CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-8QH2-VGP4-89X7
Vulnerability from github – Published: 2024-11-19 03:31 – Updated: 2024-11-21 21:33In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()
Since the gang_size check is outside of chunk parsing loop, we need to reset i before we free the chunk data.
Suggested by Ye Zhang (@VAR10CK) of Baidu Security.
{
"affected": [],
"aliases": [
"CVE-2023-52921"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-19T02:15:09Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix possible UAF in amdgpu_cs_pass1()\n\nSince the gang_size check is outside of chunk parsing\nloop, we need to reset i before we free the chunk data.\n\nSuggested by Ye Zhang (@VAR10CK) of Baidu Security.",
"id": "GHSA-8qh2-vgp4-89x7",
"modified": "2024-11-21T21:33:31Z",
"published": "2024-11-19T03:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52921"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/90e065677e0362a777b9db97ea21d43a39211399"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9a2393af1f35d1975204fc00035c64a1c792b278"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e08e9dd09809b16f8f8cee8c466841b33d24ed96"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8QJ8-QF9J-579X
Vulnerability from github – Published: 2024-10-21 15:32 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
block, bfq: fix uaf for accessing waker_bfqq after splitting
After commit 42c306ed7233 ("block, bfq: don't break merge chain in bfq_split_bfqq()"), if the current procress is the last holder of bfqq, the bfqq can be freed after bfq_split_bfqq(). Hence recored the bfqq and then access bfqq->waker_bfqq may trigger UAF. What's more, the waker_bfqq may in the merge chain of bfqq, hence just recored waker_bfqq is still not safe.
Fix the problem by adding a helper bfq_waker_bfqq() to check if bfqq->waker_bfqq is in the merge chain, and current procress is the only holder.
{
"affected": [],
"aliases": [
"CVE-2024-49854"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T13:15:06Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix uaf for accessing waker_bfqq after splitting\n\nAfter commit 42c306ed7233 (\"block, bfq: don\u0027t break merge chain in\nbfq_split_bfqq()\"), if the current procress is the last holder of bfqq,\nthe bfqq can be freed after bfq_split_bfqq(). Hence recored the bfqq and\nthen access bfqq-\u003ewaker_bfqq may trigger UAF. What\u0027s more, the waker_bfqq\nmay in the merge chain of bfqq, hence just recored waker_bfqq is still\nnot safe.\n\nFix the problem by adding a helper bfq_waker_bfqq() to check if\nbfqq-\u003ewaker_bfqq is in the merge chain, and current procress is the only\nholder.",
"id": "GHSA-8qj8-qf9j-579x",
"modified": "2025-11-04T00:31:39Z",
"published": "2024-10-21T15:32:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49854"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0780451f03bf518bc032a7c584de8f92e2d39d7f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b8bda0ff17156cd3f60944527c9d8c9f99f1583"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1ba0403ac6447f2d63914fb760c44a3b19c44eaf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/63a07379fdb6c72450cb05294461c6016b8b7726"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cae58d19121a70329cf971359e2518c93fec04fe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/de0456460f2abf921e356ed2bd8da87a376680bd"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8QJJ-RX3Q-J7F8
Vulnerability from github – Published: 2024-07-30 00:34 – Updated: 2026-04-02 21:31The issue was addressed with improved checks. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8. An attacker may be able to view restricted content from the lock screen.
{
"affected": [],
"aliases": [
"CVE-2024-40829"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-29T23:15:14Z",
"severity": "HIGH"
},
"details": "The issue was addressed with improved checks. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8. An attacker may be able to view restricted content from the lock screen.",
"id": "GHSA-8qjj-rx3q-j7f8",
"modified": "2026-04-02T21:31:53Z",
"published": "2024-07-30T00:34:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40829"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120908"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120909"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120912"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120916"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214116"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214117"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214120"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214124"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214116"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214117"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214120"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214124"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/16"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/17"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/19"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/21"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8QM7-MWCX-34XR
Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2024-04-04 01:22Access to freed memory can happen while reading from diag driver due to use after free issue in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9531, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDM660, SDX20, Snapdragon_High_Med_2016
{
"affected": [],
"aliases": [
"CVE-2019-2263"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-25T17:15:00Z",
"severity": "HIGH"
},
"details": "Access to freed memory can happen while reading from diag driver due to use after free issue in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9531, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDM660, SDX20, Snapdragon_High_Med_2016",
"id": "GHSA-8qm7-mwcx-34xr",
"modified": "2024-04-04T01:22:25Z",
"published": "2022-05-24T16:51:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2263"
},
{
"type": "WEB",
"url": "https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8QQR-FMWM-8JR3
Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2022-05-24 17:38Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2020-16026"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-08T19:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-8qqr-fmwm-8jr3",
"modified": "2022-05-24T17:38:17Z",
"published": "2022-05-24T17:38:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16026"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1139153"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8QRC-CG87-8G3W
Vulnerability from github – Published: 2024-10-21 12:30 – Updated: 2024-10-23 15:31In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()
If bpf_link_prime() fails, bpf_uprobe_multi_link_attach() goes to the error_free label and frees the array of bpf_uprobe's without calling bpf_uprobe_unregister().
This leaks bpf_uprobe->uprobe and worse, this frees bpf_uprobe->consumer without removing it from the uprobe->consumers list.
{
"affected": [],
"aliases": [
"CVE-2024-47675"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T12:15:04Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix use-after-free in bpf_uprobe_multi_link_attach()\n\nIf bpf_link_prime() fails, bpf_uprobe_multi_link_attach() goes to the\nerror_free label and frees the array of bpf_uprobe\u0027s without calling\nbpf_uprobe_unregister().\n\nThis leaks bpf_uprobe-\u003euprobe and worse, this frees bpf_uprobe-\u003econsumer\nwithout removing it from the uprobe-\u003econsumers list.",
"id": "GHSA-8qrc-cg87-8g3w",
"modified": "2024-10-23T15:31:03Z",
"published": "2024-10-21T12:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47675"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5fe6e308abaea082c20fbf2aa5df8e14495622cf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/790c630ab0e7d7aba6d186581d4627c09fce60f3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7c1d782e5afbf7c50ba74ecc4ddc18a05d63e5ee"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cdf27834c3dd5d9abf7eb8e4ee87ee9e307eb25c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8QWR-PFHR-5887
Vulnerability from github – Published: 2026-01-07 12:31 – Updated: 2026-01-07 12:31Memory corruption while performing sensor register read operations.
{
"affected": [],
"aliases": [
"CVE-2025-47336"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-07T12:17:03Z",
"severity": "MODERATE"
},
"details": "Memory corruption while performing sensor register read operations.",
"id": "GHSA-8qwr-pfhr-5887",
"modified": "2026-01-07T12:31:24Z",
"published": "2026-01-07T12:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47336"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8QX3-CQ4J-G455
Vulnerability from github – Published: 2022-06-22 00:00 – Updated: 2022-06-30 00:00A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
{
"affected": [],
"aliases": [
"CVE-2022-27868"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-21T15:15:00Z",
"severity": "HIGH"
},
"details": "A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.",
"id": "GHSA-8qx3-cq4j-g455",
"modified": "2022-06-30T00:00:35Z",
"published": "2022-06-22T00:00:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27868"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8R42-H5PM-2VW2
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2026-02-25 18:31An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.
{
"affected": [],
"aliases": [
"CVE-2021-3347"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-29T17:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.",
"id": "GHSA-8r42-h5pm-2vw2",
"modified": "2026-02-25T18:31:18Z",
"published": "2022-05-24T17:40:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3347"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2021/01/29/3"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2021/01/29/1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210304-0005"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QOBMXDJABYE76RKNBAWA2E4TSSBX7CSJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CXAVDAK4RLAHBHHGEPL73UFXSI6BXQ7Q"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QOBMXDJABYE76RKNBAWA2E4TSSBX7CSJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CXAVDAK4RLAHBHHGEPL73UFXSI6BXQ7Q"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2dac39d93987f7de1e20b3988c8685523247ae2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c64396cc36c6e60704ab06c1fb1c4a46179c9120"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5cade200ab9a2a3be9e7f32a752c8d86b502ec7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6ccc84f917d33312eb2846bd7b567639f585ad6d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34b1a1ce1458f50ef27c54e28eb9b1947012907a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2156ac1934166d6deb6cd0f6ffc4c1076ec63697"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=12bb3f7f1b03d5913b3f9d4236a488aa7774dfe9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04b79c55201f02ffd675e1231d731365e335c307"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/01/29/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/01/29/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/02/01/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8R48-CM72-RR67
Vulnerability from github – Published: 2025-09-16 18:31 – Updated: 2025-12-02 00:31In the Linux kernel, the following vulnerability has been resolved:
rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
If getting an ID or setting up a work queue in rbd_dev_create() fails, use-after-free on rbd_dev->rbd_client, rbd_dev->spec and rbd_dev->opts is triggered in do_rbd_add(). The root cause is that the ownership of these structures is transfered to rbd_dev prematurely and they all end up getting freed when rbd_dev_create() calls rbd_dev_free() prior to returning to do_rbd_add().
Found by Linux Verification Center (linuxtesting.org) with SVACE, an incomplete patch submitted by Natalia Petrova n.petrova@fintech.ru.
{
"affected": [],
"aliases": [
"CVE-2023-53307"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-16T17:15:36Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails\n\nIf getting an ID or setting up a work queue in rbd_dev_create() fails,\nuse-after-free on rbd_dev-\u003erbd_client, rbd_dev-\u003espec and rbd_dev-\u003eopts\nis triggered in do_rbd_add(). The root cause is that the ownership of\nthese structures is transfered to rbd_dev prematurely and they all end\nup getting freed when rbd_dev_create() calls rbd_dev_free() prior to\nreturning to do_rbd_add().\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE, an\nincomplete patch submitted by Natalia Petrova \u003cn.petrova@fintech.ru\u003e.",
"id": "GHSA-8r48-cm72-rr67",
"modified": "2025-12-02T00:31:11Z",
"published": "2025-09-16T18:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53307"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/71da2a151ed1adb0aea4252b16d81b53012e7afd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9787b328c42c13c4f31e7d5042c4e877e9344068"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a73783e4e0c4d1507794da211eeca75498544dff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ae16346078b1189aee934afd872d9f3d0a682c33"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cc8c0dd2984503ed09efa37bcafcef3d3da104e8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e3cbb4d60764295992c95344f2d779439e8b34ce"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7c4d9b133c7a04ca619355574e96b6abf209fba"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/faa7b683e436664fff5648426950718277831348"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.