CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9813 vulnerabilities reference this CWE, most recent first.
GHSA-87HP-RGGG-4JGW
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2026-50467"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:17:52Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.",
"id": "GHSA-87hp-rggg-4jgw",
"modified": "2026-07-14T18:32:25Z",
"published": "2026-07-14T18:32:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50467"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50467"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-87HW-Q346-25WW
Vulnerability from github – Published: 2026-06-09 18:31 – Updated: 2026-06-09 18:31Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-48583"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T17:17:46Z",
"severity": "HIGH"
},
"details": "Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-87hw-q346-25ww",
"modified": "2026-06-09T18:31:01Z",
"published": "2026-06-09T18:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48583"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-87JQ-RXJ7-28VF
Vulnerability from github – Published: 2025-02-27 21:32 – Updated: 2025-02-27 21:32In the Linux kernel, the following vulnerability has been resolved:
RDMA/hfi1: Fix use-after-free bug for mm struct
Under certain conditions, such as MPI_Abort, the hfi1 cleanup code may represent the last reference held on the task mm. hfi1_mmu_rb_unregister() then drops the last reference and the mm is freed before the final use in hfi1_release_user_pages(). A new task may allocate the mm structure while it is still being used, resulting in problems. One manifestation is corruption of the mmap_sem counter leading to a hang in down_write(). Another is corruption of an mm struct that is in use by another task.
{
"affected": [],
"aliases": [
"CVE-2022-49076"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:44Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hfi1: Fix use-after-free bug for mm struct\n\nUnder certain conditions, such as MPI_Abort, the hfi1 cleanup code may\nrepresent the last reference held on the task mm.\nhfi1_mmu_rb_unregister() then drops the last reference and the mm is freed\nbefore the final use in hfi1_release_user_pages(). A new task may\nallocate the mm structure while it is still being used, resulting in\nproblems. One manifestation is corruption of the mmap_sem counter leading\nto a hang in down_write(). Another is corruption of an mm struct that is\nin use by another task.",
"id": "GHSA-87jq-rxj7-28vf",
"modified": "2025-02-27T21:32:10Z",
"published": "2025-02-27T21:32:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49076"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b7186d657ee55e2cdefae498f07d5c1961e8023"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2bbac98d0930e8161b1957dc0ec99de39ade1b3c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5a9a1b24ddb510715f8f621263938186579a965c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5f54364ff6cfcd14cddf5441c4a490bb28dd69f7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9ca11bd8222a612de0d2f54d050bfcf61ae2883f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-87QR-3HP3-X583
Vulnerability from github – Published: 2025-02-27 18:31 – Updated: 2025-02-27 18:31In the Linux kernel, the following vulnerability has been resolved:
ALSA: pcm: Fix races among concurrent prealloc proc writes
We have no protection against concurrent PCM buffer preallocation changes via proc files, and it may potentially lead to UAF or some weird problem. This patch applies the PCM open_mutex to the proc write operation for avoiding the racy proc writes and the PCM stream open (and further operations).
{
"affected": [],
"aliases": [
"CVE-2022-49288"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:05Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix races among concurrent prealloc proc writes\n\nWe have no protection against concurrent PCM buffer preallocation\nchanges via proc files, and it may potentially lead to UAF or some\nweird problem. This patch applies the PCM open_mutex to the proc\nwrite operation for avoiding the racy proc writes and the PCM stream\nopen (and further operations).",
"id": "GHSA-87qr-3hp3-x583",
"modified": "2025-02-27T18:31:08Z",
"published": "2025-02-27T18:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49288"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/37b12c16beb6f6c1c3c678c1aacbc46525c250f7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/51fce708ab8986a9879ee5da946a2cc120f1036d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5ed8f8e3c4e59d0396b9ccf2e639711e24295bb6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/69534c48ba8ce552ce383b3dfdb271ffe51820c3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a21d2f323b5a978dedf9ff1d50f101f85e39b3f2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b560d670c87d7d40b3cf6949246fa4c7aa65a00a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e14dca613e0a6ddc2bf6e360f16936a9f865205b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e7786c445bb67a9a6e64f66ebd6b7215b153ff7d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-87XH-9Q6H-R5CC
Vulnerability from github – Published: 2022-01-06 22:00 – Updated: 2022-01-07 16:08An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "rusqlite"
},
"ranges": [
{
"events": [
{
"introduced": "0.25.0"
},
{
"fixed": "0.25.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "rusqlite"
},
"ranges": [
{
"events": [
{
"introduced": "0.26.0"
},
{
"fixed": "0.26.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-45715"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-05T21:10:30Z",
"nvd_published_at": "2021-12-26T22:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free.",
"id": "GHSA-87xh-9q6h-r5cc",
"modified": "2022-01-07T16:08:56Z",
"published": "2022-01-06T22:00:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45715"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/issues/1048"
},
{
"type": "PACKAGE",
"url": "https://github.com/rusqlite/rusqlite"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/rusqlite/RUSTSEC-2021-0128.md"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0128.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Use After Free in rusqlite"
}
GHSA-87XR-WMM8-4MX3
Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
{
"affected": [],
"aliases": [
"CVE-2017-16939"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-24T10:29:00Z",
"severity": "HIGH"
},
"details": "The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.",
"id": "GHSA-87xr-wmm8-4mx3",
"modified": "2022-05-13T01:44:14Z",
"published": "2022-05-13T01:44:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16939"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8ee709288ecba3e68044df2"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1318"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1355"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1170"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
},
{
"type": "WEB",
"url": "https://blogs.securiteam.com/index.php/archives/3535"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1069702"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4082"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b5e2529a8f5ca8ee709288ecba3e68044df2"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2017/Nov/40"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101954"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-882G-VQHX-XPW2
Vulnerability from github – Published: 2022-12-05 21:30 – Updated: 2022-12-06 21:30Use After Free in GitHub repository vim/vim prior to 9.0.0882.
{
"affected": [],
"aliases": [
"CVE-2022-4292"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-05T19:15:00Z",
"severity": "HIGH"
},
"details": "Use After Free in GitHub repository vim/vim prior to 9.0.0882.",
"id": "GHSA-882g-vqhx-xpw2",
"modified": "2022-12-06T21:30:46Z",
"published": "2022-12-05T21:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4292"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/c3d27ada14acd02db357f2d16347acc22cb17e93"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/da3d4c47-e57a-451e-993d-9df0ed31f57b"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYC22GGZ6QA66HLNLHCTAJU265TT3O33"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230113-0005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-882J-JQ8H-6P6F
Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-12-21 15:30An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c.
{
"affected": [],
"aliases": [
"CVE-2021-33480"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-17T18:15:00Z",
"severity": "MODERATE"
},
"details": "An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c.",
"id": "GHSA-882j-jq8h-6p6f",
"modified": "2022-12-21T15:30:16Z",
"published": "2022-05-24T19:20:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33480"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962854"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-28"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/jocr/bugs/40"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/jocr/bugs/41"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-883R-99MM-WC9G
Vulnerability from github – Published: 2022-02-12 00:01 – Updated: 2022-03-31 00:00{
"affected": [],
"aliases": [
"CVE-2022-0413"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-30T15:15:00Z",
"severity": "HIGH"
},
"details": "Use After Free in Conda vim prior to 8.2.",
"id": "GHSA-883r-99mm-wc9g",
"modified": "2022-03-31T00:00:57Z",
"published": "2022-02-12T00:01:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0413"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-32"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-888P-VVCC-Q364
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
{
"affected": [],
"aliases": [
"CVE-2016-9401"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-23T21:59:00Z",
"severity": "MODERATE"
},
"details": "popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.",
"id": "GHSA-888p-vvcc-q364",
"modified": "2022-05-13T01:16:18Z",
"published": "2022-05-13T01:16:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9401"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1931"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-02"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0725.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/11/17/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/11/17/9"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94398"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.