CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-8M45-P293-9XVP
Vulnerability from github – Published: 2024-06-19 15:30 – Updated: 2024-08-01 21:31In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/mes: fix use-after-free issue
Delete fence fallback timer to fix the ramdom use-after-free issue.
v2: move to amdgpu_mes.c
{
"affected": [],
"aliases": [
"CVE-2024-38581"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-19T14:15:18Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/mes: fix use-after-free issue\n\nDelete fence fallback timer to fix the ramdom\nuse-after-free issue.\n\nv2: move to amdgpu_mes.c",
"id": "GHSA-8m45-p293-9xvp",
"modified": "2024-08-01T21:31:40Z",
"published": "2024-06-19T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38581"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0f98c144c15c8fc0f3176c994bd4e727ef718a5c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/39cfce75168c11421d70b8c0c65f6133edccb82a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/70b1bf6d9edc8692d241f59a65f073aec6d501de"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/948255282074d9367e01908b3f5dcf8c10fc9c3d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8M47-H338-9QFH
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2023-06-12 09:30Use after free can occur due to improper handling of response from firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
{
"affected": [],
"aliases": [
"CVE-2021-1940"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-13T06:15:00Z",
"severity": "HIGH"
},
"details": "Use after free can occur due to improper handling of response from firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"id": "GHSA-8m47-h338-9qfh",
"modified": "2023-06-12T09:30:19Z",
"published": "2022-05-24T19:07:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1940"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/172856/Qualcomm-NPU-Use-After-Free-Information-Leak.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8M8M-PRW4-V58W
Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:32Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24105.
{
"affected": [],
"aliases": [
"CVE-2024-9721"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-22T21:15:25Z",
"severity": "HIGH"
},
"details": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24105.",
"id": "GHSA-8m8m-prw4-v58w",
"modified": "2024-11-22T21:32:20Z",
"published": "2024-11-22T21:32:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9721"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1482"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8MC9-3VV7-XWF3
Vulnerability from github – Published: 2024-09-10 18:30 – Updated: 2024-09-10 18:30Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-38253"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-10T17:15:30Z",
"severity": "HIGH"
},
"details": "Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability",
"id": "GHSA-8mc9-3vv7-xwf3",
"modified": "2024-09-10T18:30:46Z",
"published": "2024-09-10T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38253"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38253"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8MGW-7PFH-QV6C
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Use after free in Windows Kernel Mode Driver allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-58602"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T17:17:12Z",
"severity": "HIGH"
},
"details": "Use after free in Windows Kernel Mode Driver allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-8mgw-7pfh-qv6c",
"modified": "2026-07-14T18:32:11Z",
"published": "2026-07-14T18:32:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58602"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58602"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8MHW-PHFM-55JR
Vulnerability from github – Published: 2022-11-02 12:00 – Updated: 2022-11-02 19:00Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)
{
"affected": [],
"aliases": [
"CVE-2022-3305"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-01T20:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)",
"id": "GHSA-8mhw-phfm-55jr",
"modified": "2022-11-02T19:00:25Z",
"published": "2022-11-02T12:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3305"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1319229"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8MVR-J92P-V42J
Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2021-21138"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-09T14:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file.",
"id": "GHSA-8mvr-j92p-v42j",
"modified": "2022-05-24T17:41:35Z",
"published": "2022-05-24T17:41:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21138"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1122487"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8MW5-FW53-VQ24
Vulnerability from github – Published: 2023-09-11 21:30 – Updated: 2024-04-04 07:35An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934.
{
"affected": [],
"aliases": [
"CVE-2023-39070"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-11T19:15:43Z",
"severity": "HIGH"
},
"details": "An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934.",
"id": "GHSA-8mw5-fw53-vq24",
"modified": "2024-04-04T07:35:54Z",
"published": "2023-09-11T21:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39070"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/cppcheck/discussion/general/thread/fa43fb8ab1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8MX3-669M-HQMF
Vulnerability from github – Published: 2023-03-08 00:30 – Updated: 2023-03-11 03:30Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2023-1213"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-07T22:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-8mx3-669m-hqmf",
"modified": "2023-03-11T03:30:17Z",
"published": "2023-03-08T00:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1213"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1411210"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8P2M-944P-WQ2V
Vulnerability from github – Published: 2024-07-09 21:30 – Updated: 2024-07-11 15:30In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-31339"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-09T21:15:14Z",
"severity": "HIGH"
},
"details": "In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-8p2m-944p-wq2v",
"modified": "2024-07-11T15:30:46Z",
"published": "2024-07-09T21:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31339"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/packages/modules/StatsD/+/795a0da721992432cae20fc9be21bcbce318bf5a"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2024-07-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.