Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-69PX-R2HQ-HMW3

Vulnerability from github – Published: 2022-05-14 01:04 – Updated: 2022-05-14 01:04
VLAI
Details

Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-0131"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-03-24T16:40:00Z",
    "severity": "LOW"
  },
  "details": "Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.",
  "id": "GHSA-69px-r2hq-hmw3",
  "modified": "2022-05-14T01:04:04Z",
  "published": "2022-05-14T01:04:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0131"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/1fd819ecb90cc9b822cd84d3056ddba315d3340f"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1074589"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1fd819ecb90cc9b822cd84d3056ddba315d3340f"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1fd819ecb90cc9b822cd84d3056ddba315d3340f"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/03/10/4"
    },
    {
      "type": "WEB",
      "url": "http://www.spinics.net/lists/netdev/msg274250.html"
    },
    {
      "type": "WEB",
      "url": "http://www.spinics.net/lists/netdev/msg274316.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-69Q2-QMCC-6RH3

Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31
VLAI
Details

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49677"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T17:15:52Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-69q2-qmcc-6rh3",
  "modified": "2025-07-08T18:31:46Z",
  "published": "2025-07-08T18:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49677"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49677"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-69Q9-9JGH-W2QC

Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-05-24 19:01
VLAI
Details

A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1891"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-07T09:15:00Z",
    "severity": "HIGH"
  },
  "details": "A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
  "id": "GHSA-69q9-9jgh-w2qc",
  "modified": "2022-05-24T19:01:48Z",
  "published": "2022-05-24T19:01:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1891"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-69VJ-962M-HMHV

Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2022-05-24 17:32
VLAI
Details

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-8846"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-27T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.",
  "id": "GHSA-69vj-962m-hmhv",
  "modified": "2022-05-24T17:32:27Z",
  "published": "2022-05-24T17:32:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8846"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT210785"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT210790"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT210792"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT210793"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT210794"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT210795"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-69VV-8R9H-G8X5

Vulnerability from github – Published: 2022-10-21 12:00 – Updated: 2022-10-24 19:00
VLAI
Details

A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3625"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-21T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.",
  "id": "GHSA-69vv-8r9h-g8x5",
  "modified": "2022-10-24T19:00:17Z",
  "published": "2022-10-21T12:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3625"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=6b4db2e528f650c7fb712961aac36455468d5902"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.211929"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-69W2-8RXH-W4M7

Vulnerability from github – Published: 2024-08-21 00:30 – Updated: 2025-09-29 18:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix CT entry update leaks of modify header context

The cited commit allocates a new modify header to replace the old one when updating CT entry. But if failed to allocate a new one, eg. exceed the max number firmware can support, modify header will be an error pointer that will trigger a panic when deallocating it. And the old modify header point is copied to old attr. When the old attr is freed, the old modify header is lost.

Fix it by restoring the old attr to attr when failed to allocate a new modify header context. So when the CT entry is freed, the right modify header context will be freed. And the panic of accessing error pointer is also fixed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43864"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-21T00:15:04Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix CT entry update leaks of modify header context\n\nThe cited commit allocates a new modify header to replace the old\none when updating CT entry. But if failed to allocate a new one, eg.\nexceed the max number firmware can support, modify header will be\nan error pointer that will trigger a panic when deallocating it. And\nthe old modify header point is copied to old attr. When the old\nattr is freed, the old modify header is lost.\n\nFix it by restoring the old attr to attr when failed to allocate a\nnew modify header context. So when the CT entry is freed, the right\nmodify header context will be freed. And the panic of accessing\nerror pointer is also fixed.",
  "id": "GHSA-69w2-8rxh-w4m7",
  "modified": "2025-09-29T18:33:08Z",
  "published": "2024-08-21T00:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43864"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/025f2b85a5e5a46df14ecf162c3c80a957a36d0b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/89064d09c56b44c668509bf793c410484f63f5ad"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/daab2cc17b6b6ab158566bba037e9551fd432b59"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-69W4-9W32-V3QH

Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2026-02-25 18:31
VLAI
Details

A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-14381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-03T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in the Linux kernel\u2019s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
  "id": "GHSA-69w4-9w32-v3qh",
  "modified": "2026-02-25T18:31:18Z",
  "published": "2022-05-24T22:28:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14381"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874311"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-69W7-5X2M-P8CP

Vulnerability from github – Published: 2024-03-01 00:30 – Updated: 2024-12-10 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

regmap: set debugfs_name to NULL after it is freed

There is a upstream commit cffa4b2122f5("regmap:debugfs: Fix a memory leak when calling regmap_attach_dev") that adds a if condition when create name for debugfs_name. With below function invoking logical, debugfs_name is freed in regmap_debugfs_exit(), but it is not created again because of the if condition introduced by above commit. regmap_reinit_cache() regmap_debugfs_exit() ... regmap_debugfs_init() So, set debugfs_name to NULL after it is freed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47058"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-29T23:15:07Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: set debugfs_name to NULL after it is freed\n\nThere is a upstream commit cffa4b2122f5(\"regmap:debugfs:\nFix a memory leak when calling regmap_attach_dev\") that\nadds a if condition when create name for debugfs_name.\nWith below function invoking logical, debugfs_name is\nfreed in regmap_debugfs_exit(), but it is not created again\nbecause of the if condition introduced by above commit.\nregmap_reinit_cache()\n\tregmap_debugfs_exit()\n\t...\n\tregmap_debugfs_init()\nSo, set debugfs_name to NULL after it is freed.",
  "id": "GHSA-69w7-5x2m-p8cp",
  "modified": "2024-12-10T18:31:06Z",
  "published": "2024-03-01T00:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47058"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2dc1554d5f0fdaf47cc5bea442b84b9226fea867"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b9e569ae1da3a113b3acee8703c94777fd20938a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c764e375ae647832de1ee73d43a4bb3ef8a8f43d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d8897f7b2283a500666c85ef06e820df38ed7b52"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e41a962f82e7afb5b1ee644f48ad0b3aee656268"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb949f891226c012138ffd9df90d1e509f428ae6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-69WQ-WJ5C-P5C2

Vulnerability from github – Published: 2024-05-08 00:31 – Updated: 2024-05-08 00:31
VLAI
Details

Foxit PDF Editor Text Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14359.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34958"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-07T23:15:09Z",
    "severity": "HIGH"
  },
  "details": "Foxit PDF Editor Text Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14359.",
  "id": "GHSA-69wq-wj5c-p5c2",
  "modified": "2024-05-08T00:31:13Z",
  "published": "2024-05-08T00:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34958"
    },
    {
      "type": "WEB",
      "url": "https://www.foxit.com/support/security-bulletins.html"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1189"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-69X6-6JQX-Q847

Vulnerability from github – Published: 2024-08-06 15:30 – Updated: 2024-08-07 00:30
VLAI
Details

Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7527"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-06T13:15:57Z",
    "severity": "HIGH"
  },
  "details": "Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, and Firefox ESR \u003c 128.1.",
  "id": "GHSA-69x6-6jqx-q847",
  "modified": "2024-08-07T00:30:47Z",
  "published": "2024-08-06T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7527"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1871303"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-33"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-34"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-35"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-37"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-38"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.