/0x30\n [23827.526968] __kasan_slab_free+0xed/0x130\n [23827.527709] slab_free_freelist_hook+0xcf/0x1d0\n [23827.528528] kmem_cache_free_bulk+0x33a/0x6e0\n [23827.529317] kfree_rcu_work+0x55f/0xb70\n [23827.530024] process_one_work+0x8ac/0x14e0\n [23827.530770] worker_thread+0x53b/0x1220\n [23827.531480] kthread+0x328/0x3f0\n [23827.532114] ret_from_fork+0x1f/0x30\n [23827.532785]\n [23827.533147] Last potentially related work creation:\n [23827.534007] kasan_save_stack+0x1b/0x40\n [23827.534710] kasan_record_aux_stack+0xab/0xc0\n [23827.535492] kvfree_call_rcu+0x31/0x7b0\n [23827.536206] mlx5e_tc_del\n---truncated---",
"id": "GHSA-2hh5-254v-jpf4",
"modified": "2025-11-03T21:31:05Z",
"published": "2024-05-21T15:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47247"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0d1e7a7964ce6abb28883a3906bbc20fe0009f03"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b6447b72aca571632e71bb73a797118d5ce46a93"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fb1a3132ee1ac968316e45d21a48703a6db0b6c3"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2HHC-69MG-J8FR
Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-32075"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T18:17:08Z",
"severity": "HIGH"
},
"details": "Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-2hhc-69mg-j8fr",
"modified": "2026-04-14T18:30:39Z",
"published": "2026-04-14T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32075"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32075"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2HMQ-PR23-R74W
Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2025-59243"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-14T17:16:06Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.",
"id": "GHSA-2hmq-pr23-r74w",
"modified": "2025-10-14T18:30:35Z",
"published": "2025-10-14T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59243"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59243"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2HQ2-46WF-3MHV
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-26 21:30In the Linux kernel, the following vulnerability has been resolved:
net: qcom/emac: fix UAF in emac_remove
adpt is netdev private data and it cannot be used after free_netdev() call. Using adpt after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function.
{
"affected": [],
"aliases": [
"CVE-2021-47311"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:18Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qcom/emac: fix UAF in emac_remove\n\nadpt is netdev private data and it cannot be\nused after free_netdev() call. Using adpt after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.",
"id": "GHSA-2hq2-46wf-3mhv",
"modified": "2024-12-26T21:30:35Z",
"published": "2024-05-21T15:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47311"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/11e9d163d631198bb3eb41a677a61b499516c0f7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2b70ca92847c619d6264c7372ef74fcbfd1e048c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4d04a42b926e682140776e54188f4a44f1f01a81"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8a225a6e07a57a1538d53637cb3d82bd3e477839"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ad297cd2db8953e2202970e9504cab247b6c7cb4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b1e091331920f8fbfc747dcbd16263fcd71abb2d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b560521eca03d0a2db6093a5a632cbdd0a0cf833"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.