Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9813 vulnerabilities reference this CWE, most recent first.

GHSA-87HP-RGGG-4JGW

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-50467"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T18:17:52Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.",
  "id": "GHSA-87hp-rggg-4jgw",
  "modified": "2026-07-14T18:32:25Z",
  "published": "2026-07-14T18:32:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50467"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50467"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-87HW-Q346-25WW

Vulnerability from github – Published: 2026-06-09 18:31 – Updated: 2026-06-09 18:31
VLAI
Details

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-48583"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T17:17:46Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-87hw-q346-25ww",
  "modified": "2026-06-09T18:31:01Z",
  "published": "2026-06-09T18:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48583"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-87JQ-RXJ7-28VF

Vulnerability from github – Published: 2025-02-27 21:32 – Updated: 2025-02-27 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/hfi1: Fix use-after-free bug for mm struct

Under certain conditions, such as MPI_Abort, the hfi1 cleanup code may represent the last reference held on the task mm. hfi1_mmu_rb_unregister() then drops the last reference and the mm is freed before the final use in hfi1_release_user_pages(). A new task may allocate the mm structure while it is still being used, resulting in problems. One manifestation is corruption of the mmap_sem counter leading to a hang in down_write(). Another is corruption of an mm struct that is in use by another task.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49076"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:44Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hfi1: Fix use-after-free bug for mm struct\n\nUnder certain conditions, such as MPI_Abort, the hfi1 cleanup code may\nrepresent the last reference held on the task mm.\nhfi1_mmu_rb_unregister() then drops the last reference and the mm is freed\nbefore the final use in hfi1_release_user_pages().  A new task may\nallocate the mm structure while it is still being used, resulting in\nproblems. One manifestation is corruption of the mmap_sem counter leading\nto a hang in down_write().  Another is corruption of an mm struct that is\nin use by another task.",
  "id": "GHSA-87jq-rxj7-28vf",
  "modified": "2025-02-27T21:32:10Z",
  "published": "2025-02-27T21:32:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49076"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b7186d657ee55e2cdefae498f07d5c1961e8023"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2bbac98d0930e8161b1957dc0ec99de39ade1b3c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a9a1b24ddb510715f8f621263938186579a965c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5f54364ff6cfcd14cddf5441c4a490bb28dd69f7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9ca11bd8222a612de0d2f54d050bfcf61ae2883f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-87QR-3HP3-X583

Vulnerability from github – Published: 2025-02-27 18:31 – Updated: 2025-02-27 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: pcm: Fix races among concurrent prealloc proc writes

We have no protection against concurrent PCM buffer preallocation changes via proc files, and it may potentially lead to UAF or some weird problem. This patch applies the PCM open_mutex to the proc write operation for avoiding the racy proc writes and the PCM stream open (and further operations).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49288"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:05Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix races among concurrent prealloc proc writes\n\nWe have no protection against concurrent PCM buffer preallocation\nchanges via proc files, and it may potentially lead to UAF or some\nweird problem.  This patch applies the PCM open_mutex to the proc\nwrite operation for avoiding the racy proc writes and the PCM stream\nopen (and further operations).",
  "id": "GHSA-87qr-3hp3-x583",
  "modified": "2025-02-27T18:31:08Z",
  "published": "2025-02-27T18:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49288"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/37b12c16beb6f6c1c3c678c1aacbc46525c250f7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/51fce708ab8986a9879ee5da946a2cc120f1036d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5ed8f8e3c4e59d0396b9ccf2e639711e24295bb6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/69534c48ba8ce552ce383b3dfdb271ffe51820c3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a21d2f323b5a978dedf9ff1d50f101f85e39b3f2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b560d670c87d7d40b3cf6949246fa4c7aa65a00a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e14dca613e0a6ddc2bf6e360f16936a9f865205b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e7786c445bb67a9a6e64f66ebd6b7215b153ff7d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-87XH-9Q6H-R5CC

Vulnerability from github – Published: 2022-01-06 22:00 – Updated: 2022-01-07 16:08
VLAI
Summary
Use After Free in rusqlite
Details

An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "rusqlite"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.25.0"
            },
            {
              "fixed": "0.25.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "rusqlite"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.26.0"
            },
            {
              "fixed": "0.26.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-45715"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-05T21:10:30Z",
    "nvd_published_at": "2021-12-26T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free.",
  "id": "GHSA-87xh-9q6h-r5cc",
  "modified": "2022-01-07T16:08:56Z",
  "published": "2022-01-06T22:00:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45715"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rusqlite/rusqlite/issues/1048"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rusqlite/rusqlite"
    },
    {
      "type": "WEB",
      "url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/rusqlite/RUSTSEC-2021-0128.md"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2021-0128.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Use After Free in rusqlite"
}

GHSA-87XR-WMM8-4MX3

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44
VLAI
Details

The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-16939"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-24T10:29:00Z",
    "severity": "HIGH"
  },
  "details": "The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.",
  "id": "GHSA-87xr-wmm8-4mx3",
  "modified": "2022-05-13T01:44:14Z",
  "published": "2022-05-13T01:44:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16939"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8ee709288ecba3e68044df2"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1318"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1355"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1170"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1190"
    },
    {
      "type": "WEB",
      "url": "https://blogs.securiteam.com/index.php/archives/3535"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1069702"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4082"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b5e2529a8f5ca8ee709288ecba3e68044df2"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2017/Nov/40"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101954"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-882G-VQHX-XPW2

Vulnerability from github – Published: 2022-12-05 21:30 – Updated: 2022-12-06 21:30
VLAI
Details

Use After Free in GitHub repository vim/vim prior to 9.0.0882.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4292"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-05T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use After Free in GitHub repository vim/vim prior to 9.0.0882.",
  "id": "GHSA-882g-vqhx-xpw2",
  "modified": "2022-12-06T21:30:46Z",
  "published": "2022-12-05T21:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4292"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vim/vim/commit/c3d27ada14acd02db357f2d16347acc22cb17e93"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/da3d4c47-e57a-451e-993d-9df0ed31f57b"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYC22GGZ6QA66HLNLHCTAJU265TT3O33"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-16"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230113-0005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-882J-JQ8H-6P6F

Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-12-21 15:30
VLAI
Details

An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33480"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-17T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c.",
  "id": "GHSA-882j-jq8h-6p6f",
  "modified": "2022-12-21T15:30:16Z",
  "published": "2022-05-24T19:20:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33480"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962854"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-28"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/jocr/bugs/40"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/jocr/bugs/41"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-883R-99MM-WC9G

Vulnerability from github – Published: 2022-02-12 00:01 – Updated: 2022-03-31 00:00
VLAI
Details

Use After Free in Conda vim prior to 8.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0413"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-30T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use After Free in Conda vim prior to 8.2.",
  "id": "GHSA-883r-99mm-wc9g",
  "modified": "2022-03-31T00:00:57Z",
  "published": "2022-02-12T00:01:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0413"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-32"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-888P-VVCC-Q364

Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16
VLAI
Details

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-9401"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-23T21:59:00Z",
    "severity": "MODERATE"
  },
  "details": "popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.",
  "id": "GHSA-888p-vvcc-q364",
  "modified": "2022-05-13T01:16:18Z",
  "published": "2022-05-13T01:16:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9401"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1931"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201701-02"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0725.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/11/17/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/11/17/9"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94398"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.