CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-922C-WMF5-RMHJ
Vulnerability from github – Published: 2023-09-11 15:31 – Updated: 2024-04-04 07:35GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c.
{
"affected": [],
"aliases": [
"CVE-2023-41000"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-11T15:16:02Z",
"severity": "MODERATE"
},
"details": "GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c.",
"id": "GHSA-922c-wmf5-rmhj",
"modified": "2024-04-04T07:35:24Z",
"published": "2023-09-11T15:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41000"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/2550"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-922W-VH7F-4CXH
Vulnerability from github – Published: 2024-11-27 12:31 – Updated: 2024-11-27 12:31There was discovered a use after free bug in browser.c in the es_browser_get_variant function
{
"affected": [],
"aliases": [
"CVE-2024-42326"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-27T12:15:20Z",
"severity": "MODERATE"
},
"details": "There was discovered a use after free bug in browser.c in the es_browser_get_variant function",
"id": "GHSA-922w-vh7f-4cxh",
"modified": "2024-11-27T12:31:54Z",
"published": "2024-11-27T12:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42326"
},
{
"type": "WEB",
"url": "https://support.zabbix.com/browse/ZBX-25622"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-923J-376F-6X65
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Use after free in Windows Internal System User Profile allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-50425"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:17:45Z",
"severity": "HIGH"
},
"details": "Use after free in Windows Internal System User Profile allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-923j-376f-6x65",
"modified": "2026-07-14T18:32:22Z",
"published": "2026-07-14T18:32:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50425"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50425"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-926M-QFG2-2W89
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-05-30 12:30In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_conn: fix potential UAF in create_big_sync
Add hci_conn_valid() check in create_big_sync() to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in create_big_complete() and re-validate the connection under hci_dev_lock() before dereferencing, matching the pattern used by create_le_conn_complete() and create_pa_complete().
Keep the hci_conn object alive across the async boundary by taking a reference via hci_conn_get() when queueing create_big_sync(), and dropping it in the completion callback. The refcount and the lock are complementary: the refcount keeps the object allocated, while hci_dev_lock() serializes hci_conn_hash_del()'s list_del_rcu() on hdev->conn_hash, as required by hci_conn_del().
hci_conn_put() is called outside hci_dev_unlock() so the final put (which resolves to kfree() via bt_link_release) does not run under hdev->lock, though the release path would be safe either way.
Without this, create_big_complete() would unconditionally dereference the conn pointer on error, causing a use-after-free via hci_connect_cfm() and hci_conn_del().
{
"affected": [],
"aliases": [
"CVE-2026-46111"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:26Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: fix potential UAF in create_big_sync\n\nAdd hci_conn_valid() check in create_big_sync() to detect stale\nconnections before proceeding with BIG creation. Handle the\nresulting -ECANCELED in create_big_complete() and re-validate the\nconnection under hci_dev_lock() before dereferencing, matching the\npattern used by create_le_conn_complete() and create_pa_complete().\n\nKeep the hci_conn object alive across the async boundary by taking\na reference via hci_conn_get() when queueing create_big_sync(), and\ndropping it in the completion callback. The refcount and the lock\nare complementary: the refcount keeps the object allocated, while\nhci_dev_lock() serializes hci_conn_hash_del()\u0027s list_del_rcu() on\nhdev-\u003econn_hash, as required by hci_conn_del().\n\nhci_conn_put() is called outside hci_dev_unlock() so the final put\n(which resolves to kfree() via bt_link_release) does not run under\nhdev-\u003elock, though the release path would be safe either way.\n\nWithout this, create_big_complete() would unconditionally\ndereference the conn pointer on error, causing a use-after-free\nvia hci_connect_cfm() and hci_conn_del().",
"id": "GHSA-926m-qfg2-2w89",
"modified": "2026-05-30T12:30:25Z",
"published": "2026-05-28T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46111"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0beddb0c380bed5f5b8e61ddbe14635bb73d0b41"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1750a2df0eab61dc421a7afae74abdd239a44b85"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6823f730bf195fc296d9edd09e2ca94bc1ff5584"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dc34f8d8240f25dd137dc2758ebbcc75e3779142"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f8eaf92c57ad99358dd372580d5ff87623343a72"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-92C9-MCJW-QRH5
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportAsFDF function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6332.
{
"affected": [],
"aliases": [
"CVE-2018-14312"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-31T20:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportAsFDF function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6332.",
"id": "GHSA-92c9-mcjw-qrh5",
"modified": "2022-05-13T01:34:33Z",
"published": "2022-05-13T01:34:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14312"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-772"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-92CX-4XM7-JR9M
Vulnerability from github – Published: 2022-01-06 22:02 – Updated: 2022-01-07 16:09An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_scalar_function has a use-after-free.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "rusqlite"
},
"ranges": [
{
"events": [
{
"introduced": "0.25.0"
},
{
"fixed": "0.25.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "rusqlite"
},
"ranges": [
{
"events": [
{
"introduced": "0.26.0"
},
{
"fixed": "0.26.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-45713"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-05T21:05:16Z",
"nvd_published_at": "2021-12-26T22:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_scalar_function has a use-after-free.",
"id": "GHSA-92cx-4xm7-jr9m",
"modified": "2022-01-07T16:09:58Z",
"published": "2022-01-06T22:02:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45713"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/issues/1048"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/pull/1049"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/commit/30f8c8c502675011603c4d066396bf317fd49e71"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/commit/612158507e90f41d409cd0fa80eb21c992b1bc08"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/commit/934e0c709e156753881da98b32e9853f9ffe4a1b"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/commit/f4f95f8caf9fd53bffd0c19530be2484c644cc16"
},
{
"type": "PACKAGE",
"url": "https://github.com/rusqlite/rusqlite"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/rusqlite/RUSTSEC-2021-0128.md"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0128.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Use After Free in rusqlite"
}
GHSA-92CX-CG65-38VH
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-21 00:30In the Linux kernel, the following vulnerability has been resolved:
ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
Syzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. The problem was in incorrect htc_handle->drv_priv initialization.
Probable call trace which can trigger use-after-free:
ath9k_htc_probe_device() / htc_handle->drv_priv = priv; / ath9k_htc_wait_for_target() <--- Failed ieee80211_free_hw() <--- priv pointer is freed
... ath9k_hif_usb_rx_cb() ath9k_hif_usb_rx_stream() RX_STAT_INC() <--- htc_handle->drv_priv access
In order to not add fancy protection for drv_priv we can move htc_handle->drv_priv initialization at the end of the ath9k_htc_probe_device() and add helper macro to make all STAT macros NULL safe, since syzbot has reported related NULL deref in that macros [1]
{
"affected": [],
"aliases": [
"CVE-2022-50179"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:48Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nath9k: fix use-after-free in ath9k_hif_usb_rx_cb\n\nSyzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. The\nproblem was in incorrect htc_handle-\u003edrv_priv initialization.\n\nProbable call trace which can trigger use-after-free:\n\nath9k_htc_probe_device()\n /* htc_handle-\u003edrv_priv = priv; */\n ath9k_htc_wait_for_target() \u003c--- Failed\n ieee80211_free_hw()\t\t \u003c--- priv pointer is freed\n\n\u003cIRQ\u003e\n...\nath9k_hif_usb_rx_cb()\n ath9k_hif_usb_rx_stream()\n RX_STAT_INC()\t\t\u003c--- htc_handle-\u003edrv_priv access\n\nIn order to not add fancy protection for drv_priv we can move\nhtc_handle-\u003edrv_priv initialization at the end of the\nath9k_htc_probe_device() and add helper macro to make\nall *_STAT_* macros NULL safe, since syzbot has reported related NULL\nderef in that macros [1]",
"id": "GHSA-92cx-cg65-38vh",
"modified": "2025-11-21T00:30:18Z",
"published": "2025-06-18T12:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50179"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/03ca957c5f7b55660957eda20b5db4110319ac7a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0ac4827f78c7ffe8eef074bc010e7e34bc22f533"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/62bc1ea5c7401d77eaf73d0c6a15f3d2e742856e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6b14ab47937ba441e75e8dbb9fbfc9c55efa41c6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ab7a0ddf5f1cdec63cb21840369873806fc36d80"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b66ebac40f64336ae2d053883bee85261060bd27"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e9e21206b8ea62220b486310c61277e7ebfe7cec"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eccd7c3e2596b574241a7670b5b53f5322f470e5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-92F7-C7HW-58CR
Vulnerability from github – Published: 2024-02-20 15:31 – Updated: 2024-06-26 00:31netfilter: nft_set_rbtree: skip end interval element from gc
rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active.
{
"affected": [],
"aliases": [
"CVE-2024-26581"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-20T13:15:09Z",
"severity": "HIGH"
},
"details": "netfilter: nft_set_rbtree: skip end interval element from gc\n\nrbtree lazy gc on insert might collect an end interval element that has\nbeen just added in this transactions, skip end interval elements that\nare not yet active.",
"id": "GHSA-92f7-c7hw-58cr",
"modified": "2024-06-26T00:31:34Z",
"published": "2024-02-20T15:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26581"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/10e9cb39313627f2eae4cd70c4b742074e998fd8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1296c110c5a0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1296c110c5a0b45a8fcf58e7d18bc5da61a565cb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2bab493a5624444ec6e648ad0d55a362bcb4c003"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4cee42fcf54fec46b344681e7cc4f234bb22f85a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/60c0c230c6f0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/60c0c230c6f046da536d3df8b39a20b9a9fd6af0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6eb14441f106"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6eb14441f10602fa1cf691da9d685718b68b78a9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b734f7a47aeb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c60d252949caf9aba537525195edae6bbabc35eb"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-92GW-RWM2-JQV6
Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
{
"affected": [],
"aliases": [
"CVE-2018-5009"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-20T19:29:00Z",
"severity": "CRITICAL"
},
"details": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
"id": "GHSA-92gw-rwm2-jqv6",
"modified": "2022-05-14T00:53:19Z",
"published": "2022-05-14T00:53:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5009"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104701"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041250"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-92HV-JCVF-RQG6
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-01 18:31In the Linux kernel, the following vulnerability has been resolved:
ip6_gre: Use cached t->net in ip6erspan_changelink().
After commit 5e72ce3e3980 ("net: ipv6: Use link netns in newlink() of rtnl_link_ops"), ip6erspan_newlink() correctly resolves the per-netns ip6gre hash via link_net. ip6erspan_changelink() was not converted in that series and still uses dev_net(dev), which diverges from the device's creation netns after IFLA_NET_NS_FD migration.
This re-inserts the tunnel into the wrong per-netns hash. The original netns keeps a stale entry. When that netns is later destroyed, ip6gre_exit_rtnl_net() walks the stale entry, producing a slab-use-after-free reported by KASAN, followed by a kernel BUG at net/core/dev.c (LIST_POISON1) in unregister_netdevice_many_notify().
Reachable from an unprivileged user namespace (unshare --user --map-root-user --net).
ip6gre_changelink() earlier in the same file already uses the cached t->net; only ip6erspan_changelink() has the wrong shape.
{
"affected": [],
"aliases": [
"CVE-2026-46120"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:27Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_gre: Use cached t-\u003enet in ip6erspan_changelink().\n\nAfter commit 5e72ce3e3980 (\"net: ipv6: Use link netns in newlink() of\nrtnl_link_ops\"), ip6erspan_newlink() correctly resolves the per-netns\nip6gre hash via link_net. ip6erspan_changelink() was not converted in\nthat series and still uses dev_net(dev), which diverges from the\ndevice\u0027s creation netns after IFLA_NET_NS_FD migration.\n\nThis re-inserts the tunnel into the wrong per-netns hash. The\noriginal netns keeps a stale entry. When that netns is later\ndestroyed, ip6gre_exit_rtnl_net() walks the stale entry, producing a\nslab-use-after-free reported by KASAN, followed by a kernel BUG at\nnet/core/dev.c (LIST_POISON1) in unregister_netdevice_many_notify().\n\nReachable from an unprivileged user namespace (unshare --user\n--map-root-user --net).\n\nip6gre_changelink() earlier in the same file already uses the cached\nt-\u003enet; only ip6erspan_changelink() has the wrong shape.",
"id": "GHSA-92hv-jcvf-rqg6",
"modified": "2026-06-01T18:31:36Z",
"published": "2026-05-28T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46120"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/01b71ff2857d3598337de11e7840a8e3ff21553c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0fcf6731706f73494245a9c0d64f93bebf95bb51"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1d324c2f43f70c965f25c58cc3611c779adbe47e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/311fdd26eb4443d43b909cc67a10f3a5fd1b21b2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7bd0f2b162b426b343a114e1b329f0d8d14fdc6e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cf7fc624329e76c6394653d12353e1d033adea91"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e70cfb40c3a99b232cd42c6a6a10f0d8e039dc82"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eca62bb0569de4d43a4dac06a2092a9d4ca1d702"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.