CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9811 vulnerabilities reference this CWE, most recent first.
GHSA-P63W-3X56-6RXM
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.
{
"affected": [],
"aliases": [
"CVE-2011-3069"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-04-05T22:02:00Z",
"severity": "MODERATE"
},
"details": "Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.",
"id": "GHSA-p63w-3x56-6rxm",
"modified": "2022-05-13T01:27:23Z",
"published": "2022-05-13T01:27:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3069"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74629"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15310"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=117728"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/81039"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48732"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48749"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201204-03.xml"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5400"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5485"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5503"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/52913"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1026892"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-P642-FWHV-JWMJ
Vulnerability from github – Published: 2023-06-28 00:30 – Updated: 2024-04-04 05:13A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
{
"affected": [],
"aliases": [
"CVE-2023-25002"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-27T23:15:09Z",
"severity": "HIGH"
},
"details": "A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.",
"id": "GHSA-p642-fwhv-jwmj",
"modified": "2024-04-04T05:13:38Z",
"published": "2023-06-28T00:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25002"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P64F-V3W3-F3GW
Vulnerability from github – Published: 2024-03-01 00:30 – Updated: 2024-12-10 18:31In the Linux kernel, the following vulnerability has been resolved:
spi: Fix use-after-free with devm_spi_alloc_*
We can't rely on the contents of the devres list during spi_unregister_controller(), as the list is already torn down at the time we perform devres_find() for devm_spi_release_controller. This causes devices registered with devm_spi_alloc_{master,slave}() to be mistakenly identified as legacy, non-devm managed devices and have their reference counters decremented below 0.
------------[ cut here ]------------ WARNING: CPU: 1 PID: 660 at lib/refcount.c:28 refcount_warn_saturate+0x108/0x174 [] (refcount_warn_saturate) from [] (kobject_put+0x90/0x98) [] (kobject_put) from [] (put_device+0x20/0x24) r4:b6700140 [] (put_device) from [] (devm_spi_release_controller+0x3c/0x40) [] (devm_spi_release_controller) from [] (release_nodes+0x84/0xc4) r5:b6700180 r4:b6700100 [] (release_nodes) from [] (devres_release_all+0x5c/0x60) r8:b1638c54 r7:b117ad94 r6:b1638c10 r5:b117ad94 r4:b163dc10 [] (devres_release_all) from [] (__device_release_driver+0x144/0x1ec) r5:b117ad94 r4:b163dc10 [] (__device_release_driver) from [] (device_driver_detach+0x84/0xa0) r9:00000000 r8:00000000 r7:b117ad94 r6:b163dc54 r5:b1638c10 r4:b163dc10 [] (device_driver_detach) from [] (unbind_store+0xe4/0xf8)
Instead, determine the devm allocation state as a flag on the controller which is guaranteed to be stable during cleanup.
{
"affected": [],
"aliases": [
"CVE-2021-46959"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-29T23:15:07Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: Fix use-after-free with devm_spi_alloc_*\n\nWe can\u0027t rely on the contents of the devres list during\nspi_unregister_controller(), as the list is already torn down at the\ntime we perform devres_find() for devm_spi_release_controller. This\ncauses devices registered with devm_spi_alloc_{master,slave}() to be\nmistakenly identified as legacy, non-devm managed devices and have their\nreference counters decremented below 0.\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 660 at lib/refcount.c:28 refcount_warn_saturate+0x108/0x174\n[\u003cb0396f04\u003e] (refcount_warn_saturate) from [\u003cb03c56a4\u003e] (kobject_put+0x90/0x98)\n[\u003cb03c5614\u003e] (kobject_put) from [\u003cb0447b4c\u003e] (put_device+0x20/0x24)\n r4:b6700140\n[\u003cb0447b2c\u003e] (put_device) from [\u003cb07515e8\u003e] (devm_spi_release_controller+0x3c/0x40)\n[\u003cb07515ac\u003e] (devm_spi_release_controller) from [\u003cb045343c\u003e] (release_nodes+0x84/0xc4)\n r5:b6700180 r4:b6700100\n[\u003cb04533b8\u003e] (release_nodes) from [\u003cb0454160\u003e] (devres_release_all+0x5c/0x60)\n r8:b1638c54 r7:b117ad94 r6:b1638c10 r5:b117ad94 r4:b163dc10\n[\u003cb0454104\u003e] (devres_release_all) from [\u003cb044e41c\u003e] (__device_release_driver+0x144/0x1ec)\n r5:b117ad94 r4:b163dc10\n[\u003cb044e2d8\u003e] (__device_release_driver) from [\u003cb044f70c\u003e] (device_driver_detach+0x84/0xa0)\n r9:00000000 r8:00000000 r7:b117ad94 r6:b163dc54 r5:b1638c10 r4:b163dc10\n[\u003cb044f688\u003e] (device_driver_detach) from [\u003cb044d274\u003e] (unbind_store+0xe4/0xf8)\n\nInstead, determine the devm allocation state as a flag on the\ncontroller which is guaranteed to be stable during cleanup.",
"id": "GHSA-p64f-v3w3-f3gw",
"modified": "2024-12-10T18:31:06Z",
"published": "2024-03-01T00:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46959"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/001c8e83646ad3b847b18f6ac55a54367d917d74"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/28a5529068c51cdf0295ab1e11a99a3a909a03e4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/62bb2c7f2411a0045c24831f11ecacfc35610815"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/794aaf01444d4e765e2b067cba01cc69c1c68ed9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8735248ebb918d25427965f0db07939ed0473ec6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8bf96425c90f5c1dcf3b7b9df568019a1d4b8a0e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8e029707f50a82c53172359c686b2536ab54e58c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c7fabe372a9031acd00498bc718ce27c253abfd1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cee78aa24578edac8cf00513dca618c0acc17cd7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P65G-Q79M-939X
Vulnerability from github – Published: 2022-05-04 00:00 – Updated: 2022-05-12 00:01In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399915.
{
"affected": [],
"aliases": [
"CVE-2022-20109"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-03T20:15:00Z",
"severity": "HIGH"
},
"details": "In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399915.",
"id": "GHSA-p65g-q79m-939x",
"modified": "2022-05-12T00:01:46Z",
"published": "2022-05-04T00:00:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20109"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/May-2022"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P665-9X5G-HPFH
Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-05-24 19:01This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12947.
{
"affected": [],
"aliases": [
"CVE-2021-31470"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-07T21:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12947.",
"id": "GHSA-p665-9x5g-hpfh",
"modified": "2022-05-24T19:01:41Z",
"published": "2022-05-24T19:01:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31470"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-527"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-P666-3CC6-G2C6
Vulnerability from github – Published: 2022-05-14 01:22 – Updated: 2022-05-14 01:22exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.
{
"affected": [],
"aliases": [
"CVE-2018-12882"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-26T03:29:00Z",
"severity": "CRITICAL"
},
"details": "exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.",
"id": "GHSA-p666-3cc6-g2c6",
"modified": "2022-05-14T01:22:29Z",
"published": "2022-05-14T01:22:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12882"
},
{
"type": "WEB",
"url": "https://bugs.php.net/bug.php?id=76409"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20181109-0001"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3702-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3702-2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104551"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P66G-2GM8-7HXQ
Vulnerability from github – Published: 2026-04-30 09:30 – Updated: 2026-04-30 15:30SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service
{
"affected": [],
"aliases": [
"CVE-2026-5655"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-30T07:16:38Z",
"severity": "MODERATE"
},
"details": "SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service",
"id": "GHSA-p66g-2gm8-7hxq",
"modified": "2026-04-30T15:30:39Z",
"published": "2026-04-30T09:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5655"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/21112"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21112"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2026-19.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P674-869C-G45Q
Vulnerability from github – Published: 2022-05-24 17:10 – Updated: 2022-05-24 17:10Unhandled paging request is observed due to dereferencing an already freed object because of race condition between sparse free and sparse bind ioctls which access the same physical entry in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8096AU, APQ8098, MDM9607, MSM8909W, MSM8939, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
{
"affected": [],
"aliases": [
"CVE-2019-14072"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-05T09:15:00Z",
"severity": "MODERATE"
},
"details": "Unhandled paging request is observed due to dereferencing an already freed object because of race condition between sparse free and sparse bind ioctls which access the same physical entry in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in APQ8009, APQ8096AU, APQ8098, MDM9607, MSM8909W, MSM8939, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",
"id": "GHSA-p674-869c-g45q",
"modified": "2022-05-24T17:10:13Z",
"published": "2022-05-24T17:10:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14072"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-P67V-3W7G-WJG7
Vulnerability from github – Published: 2026-06-19 16:37 – Updated: 2026-06-19 16:37Summary
Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression could read invalid memory and potentially segfault.
This is only reachable when application code constructs an XPathContext directly and lets the document become unreachable while continuing to use the context. The normal Document#xpath, #css, and related search methods are not affected, and it is not triggerable by malicious document input.
Nokogiri 1.19.4 makes XPathContext keep its source document alive for as long as the context exists.
Only the CRuby implementation is affected. JRuby is not affected.
Severity
The Nokogiri maintainers have evaluated this as low severity. Reaching it requires an unusual API-usage pattern that does not arise during normal use. The application must construct an XML::XPathContext directly and continue using it after allowing its source document to be garbage-collected. Nokogiri 1.19.4 makes this pattern safe with no change to the public API. The context now keeps its source document alive for as long as it exists.
Mitigation
Upgrade to Nokogiri 1.19.4 or later.
As a workaround, ensure the source document remains referenced for as long as any XPathContext created from it is in use. The standard Document#xpath, #css, and related search methods already do this and are unaffected.
Credit
This issue was responsibly reported by Zheng Yu from depthfirst.com.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "nokogiri"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-19T16:37:13Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "### Summary\n\n`Nokogiri::XML::XPathContext` did not keep its source document alive for garbage collection. If an `XPathContext` outlived its document and the document was collected, evaluating an XPath expression could read invalid memory and potentially segfault.\n\nThis is only reachable when application code constructs an `XPathContext` directly and lets the document become unreachable while continuing to use the context. The normal `Document#xpath`, `#css`, and related search methods are not affected, and it is not triggerable by malicious document input.\n\nNokogiri 1.19.4 makes `XPathContext` keep its source document alive for as long as the context exists.\n\nOnly the CRuby implementation is affected. JRuby is not affected.\n\n### Severity\n\nThe Nokogiri maintainers have evaluated this as low severity. Reaching it requires an unusual API-usage pattern that does not arise during normal use. The application must construct an `XML::XPathContext` directly and continue using it after allowing its source document to be garbage-collected. Nokogiri 1.19.4 makes this pattern safe with no change to the public API. The context now keeps its source document alive for as long as it exists.\n\n### Mitigation\n\nUpgrade to Nokogiri 1.19.4 or later.\n\nAs a workaround, ensure the source document remains referenced for as long as any `XPathContext` created from it is in use. The standard `Document#xpath`, `#css`, and related search methods already do this and are unaffected.\n\n### Credit\n\nThis issue was responsibly reported by Zheng Yu from depthfirst.com.",
"id": "GHSA-p67v-3w7g-wjg7",
"modified": "2026-06-19T16:37:13Z",
"published": "2026-06-19T16:37:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-p67v-3w7g-wjg7"
},
{
"type": "PACKAGE",
"url": "https://github.com/sparklemotion/nokogiri"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear",
"type": "CVSS_V4"
}
],
"summary": "Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime"
}
GHSA-P6CR-4F2H-M98V
Vulnerability from github – Published: 2024-03-04 15:31 – Updated: 2025-02-10 21:31Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Midgard GPU Kernel Driver: from r13p0 through r32p0; Bifrost GPU Kernel Driver: from r11p0 through r25p0; Valhall GPU Kernel Driver: from r19p0 through r25p0, from r29p0 through r46p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r46p0.
{
"affected": [],
"aliases": [
"CVE-2023-6241"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-04T13:15:43Z",
"severity": "HIGH"
},
"details": "Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing operations. If the system\u2019s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Midgard GPU Kernel Driver: from r13p0 through r32p0; Bifrost GPU Kernel Driver: from r11p0 through r25p0; Valhall GPU Kernel Driver: from r19p0 through r25p0, from r29p0 through r46p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r46p0.",
"id": "GHSA-p6cr-4f2h-m98v",
"modified": "2025-02-10T21:31:26Z",
"published": "2024-03-04T15:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6241"
},
{
"type": "WEB",
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.