CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9807 vulnerabilities reference this CWE, most recent first.
GHSA-MVPF-27QC-FJCX
Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-33099"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T18:17:32Z",
"severity": "HIGH"
},
"details": "Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-mvpf-27qc-fjcx",
"modified": "2026-04-14T18:30:42Z",
"published": "2026-04-14T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33099"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33099"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MVQ3-V998-W43F
Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2026-05-12 12:31In the Linux kernel, the following vulnerability has been resolved:
net: gtp: Fix Use-After-Free in gtp_dellink
Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free.
To prevent this, it should be changed to hlist_for_each_entry_safe.
{
"affected": [],
"aliases": [
"CVE-2024-27396"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T15:12:27Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gtp: Fix Use-After-Free in gtp_dellink\n\nSince call_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof gtp_dellink, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe.",
"id": "GHSA-mvq3-v998-w43f",
"modified": "2026-05-12T12:31:46Z",
"published": "2024-05-14T15:32:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27396"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MVWV-CXFC-W333
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Use after free in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.
{
"affected": [],
"aliases": [
"CVE-2026-55000"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T17:17:07Z",
"severity": "MODERATE"
},
"details": "Use after free in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.",
"id": "GHSA-mvwv-cxfc-w333",
"modified": "2026-07-14T18:32:09Z",
"published": "2026-07-14T18:32:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55000"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55000"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MVX7-HP9W-V6MV
Vulnerability from github – Published: 2022-09-10 00:00 – Updated: 2022-09-14 00:00An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.
{
"affected": [],
"aliases": [
"CVE-2022-40307"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-09T05:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.",
"id": "GHSA-mvx7-hp9w-v6mv",
"modified": "2022-09-14T00:00:45Z",
"published": "2022-09-10T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40307"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5257"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MVXW-7652-J4R7
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of button objects. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6266.
{
"affected": [],
"aliases": [
"CVE-2018-14306"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-31T20:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of button objects. By manipulating a document\u0027s elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6266.",
"id": "GHSA-mvxw-7652-j4r7",
"modified": "2022-05-13T01:34:33Z",
"published": "2022-05-13T01:34:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14306"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-766"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MW24-3X3M-JGJ7
Vulnerability from github – Published: 2022-05-17 02:14 – Updated: 2022-05-17 02:14Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263.
{
"affected": [],
"aliases": [
"CVE-2016-6980"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-09-26T17:59:00Z",
"severity": "CRITICAL"
},
"details": "Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263.",
"id": "GHSA-mw24-3x3m-jgj7",
"modified": "2022-05-17T02:14:37Z",
"published": "2022-05-17T02:14:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6980"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-28.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93179"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036793"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MW2H-9MQR-794Q
Vulnerability from github – Published: 2024-04-09 18:30 – Updated: 2024-04-09 18:30Win32k Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-26241"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-09T17:15:45Z",
"severity": "HIGH"
},
"details": "Win32k Elevation of Privilege Vulnerability",
"id": "GHSA-mw2h-9mqr-794q",
"modified": "2024-04-09T18:30:26Z",
"published": "2024-04-09T18:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26241"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26241"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MW2P-R6H9-WR7X
Vulnerability from github – Published: 2024-08-14 15:31 – Updated: 2024-08-14 15:31Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-41831"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-14T15:15:28Z",
"severity": "HIGH"
},
"details": "Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-mw2p-r6h9-wr7x",
"modified": "2024-08-14T15:31:18Z",
"published": "2024-08-14T15:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41831"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MW37-8H7C-93HW
Vulnerability from github – Published: 2024-08-19 18:32 – Updated: 2024-08-19 21:35In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-32927"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-19T17:15:07Z",
"severity": "HIGH"
},
"details": "In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-mw37-8h7c-93hw",
"modified": "2024-08-19T21:35:09Z",
"published": "2024-08-19T18:32:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32927"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2024-08-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MW5R-3VX4-H9CP
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.
{
"affected": [],
"aliases": [
"CVE-2021-32613"
],
"database_specific": {
"cwe_ids": [
"CWE-415",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-14T13:15:00Z",
"severity": "MODERATE"
},
"details": "In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.",
"id": "GHSA-mw5r-3vx4-h9cp",
"modified": "2022-05-24T19:02:27Z",
"published": "2022-05-24T19:02:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32613"
},
{
"type": "WEB",
"url": "https://github.com/radareorg/radare2/issues/18666"
},
{
"type": "WEB",
"url": "https://github.com/radareorg/radare2/issues/18667"
},
{
"type": "WEB",
"url": "https://github.com/radareorg/radare2/issues/18679"
},
{
"type": "WEB",
"url": "https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05"
},
{
"type": "WEB",
"url": "https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959939"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W3LPB5VGCIA7WA55FSB3YZQFUGZKWD7O"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3S7JB46PONPHXZHIMR2XDPLGJCN5ZIX"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.