Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9811 vulnerabilities reference this CWE, most recent first.

GHSA-7V66-MW99-F72X

Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-04-27 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (powerz) Fix use-after-free on USB disconnect

After powerz_disconnect() frees the URB and releases the mutex, a subsequent powerz_read() call can acquire the mutex and call powerz_read_data(), which dereferences the freed URB pointer.

Fix by: - Setting priv->urb to NULL in powerz_disconnect() so that powerz_read_data() can detect the disconnected state. - Adding a !priv->urb check at the start of powerz_read_data() to return -ENODEV on a disconnected device. - Moving usb_set_intfdata() before hwmon registration so the disconnect handler can always find the priv pointer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31582"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-24T15:16:32Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (powerz) Fix use-after-free on USB disconnect\n\nAfter powerz_disconnect() frees the URB and releases the mutex, a\nsubsequent powerz_read() call can acquire the mutex and call\npowerz_read_data(), which dereferences the freed URB pointer.\n\nFix by:\n - Setting priv-\u003eurb to NULL in powerz_disconnect() so that\n   powerz_read_data() can detect the disconnected state.\n - Adding a !priv-\u003eurb check at the start of powerz_read_data()\n   to return -ENODEV on a disconnected device.\n - Moving usb_set_intfdata() before hwmon registration so the\n   disconnect handler can always find the priv pointer.",
  "id": "GHSA-7v66-mw99-f72x",
  "modified": "2026-04-27T21:30:48Z",
  "published": "2026-04-24T15:32:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31582"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/08e57f5e1a9067d5fbf33993aa7f51d60b3d13a4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/61f2aa23b0ce8d7aa5071ed25a7471e246a4fdd4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7003ae4810ca83f0ddca85b768500e313c4b998c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9e1b798257f96d2e2a2639830eb71add545ce749"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c78e1d4e48f23792adaa7c94251e22b0d9700a39"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7V7V-CF8J-P265

Vulnerability from github – Published: 2026-05-14 21:30 – Updated: 2026-05-15 00:30
VLAI
Details

Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8550"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-14T20:17:15Z",
    "severity": "MODERATE"
  },
  "details": "Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-7v7v-cf8j-p265",
  "modified": "2026-05-15T00:30:29Z",
  "published": "2026-05-14T21:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8550"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/498322453"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7V9G-2JG3-77X9

Vulnerability from github – Published: 2026-06-09 21:32 – Updated: 2026-06-09 21:32
VLAI
Details

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-47955"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T21:17:24Z",
    "severity": "HIGH"
  },
  "details": "Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-7v9g-2jg3-77x9",
  "modified": "2026-06-09T21:32:39Z",
  "published": "2026-06-09T21:32:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47955"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7VCC-F42V-GV2X

Vulnerability from github – Published: 2024-08-22 03:31 – Updated: 2024-09-12 15:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_queue: fix possible use-after-free

Eric Dumazet says: The sock_hold() side seems suspect, because there is no guarantee that sk_refcnt is not already 0.

On failure, we cannot queue the packet and need to indicate an error. The packet will be dropped by the caller.

v2: split skb prefetch hunk into separate change

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48911"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-22T02:15:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_queue: fix possible use-after-free\n\nEric Dumazet says:\n  The sock_hold() side seems suspect, because there is no guarantee\n  that sk_refcnt is not already 0.\n\nOn failure, we cannot queue the packet and need to indicate an\nerror.  The packet will be dropped by the caller.\n\nv2: split skb prefetch hunk into separate change",
  "id": "GHSA-7vcc-f42v-gv2x",
  "modified": "2024-09-12T15:32:59Z",
  "published": "2024-08-22T03:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48911"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/21b27b2baa27423286e9b8d3f0b194d587083d95"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/34dc4a6a7f261736ef7183868a5bddad31c7f9e3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/43c25da41e3091b31a906651a43e80a2719aa1ff"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4d05239203fa38ea8a6f31e228460da4cb17a71a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c3873070247d9e3c7a6b0cf9bf9b45e8018427b1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dcc3cb920bf7ba66ac5e9272293a9ba5f80917ee"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dd648bd1b33a828f62befa696b206c688da0ec43"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ef97921ccdc243170fcef857ba2a17cf697aece5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7VGW-9PV5-JMC7

Vulnerability from github – Published: 2022-04-12 00:00 – Updated: 2022-04-19 00:01
VLAI
Details

Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27834"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-11T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions.",
  "id": "GHSA-7vgw-9pv5-jmc7",
  "modified": "2022-04-19T00:01:12Z",
  "published": "2022-04-12T00:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27834"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7VH4-856X-687C

Vulnerability from github – Published: 2025-02-27 21:32 – Updated: 2025-02-27 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ref_tracker: implement use-after-free detection

Whenever ref_tracker_dir_init() is called, mark the struct ref_tracker_dir as dead.

Test the dead status from ref_tracker_alloc() and ref_tracker_free()

This should detect buggy dev_put()/dev_hold() happening too late in netdevice dismantle process.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49127"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:50Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nref_tracker: implement use-after-free detection\n\nWhenever ref_tracker_dir_init() is called, mark the struct ref_tracker_dir\nas dead.\n\nTest the dead status from ref_tracker_alloc() and ref_tracker_free()\n\nThis should detect buggy dev_put()/dev_hold() happening too late\nin netdevice dismantle process.",
  "id": "GHSA-7vh4-856x-687c",
  "modified": "2025-02-27T21:32:12Z",
  "published": "2025-02-27T21:32:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49127"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3743c9de303fa36c2e2ca2522ab280c52bcafbd2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e3ececfe668facd87d920b608349a32607060e66"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7VHX-C246-8GHC

Vulnerability from github – Published: 2024-11-23 03:31 – Updated: 2024-11-23 03:31
VLAI
Details

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25174.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9255"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-22T22:15:21Z",
    "severity": "HIGH"
  },
  "details": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25174.",
  "id": "GHSA-7vhx-c246-8ghc",
  "modified": "2024-11-23T03:31:59Z",
  "published": "2024-11-23T03:31:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9255"
    },
    {
      "type": "WEB",
      "url": "https://www.foxit.com/support/security-bulletins.html"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1308"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7VJ6-R4XQ-5HWX

Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the moveInstance method of a Form object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6505.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-17655"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-24T04:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the moveInstance method of a Form object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6505.",
  "id": "GHSA-7vj6-r4xq-5hwx",
  "modified": "2022-05-13T01:33:56Z",
  "published": "2022-05-13T01:33:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17655"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1211"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7VJF-C5MJ-643C

Vulnerability from github – Published: 2023-06-06 18:30 – Updated: 2024-04-04 04:36
VLAI
Details

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a use-after-free vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-28653"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-06T17:15:13Z",
    "severity": "HIGH"
  },
  "details": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nThe affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a use-after-free vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. \n\n \n\n \n\n \n\n\n\n \n\n\n\n\n\n\n\n",
  "id": "GHSA-7vjf-c5mj-643c",
  "modified": "2024-04-04T04:36:10Z",
  "published": "2023-06-06T18:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28653"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7VP2-V23X-FGC2

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Keystroke actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5572.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9968"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-17T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Keystroke actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5572.",
  "id": "GHSA-7vp2-v23x-fgc2",
  "modified": "2022-05-13T01:31:37Z",
  "published": "2022-05-13T01:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9968"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://zerodayinitiative.com/advisories/ZDI-18-352"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.