Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-8JRV-MWQQ-496H

Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31
VLAI
Details

Kofax Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21837.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-51612"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T03:16:23Z",
    "severity": "LOW"
  },
  "details": "Kofax Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21837.",
  "id": "GHSA-8jrv-mwqq-496h",
  "modified": "2024-05-03T03:31:08Z",
  "published": "2024-05-03T03:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51612"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1913"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8JV7-234C-5CGQ

Vulnerability from github – Published: 2026-07-06 21:30 – Updated: 2026-07-06 21:30
VLAI
Details

Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59615"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-06T21:16:52Z",
    "severity": "MODERATE"
  },
  "details": "Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization.",
  "id": "GHSA-8jv7-234c-5cgq",
  "modified": "2026-07-06T21:30:41Z",
  "published": "2026-07-06T21:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59615"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8JVF-5894-3CPX

Vulnerability from github – Published: 2022-05-14 01:42 – Updated: 2022-05-14 01:42
VLAI
Details

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and an out-of-bounds access can occur in the DIAG driver.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-11984"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-20T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and an out-of-bounds access can occur in the DIAG driver.",
  "id": "GHSA-8jvf-5894-3cpx",
  "modified": "2022-05-14T01:42:07Z",
  "published": "2022-05-14T01:42:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11984"
    },
    {
      "type": "WEB",
      "url": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8JVX-WQF8-M6PH

Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2025-11-04 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()

We got the following issue in a fuzz test of randomly issuing the restore command:

================================================================== BUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0x609/0xab0 Write of size 4 at addr ffff888109164a80 by task ondemand-04-dae/4962

CPU: 11 PID: 4962 Comm: ondemand-04-dae Not tainted 6.8.0-rc7-dirty #542 Call Trace: kasan_report+0x94/0xc0 cachefiles_ondemand_daemon_read+0x609/0xab0 vfs_read+0x169/0xb50 ksys_read+0xf5/0x1e0

Allocated by task 626: __kmalloc+0x1df/0x4b0 cachefiles_ondemand_send_req+0x24d/0x690 cachefiles_create_tmpfile+0x249/0xb30 cachefiles_create_file+0x6f/0x140 cachefiles_look_up_object+0x29c/0xa60 cachefiles_lookup_cookie+0x37d/0xca0 fscache_cookie_state_machine+0x43c/0x1230 [...]

Freed by task 626: kfree+0xf1/0x2c0 cachefiles_ondemand_send_req+0x568/0x690 cachefiles_create_tmpfile+0x249/0xb30 cachefiles_create_file+0x6f/0x140 cachefiles_look_up_object+0x29c/0xa60 cachefiles_lookup_cookie+0x37d/0xca0 fscache_cookie_state_machine+0x43c/0x1230 [...] ==================================================================

Following is the process that triggers the issue:

 mount  |   daemon_thread1    |    daemon_thread2

cachefiles_ondemand_init_object cachefiles_ondemand_send_req REQ_A = kzalloc(sizeof(*req) + data_len) wait_for_completion(&REQ_A->done)

        cachefiles_daemon_read
         cachefiles_ondemand_daemon_read
          REQ_A = cachefiles_ondemand_select_req
          cachefiles_ondemand_get_fd
          copy_to_user(_buffer, msg, n)
        process_open_req(REQ_A)
                              ------ restore ------
                              cachefiles_ondemand_restore
                              xas_for_each(&xas, req, ULONG_MAX)
                               xas_set_mark(&xas, CACHEFILES_REQ_NEW);

                              cachefiles_daemon_read
                               cachefiles_ondemand_daemon_read
                                REQ_A = cachefiles_ondemand_select_req

         write(devfd, ("copen %u,%llu", msg->msg_id, size));
         cachefiles_ondemand_copen
          xa_erase(&cache->reqs, id)
          complete(&REQ_A->done)

kfree(REQ_A) cachefiles_ondemand_get_fd(REQ_A) fd = get_unused_fd_flags file = anon_inode_getfile fd_install(fd, file) load = (void *)REQ_A->msg.data; load->fd = fd; // load UAF !!!

This issue is caused by issuing a restore command when the daemon is still alive, which results in a request being processed multiple times thus triggering a UAF. So to avoid this problem, add an additional reference count to cachefiles_req, which is held while waiting and reading, and then released when the waiting and reading is over.

Note that since there is only one reference count for waiting, we need to avoid the same request being completed multiple times, so we can only complete the request if it is successfully removed from the xarray.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-40899"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-12T13:15:13Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()\n\nWe got the following issue in a fuzz test of randomly issuing the restore\ncommand:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0x609/0xab0\nWrite of size 4 at addr ffff888109164a80 by task ondemand-04-dae/4962\n\nCPU: 11 PID: 4962 Comm: ondemand-04-dae Not tainted 6.8.0-rc7-dirty #542\nCall Trace:\n kasan_report+0x94/0xc0\n cachefiles_ondemand_daemon_read+0x609/0xab0\n vfs_read+0x169/0xb50\n ksys_read+0xf5/0x1e0\n\nAllocated by task 626:\n __kmalloc+0x1df/0x4b0\n cachefiles_ondemand_send_req+0x24d/0x690\n cachefiles_create_tmpfile+0x249/0xb30\n cachefiles_create_file+0x6f/0x140\n cachefiles_look_up_object+0x29c/0xa60\n cachefiles_lookup_cookie+0x37d/0xca0\n fscache_cookie_state_machine+0x43c/0x1230\n [...]\n\nFreed by task 626:\n kfree+0xf1/0x2c0\n cachefiles_ondemand_send_req+0x568/0x690\n cachefiles_create_tmpfile+0x249/0xb30\n cachefiles_create_file+0x6f/0x140\n cachefiles_look_up_object+0x29c/0xa60\n cachefiles_lookup_cookie+0x37d/0xca0\n fscache_cookie_state_machine+0x43c/0x1230\n [...]\n==================================================================\n\nFollowing is the process that triggers the issue:\n\n     mount  |   daemon_thread1    |    daemon_thread2\n------------------------------------------------------------\n cachefiles_ondemand_init_object\n  cachefiles_ondemand_send_req\n   REQ_A = kzalloc(sizeof(*req) + data_len)\n   wait_for_completion(\u0026REQ_A-\u003edone)\n\n            cachefiles_daemon_read\n             cachefiles_ondemand_daemon_read\n              REQ_A = cachefiles_ondemand_select_req\n              cachefiles_ondemand_get_fd\n              copy_to_user(_buffer, msg, n)\n            process_open_req(REQ_A)\n                                  ------ restore ------\n                                  cachefiles_ondemand_restore\n                                  xas_for_each(\u0026xas, req, ULONG_MAX)\n                                   xas_set_mark(\u0026xas, CACHEFILES_REQ_NEW);\n\n                                  cachefiles_daemon_read\n                                   cachefiles_ondemand_daemon_read\n                                    REQ_A = cachefiles_ondemand_select_req\n\n             write(devfd, (\"copen %u,%llu\", msg-\u003emsg_id, size));\n             cachefiles_ondemand_copen\n              xa_erase(\u0026cache-\u003ereqs, id)\n              complete(\u0026REQ_A-\u003edone)\n   kfree(REQ_A)\n                                    cachefiles_ondemand_get_fd(REQ_A)\n                                     fd = get_unused_fd_flags\n                                     file = anon_inode_getfile\n                                     fd_install(fd, file)\n                                     load = (void *)REQ_A-\u003emsg.data;\n                                     load-\u003efd = fd;\n                                     // load UAF !!!\n\nThis issue is caused by issuing a restore command when the daemon is still\nalive, which results in a request being processed multiple times thus\ntriggering a UAF. So to avoid this problem, add an additional reference\ncount to cachefiles_req, which is held while waiting and reading, and then\nreleased when the waiting and reading is over.\n\nNote that since there is only one reference count for waiting, we need to\navoid the same request being completed multiple times, so we can only\ncomplete the request if it is successfully removed from the xarray.",
  "id": "GHSA-8jvx-wqf8-m6ph",
  "modified": "2025-11-04T00:30:52Z",
  "published": "2024-07-12T15:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40899"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1d902d9a3aa4f2a8bda698294e34be788be012fc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/99e9c5bd27ddefa0f9db88625bf5e31c1e833d62"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a6de82765e12fb1201ab607f0d3ffe3309b30fc0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/de3e26f9e5b76fc628077578c001c4a51bf54d06"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8JWH-WC3J-3XMQ

Vulnerability from github – Published: 2022-05-14 02:21 – Updated: 2022-05-14 02:21
VLAI
Details

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Successful exploitation could lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-7877"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-15T06:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-8jwh-wc3j-3xmq",
  "modified": "2022-05-14T02:21:47Z",
  "published": "2022-05-14T02:21:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7877"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201701-17"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2947.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94873"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037442"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8JXM-PHRP-W2J4

Vulnerability from github – Published: 2024-11-19 03:31 – Updated: 2025-11-04 00:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp

ksmbd_user_session_put should be called under smb3_preauth_hash_rsp(). It will avoid freeing session before calling smb3_preauth_hash_rsp().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50283"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-19T02:16:30Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp\n\nksmbd_user_session_put should be called under smb3_preauth_hash_rsp().\nIt will avoid freeing session before calling smb3_preauth_hash_rsp().",
  "id": "GHSA-8jxm-phrp-w2j4",
  "modified": "2025-11-04T00:32:03Z",
  "published": "2024-11-19T03:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50283"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1b6ad475d4ed577d34e0157eb507be00c588bf5c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b8fc56fbca7482c1e5c0e3351c6ae78982e25ada"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c6cdc08c25a868a08068dfc319fa9fce982b8e7f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cb645064e0811053c94e86677f2e58ed29359d62"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f7557bbca40d4ca8bb1c6c940ac6c95078bd0827"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8M24-679C-X8JH

Vulnerability from github – Published: 2024-10-30 00:31 – Updated: 2025-02-03 18:30
VLAI
Details

A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8595"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-29T22:15:07Z",
    "severity": "HIGH"
  },
  "details": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.",
  "id": "GHSA-8m24-679c-x8jh",
  "modified": "2025-02-03T18:30:38Z",
  "published": "2024-10-30T00:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8595"
    },
    {
      "type": "WEB",
      "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
    },
    {
      "type": "WEB",
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8M32-WFR6-3F5W

Vulnerability from github – Published: 2025-09-22 21:30 – Updated: 2025-09-22 21:30
VLAI
Details

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-25177"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-22T10:15:36Z",
    "severity": "MODERATE"
  },
  "details": "Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.",
  "id": "GHSA-8m32-wfr6-3f5w",
  "modified": "2025-09-22T21:30:20Z",
  "published": "2025-09-22T21:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25177"
    },
    {
      "type": "WEB",
      "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8M3C-93M2-83H7

Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2023-01-09 18:30
VLAI
Details

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-9893"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-16T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.",
  "id": "GHSA-8m3c-93m2-83h7",
  "modified": "2023-01-09T18:30:25Z",
  "published": "2022-05-24T17:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9893"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211288"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211290"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211291"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211292"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211293"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211294"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211295"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8M42-PWWF-CC8J

Vulnerability from github – Published: 2023-05-08 21:31 – Updated: 2024-04-04 03:52
VLAI
Details

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2513"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-08T21:15:11Z",
    "severity": "MODERATE"
  },
  "details": "A use-after-free vulnerability was found in the Linux kernel\u0027s ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.",
  "id": "GHSA-8m42-pwwf-cc8j",
  "modified": "2024-04-04T03:52:51Z",
  "published": "2023-05-08T21:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2513"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/67d7d8ad99be"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2193097"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/all/20220616021358.2504451-1-libaokun1%40huawei.com"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/all/20220616021358.2504451-1-libaokun1@huawei.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.