Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9811 vulnerabilities reference this CWE, most recent first.

GHSA-7Q6Q-PPP8-9GR5

Vulnerability from github – Published: 2025-01-15 15:31 – Updated: 2025-01-21 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Skip restore TC rules for vport rep without loaded flag

During driver unload, unregister_netdev is called after unloading vport rep. So, the mlx5e_rep_priv is already freed while trying to get rpriv->netdev, or walk rpriv->tc_ht, which results in use-after-free. So add the checking to make sure access the data of vport rep which is still loaded.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57801"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-15T13:15:11Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Skip restore TC rules for vport rep without loaded flag\n\nDuring driver unload, unregister_netdev is called after unloading\nvport rep. So, the mlx5e_rep_priv is already freed while trying to get\nrpriv-\u003enetdev, or walk rpriv-\u003etc_ht, which results in use-after-free.\nSo add the checking to make sure access the data of vport rep which is\nstill loaded.",
  "id": "GHSA-7q6q-ppp8-9gr5",
  "modified": "2025-01-21T18:31:05Z",
  "published": "2025-01-15T15:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57801"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3e45dd1622a2c1a83c11bf42fdd8c1810123d6c0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/47c78d3fc26e38ab805613a0f592dc8a820c7c64"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a03b368562a7ff5f5f1f63b5adf8309cbdbd5be"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7Q72-8F9R-V4MW

Vulnerability from github – Published: 2025-10-01 21:31 – Updated: 2025-10-27 06:30
VLAI
Details

A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service (DoS) via supplying a crafted PDF file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-46205"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T19:15:35Z",
    "severity": "HIGH"
  },
  "details": "A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service (DoS) via supplying a crafted PDF file.",
  "id": "GHSA-7q72-8f9r-v4mw",
  "modified": "2025-10-27T06:30:26Z",
  "published": "2025-10-01T21:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46205"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ShadowByte1/CVE-Reports/issues/1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ShadowByte1/CVE-Reports/blob/main/CVE-2025-46205.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/podofo/podofo"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7Q7H-GMQW-H5W5

Vulnerability from github – Published: 2022-04-25 00:00 – Updated: 2022-05-05 00:00
VLAI
Details

heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1444"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-23T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service.",
  "id": "GHSA-7q7h-gmqw-h5w5",
  "modified": "2022-05-05T00:00:41Z",
  "published": "2022-04-25T00:00:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1444"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radareorg/radare2/commit/14189710859c27981adb4c2c2aed2863c1859ec5"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/b438a940-f8a4-4872-b030-59bdd1ab72aa"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7Q7M-RC75-VRR5

Vulnerability from github – Published: 2026-03-11 00:31 – Updated: 2026-03-11 00:31
VLAI
Details

Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-27278"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T22:16:18Z",
    "severity": "HIGH"
  },
  "details": "Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-7q7m-rc75-vrr5",
  "modified": "2026-03-11T00:31:32Z",
  "published": "2026-03-11T00:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27278"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb26-26.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7QCX-JCP4-QG47

Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27
VLAI
Details

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-3021"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-02-16T20:55:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading.",
  "id": "GHSA-7qcx-jcp4-qg47",
  "modified": "2022-05-13T01:27:15Z",
  "published": "2022-05-13T01:27:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3021"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15020"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=111779"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48016"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5400"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5485"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5503"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-7QG9-9X35-J2QF

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2025-11-04 00:30
VLAI
Details

The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36086"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-01T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).",
  "id": "GHSA-7qg9-9x35-j2qf",
  "modified": "2025-11-04T00:30:29Z",
  "published": "2022-05-24T19:06:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36086"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250207-0004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7QH3-2Q2V-3794

Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35
VLAI
Details

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-12451"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-17T13:20:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-7qh3-2q2v-3794",
  "modified": "2026-06-17T18:35:46Z",
  "published": "2026-06-17T18:35:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12451"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/514741076"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7QH8-79V7-JQC7

Vulnerability from github – Published: 2023-07-12 09:30 – Updated: 2024-04-04 06:02
VLAI
Details

A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2762"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-12T08:15:09Z",
    "severity": "HIGH"
  },
  "details": "A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file.",
  "id": "GHSA-7qh8-79v7-jqc7",
  "modified": "2024-04-04T06:02:14Z",
  "published": "2023-07-12T09:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2762"
    },
    {
      "type": "WEB",
      "url": "https://www.3ds.com/vulnerability/advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7QHG-WPC6-3FF5

Vulnerability from github – Published: 2025-08-12 18:31 – Updated: 2025-11-03 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

xfrm: interface: fix use-after-free after changing collect_md xfrm interface

collect_md property on xfrm interfaces can only be set on device creation, thus xfrmi_changelink() should fail when called on such interfaces.

The check to enforce this was done only in the case where the xi was returned from xfrmi_locate() which doesn't look for the collect_md interface, and thus the validation was never reached.

Calling changelink would thus errornously place the special interface xi in the xfrmi_net->xfrmi hash, but since it also exists in the xfrmi_net->collect_md_xfrmi pointer it would lead to a double free when the net namespace was taken down [1].

Change the check to use the xi from netdev_priv which is available earlier in the function to prevent changes in xfrm collect_md interfaces.

[1] resulting oops: [ 8.516540] kernel BUG at net/core/dev.c:12029! [ 8.516552] Oops: invalid opcode: 0000 [#1] SMP NOPTI [ 8.516559] CPU: 0 UID: 0 PID: 12 Comm: kworker/u80:0 Not tainted 6.15.0-virtme #5 PREEMPT(voluntary) [ 8.516565] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 8.516569] Workqueue: netns cleanup_net [ 8.516579] RIP: 0010:unregister_netdevice_many_notify+0x101/0xab0 [ 8.516590] Code: 90 0f 0b 90 48 8b b0 78 01 00 00 48 8b 90 80 01 00 00 48 89 56 08 48 89 32 4c 89 80 78 01 00 00 48 89 b8 80 01 00 00 eb ac 90 <0f> 0b 48 8b 45 00 4c 8d a0 88 fe ff ff 48 39 c5 74 5c 41 80 bc 24 [ 8.516593] RSP: 0018:ffffa93b8006bd30 EFLAGS: 00010206 [ 8.516598] RAX: ffff98fe4226e000 RBX: ffffa93b8006bd58 RCX: ffffa93b8006bc60 [ 8.516601] RDX: 0000000000000004 RSI: 0000000000000000 RDI: dead000000000122 [ 8.516603] RBP: ffffa93b8006bdd8 R08: dead000000000100 R09: ffff98fe4133c100 [ 8.516605] R10: 0000000000000000 R11: 00000000000003d2 R12: ffffa93b8006be00 [ 8.516608] R13: ffffffff96c1a510 R14: ffffffff96c1a510 R15: ffffa93b8006be00 [ 8.516615] FS: 0000000000000000(0000) GS:ffff98fee73b7000(0000) knlGS:0000000000000000 [ 8.516619] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 8.516622] CR2: 00007fcd2abd0700 CR3: 000000003aa40000 CR4: 0000000000752ef0 [ 8.516625] PKRU: 55555554 [ 8.516627] Call Trace: [ 8.516632] [ 8.516635] ? rtnl_is_locked+0x15/0x20 [ 8.516641] ? unregister_netdevice_queue+0x29/0xf0 [ 8.516650] ops_undo_list+0x1f2/0x220 [ 8.516659] cleanup_net+0x1ad/0x2e0 [ 8.516664] process_one_work+0x160/0x380 [ 8.516673] worker_thread+0x2aa/0x3c0 [ 8.516679] ? __pfx_worker_thread+0x10/0x10 [ 8.516686] kthread+0xfb/0x200 [ 8.516690] ? __pfx_kthread+0x10/0x10 [ 8.516693] ? __pfx_kthread+0x10/0x10 [ 8.516697] ret_from_fork+0x82/0xf0 [ 8.516705] ? __pfx_kthread+0x10/0x10 [ 8.516709] ret_from_fork_asm+0x1a/0x30 [ 8.516718]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38500"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-12T16:15:27Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: interface: fix use-after-free after changing collect_md xfrm interface\n\ncollect_md property on xfrm interfaces can only be set on device creation,\nthus xfrmi_changelink() should fail when called on such interfaces.\n\nThe check to enforce this was done only in the case where the xi was\nreturned from xfrmi_locate() which doesn\u0027t look for the collect_md\ninterface, and thus the validation was never reached.\n\nCalling changelink would thus errornously place the special interface xi\nin the xfrmi_net-\u003exfrmi hash, but since it also exists in the\nxfrmi_net-\u003ecollect_md_xfrmi pointer it would lead to a double free when\nthe net namespace was taken down [1].\n\nChange the check to use the xi from netdev_priv which is available earlier\nin the function to prevent changes in xfrm collect_md interfaces.\n\n[1] resulting oops:\n[    8.516540] kernel BUG at net/core/dev.c:12029!\n[    8.516552] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[    8.516559] CPU: 0 UID: 0 PID: 12 Comm: kworker/u80:0 Not tainted 6.15.0-virtme #5 PREEMPT(voluntary)\n[    8.516565] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[    8.516569] Workqueue: netns cleanup_net\n[    8.516579] RIP: 0010:unregister_netdevice_many_notify+0x101/0xab0\n[    8.516590] Code: 90 0f 0b 90 48 8b b0 78 01 00 00 48 8b 90 80 01 00 00 48 89 56 08 48 89 32 4c 89 80 78 01 00 00 48 89 b8 80 01 00 00 eb ac 90 \u003c0f\u003e 0b 48 8b 45 00 4c 8d a0 88 fe ff ff 48 39 c5 74 5c 41 80 bc 24\n[    8.516593] RSP: 0018:ffffa93b8006bd30 EFLAGS: 00010206\n[    8.516598] RAX: ffff98fe4226e000 RBX: ffffa93b8006bd58 RCX: ffffa93b8006bc60\n[    8.516601] RDX: 0000000000000004 RSI: 0000000000000000 RDI: dead000000000122\n[    8.516603] RBP: ffffa93b8006bdd8 R08: dead000000000100 R09: ffff98fe4133c100\n[    8.516605] R10: 0000000000000000 R11: 00000000000003d2 R12: ffffa93b8006be00\n[    8.516608] R13: ffffffff96c1a510 R14: ffffffff96c1a510 R15: ffffa93b8006be00\n[    8.516615] FS:  0000000000000000(0000) GS:ffff98fee73b7000(0000) knlGS:0000000000000000\n[    8.516619] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[    8.516622] CR2: 00007fcd2abd0700 CR3: 000000003aa40000 CR4: 0000000000752ef0\n[    8.516625] PKRU: 55555554\n[    8.516627] Call Trace:\n[    8.516632]  \u003cTASK\u003e\n[    8.516635]  ? rtnl_is_locked+0x15/0x20\n[    8.516641]  ? unregister_netdevice_queue+0x29/0xf0\n[    8.516650]  ops_undo_list+0x1f2/0x220\n[    8.516659]  cleanup_net+0x1ad/0x2e0\n[    8.516664]  process_one_work+0x160/0x380\n[    8.516673]  worker_thread+0x2aa/0x3c0\n[    8.516679]  ? __pfx_worker_thread+0x10/0x10\n[    8.516686]  kthread+0xfb/0x200\n[    8.516690]  ? __pfx_kthread+0x10/0x10\n[    8.516693]  ? __pfx_kthread+0x10/0x10\n[    8.516697]  ret_from_fork+0x82/0xf0\n[    8.516705]  ? __pfx_kthread+0x10/0x10\n[    8.516709]  ret_from_fork_asm+0x1a/0x30\n[    8.516718]  \u003c/TASK\u003e",
  "id": "GHSA-7qhg-wpc6-3ff5",
  "modified": "2025-11-03T18:31:33Z",
  "published": "2025-08-12T18:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38500"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5918c3f4800a3aef2173865e5903370f21e24f47"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/69a31f7a6a81f5ffd3812c442e09ff0be22960f1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a8d4748b954584ab7bd800f1a4e46d5b0eeb5ce4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a90b2a1aaacbcf0f91d7e4868ad6c51c5dee814b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bfebdb85496e1da21d3cf05de099210915c3e706"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7QJC-W955-MQ5C

Vulnerability from github – Published: 2023-02-07 21:30 – Updated: 2023-02-16 15:30
VLAI
Details

Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0699"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-07T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium)",
  "id": "GHSA-7qjc-w955-mq5c",
  "modified": "2023-02-16T15:30:29Z",
  "published": "2023-02-07T21:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0699"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1371859"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202309-17"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.