CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-9FHM-36WM-RPW2
Vulnerability from github – Published: 2022-01-28 00:01 – Updated: 2022-02-03 00:00Jsish v3.5.0 was discovered to contain a heap-use-after-free via DeleteTreeValue in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS).
{
"affected": [],
"aliases": [
"CVE-2021-46495"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-27T21:15:00Z",
"severity": "MODERATE"
},
"details": "Jsish v3.5.0 was discovered to contain a heap-use-after-free via DeleteTreeValue in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS).",
"id": "GHSA-9fhm-36wm-rpw2",
"modified": "2022-02-03T00:00:33Z",
"published": "2022-01-28T00:01:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46495"
},
{
"type": "WEB",
"url": "https://github.com/pcmacdon/jsish/issues/82"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9FPR-G62F-647W
Vulnerability from github – Published: 2024-06-19 15:30 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix possible use-after-free issue in ftrace_location()
KASAN reports a bug:
BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace: dump_stack_lvl+0x68/0xa0 print_report+0xcf/0x610 kasan_report+0xb5/0xe0 ftrace_location+0x90/0x120 register_kprobe+0x14b/0xa40 kprobe_init+0x2d/0xff0 [kprobe_example] do_one_initcall+0x8f/0x2d0 do_init_module+0x13a/0x3c0 load_module+0x3082/0x33d0 init_module_from_file+0xd2/0x130 __x64_sys_finit_module+0x306/0x440 do_syscall_64+0x68/0x140 entry_SYSCALL_64_after_hwframe+0x71/0x79
The root cause is that, in lookup_rec(), ftrace record of some address is being searched in ftrace pages of some module, but those ftrace pages at the same time is being freed in ftrace_release_mod() as the corresponding module is being deleted:
CPU1 | CPU2
register_kprobes() { | delete_module() { check_kprobe_address_safe() { | arch_check_ftrace_location() { | ftrace_location() { | lookup_rec() // USE! | ftrace_release_mod() // Free!
To fix this issue: 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range(); 2. Use ftrace_location_range() instead of lookup_rec() in ftrace_location(); 3. Call synchronize_rcu() before freeing any ftrace pages both in ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem().
{
"affected": [],
"aliases": [
"CVE-2024-38588"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-19T14:15:18Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix possible use-after-free issue in ftrace_location()\n\nKASAN reports a bug:\n\n BUG: KASAN: use-after-free in ftrace_location+0x90/0x120\n Read of size 8 at addr ffff888141d40010 by task insmod/424\n CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+\n [...]\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0xa0\n print_report+0xcf/0x610\n kasan_report+0xb5/0xe0\n ftrace_location+0x90/0x120\n register_kprobe+0x14b/0xa40\n kprobe_init+0x2d/0xff0 [kprobe_example]\n do_one_initcall+0x8f/0x2d0\n do_init_module+0x13a/0x3c0\n load_module+0x3082/0x33d0\n init_module_from_file+0xd2/0x130\n __x64_sys_finit_module+0x306/0x440\n do_syscall_64+0x68/0x140\n entry_SYSCALL_64_after_hwframe+0x71/0x79\n\nThe root cause is that, in lookup_rec(), ftrace record of some address\nis being searched in ftrace pages of some module, but those ftrace pages\nat the same time is being freed in ftrace_release_mod() as the\ncorresponding module is being deleted:\n\n CPU1 | CPU2\n register_kprobes() { | delete_module() {\n check_kprobe_address_safe() { |\n arch_check_ftrace_location() { |\n ftrace_location() { |\n lookup_rec() // USE! | ftrace_release_mod() // Free!\n\nTo fix this issue:\n 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range();\n 2. Use ftrace_location_range() instead of lookup_rec() in\n ftrace_location();\n 3. Call synchronize_rcu() before freeing any ftrace pages both in\n ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem().",
"id": "GHSA-9fpr-g62f-647w",
"modified": "2025-11-03T21:31:09Z",
"published": "2024-06-19T15:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38588"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1880a324af1c95940a7c954b6b937e86844a33bd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/31310e373f4c8c74e029d4326b283e757edabc0b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/66df065b3106964e667b37bf8f7e55ec69d0c1f6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7b4881da5b19f65709f5c18c1a4d8caa2e496461"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8ea8ef5e42173560ac510e92a1cc797ffeea8831"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dbff5f0bfb2416b8b55c105ddbcd4f885e98fada"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e60b613df8b6253def41215402f72986fee3fc8d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eea46baf145150910ba134f75a67106ba2222c1b"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9FR9-7289-F54P
Vulnerability from github – Published: 2022-05-14 03:54 – Updated: 2025-04-20 03:30Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2017-2932"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-11T04:59:00Z",
"severity": "CRITICAL"
},
"details": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution.",
"id": "GHSA-9fr9-7289-f54p",
"modified": "2025-04-20T03:30:53Z",
"published": "2022-05-14T03:54:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2932"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201702-20"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/41609"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0057.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95342"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037570"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9FRG-3876-Q98G
Vulnerability from github – Published: 2025-10-31 15:30 – Updated: 2025-10-31 21:31Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.
{
"affected": [],
"aliases": [
"CVE-2025-57108"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-31T15:15:42Z",
"severity": "CRITICAL"
},
"details": "Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.",
"id": "GHSA-9frg-3876-q98g",
"modified": "2025-10-31T21:31:01Z",
"published": "2025-10-31T15:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57108"
},
{
"type": "WEB",
"url": "https://gitlab.kitware.com/vtk/vtk/-/issues/19736"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9FVG-5X6H-M5X2
Vulnerability from github – Published: 2025-10-04 09:30 – Updated: 2026-01-23 21:30In the Linux kernel, the following vulnerability has been resolved:
um: virtio_uml: Fix use-after-free after put_device in probe
When register_virtio_device() fails in virtio_uml_probe(), the code sets vu_dev->registered = 1 even though the device was not successfully registered. This can lead to use-after-free or other issues.
{
"affected": [],
"aliases": [
"CVE-2025-39951"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-04T08:15:48Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\num: virtio_uml: Fix use-after-free after put_device in probe\n\nWhen register_virtio_device() fails in virtio_uml_probe(),\nthe code sets vu_dev-\u003eregistered = 1 even though\nthe device was not successfully registered.\nThis can lead to use-after-free or other issues.",
"id": "GHSA-9fvg-5x6h-m5x2",
"modified": "2026-01-23T21:30:36Z",
"published": "2025-10-04T09:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39951"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/00e98b5a69034b251bb36dc6e7123d7648e218e4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/14c231959a16ca41bfdcaede72483362a8c645d7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4f364023ddcfe83f7073b973a9cb98584b7f2a46"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5e94e44c9cb30d7a383d8ac227f24a8c9326b770"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7ebf70cf181651fe3f2e44e95e7e5073d594c9c0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aaf900a83508c8cd5cdf765e7749f9076196ec7f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c2ff91255e0157b356cff115d8dc3eeb5162edf2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9FWQ-22J4-XFWR
Vulnerability from github – Published: 2025-11-07 21:31 – Updated: 2025-11-07 21:31A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes are moved between documents. Due to improper handling of namespace references, a namespace pointer may remain linked to a freed memory region when the original document is destroyed. As a result, subsequent operations that access the namespace can lead to a use-after-free condition, causing an application crash.
{
"affected": [],
"aliases": [
"CVE-2025-12863"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-07T21:15:40Z",
"severity": "HIGH"
},
"details": "A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes are moved between documents. Due to improper handling of namespace references, a namespace pointer may remain linked to a freed memory region when the original document is destroyed. As a result, subsequent operations that access the namespace can lead to a use-after-free condition, causing an application crash.",
"id": "GHSA-9fwq-22j4-xfwr",
"modified": "2025-11-07T21:31:21Z",
"published": "2025-11-07T21:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12863"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-12863"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413323"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9FXX-JG3X-C28J
Vulnerability from github – Published: 2022-10-12 12:00 – Updated: 2022-10-13 12:00In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238177383References: Upstream kernel
{
"affected": [],
"aliases": [
"CVE-2022-20409"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-11T20:15:00Z",
"severity": "MODERATE"
},
"details": "In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238177383References: Upstream kernel",
"id": "GHSA-9fxx-jg3x-c28j",
"modified": "2022-10-13T12:00:26Z",
"published": "2022-10-12T12:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20409"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2ee0cab11f6626071f8a64c7792406dabdd94c8d"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2022-10-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9G2C-GP5G-QCMV
Vulnerability from github – Published: 2025-08-12 18:31 – Updated: 2025-08-12 18:31Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2025-53730"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-12T18:15:42Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.",
"id": "GHSA-9g2c-gp5g-qcmv",
"modified": "2025-08-12T18:31:32Z",
"published": "2025-08-12T18:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53730"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53730"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9G4Q-G489-Q28Q
Vulnerability from github – Published: 2022-10-19 12:00 – Updated: 2022-10-22 12:00Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile
{
"affected": [],
"aliases": [
"CVE-2022-22077"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-19T11:15:00Z",
"severity": "HIGH"
},
"details": "Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile",
"id": "GHSA-9g4q-g489-q28q",
"modified": "2022-10-22T12:00:26Z",
"published": "2022-10-19T12:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22077"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9G56-QQC5-7RW9
Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2024-06-10 18:31Use after free issue in editcap could cause denial of service via crafted capture file
{
"affected": [],
"aliases": [
"CVE-2024-4855"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T15:45:19Z",
"severity": "LOW"
},
"details": "Use after free issue in editcap could cause denial of service via crafted capture file",
"id": "GHSA-9g56-qqc5-7rw9",
"modified": "2024-06-10T18:31:01Z",
"published": "2024-05-14T18:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4855"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19782"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19783"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19784"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66H2BSENPSIALF2WIZF7M3QBVWYBMFGW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MKFJAZDKXGFFQPRDYLX2AANRNMYZZEZ"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2024-08.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.