Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9811 vulnerabilities reference this CWE, most recent first.

GHSA-P63W-3X56-6RXM

Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27
VLAI
Details

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-3069"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-04-05T22:02:00Z",
    "severity": "MODERATE"
  },
  "details": "Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.",
  "id": "GHSA-p63w-3x56-6rxm",
  "modified": "2022-05-13T01:27:23Z",
  "published": "2022-05-13T01:27:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3069"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74629"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15310"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=117728"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/81039"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48732"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48749"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201204-03.xml"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5400"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5485"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5503"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/52913"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1026892"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-P642-FWHV-JWMJ

Vulnerability from github – Published: 2023-06-28 00:30 – Updated: 2024-04-04 05:13
VLAI
Details

A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25002"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-27T23:15:09Z",
    "severity": "HIGH"
  },
  "details": "A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.",
  "id": "GHSA-p642-fwhv-jwmj",
  "modified": "2024-04-04T05:13:38Z",
  "published": "2023-06-28T00:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25002"
    },
    {
      "type": "WEB",
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P64F-V3W3-F3GW

Vulnerability from github – Published: 2024-03-01 00:30 – Updated: 2024-12-10 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

spi: Fix use-after-free with devm_spi_alloc_*

We can't rely on the contents of the devres list during spi_unregister_controller(), as the list is already torn down at the time we perform devres_find() for devm_spi_release_controller. This causes devices registered with devm_spi_alloc_{master,slave}() to be mistakenly identified as legacy, non-devm managed devices and have their reference counters decremented below 0.

------------[ cut here ]------------ WARNING: CPU: 1 PID: 660 at lib/refcount.c:28 refcount_warn_saturate+0x108/0x174 [] (refcount_warn_saturate) from [] (kobject_put+0x90/0x98) [] (kobject_put) from [] (put_device+0x20/0x24) r4:b6700140 [] (put_device) from [] (devm_spi_release_controller+0x3c/0x40) [] (devm_spi_release_controller) from [] (release_nodes+0x84/0xc4) r5:b6700180 r4:b6700100 [] (release_nodes) from [] (devres_release_all+0x5c/0x60) r8:b1638c54 r7:b117ad94 r6:b1638c10 r5:b117ad94 r4:b163dc10 [] (devres_release_all) from [] (__device_release_driver+0x144/0x1ec) r5:b117ad94 r4:b163dc10 [] (__device_release_driver) from [] (device_driver_detach+0x84/0xa0) r9:00000000 r8:00000000 r7:b117ad94 r6:b163dc54 r5:b1638c10 r4:b163dc10 [] (device_driver_detach) from [] (unbind_store+0xe4/0xf8)

Instead, determine the devm allocation state as a flag on the controller which is guaranteed to be stable during cleanup.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46959"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-29T23:15:07Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: Fix use-after-free with devm_spi_alloc_*\n\nWe can\u0027t rely on the contents of the devres list during\nspi_unregister_controller(), as the list is already torn down at the\ntime we perform devres_find() for devm_spi_release_controller. This\ncauses devices registered with devm_spi_alloc_{master,slave}() to be\nmistakenly identified as legacy, non-devm managed devices and have their\nreference counters decremented below 0.\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 660 at lib/refcount.c:28 refcount_warn_saturate+0x108/0x174\n[\u003cb0396f04\u003e] (refcount_warn_saturate) from [\u003cb03c56a4\u003e] (kobject_put+0x90/0x98)\n[\u003cb03c5614\u003e] (kobject_put) from [\u003cb0447b4c\u003e] (put_device+0x20/0x24)\n r4:b6700140\n[\u003cb0447b2c\u003e] (put_device) from [\u003cb07515e8\u003e] (devm_spi_release_controller+0x3c/0x40)\n[\u003cb07515ac\u003e] (devm_spi_release_controller) from [\u003cb045343c\u003e] (release_nodes+0x84/0xc4)\n r5:b6700180 r4:b6700100\n[\u003cb04533b8\u003e] (release_nodes) from [\u003cb0454160\u003e] (devres_release_all+0x5c/0x60)\n r8:b1638c54 r7:b117ad94 r6:b1638c10 r5:b117ad94 r4:b163dc10\n[\u003cb0454104\u003e] (devres_release_all) from [\u003cb044e41c\u003e] (__device_release_driver+0x144/0x1ec)\n r5:b117ad94 r4:b163dc10\n[\u003cb044e2d8\u003e] (__device_release_driver) from [\u003cb044f70c\u003e] (device_driver_detach+0x84/0xa0)\n r9:00000000 r8:00000000 r7:b117ad94 r6:b163dc54 r5:b1638c10 r4:b163dc10\n[\u003cb044f688\u003e] (device_driver_detach) from [\u003cb044d274\u003e] (unbind_store+0xe4/0xf8)\n\nInstead, determine the devm allocation state as a flag on the\ncontroller which is guaranteed to be stable during cleanup.",
  "id": "GHSA-p64f-v3w3-f3gw",
  "modified": "2024-12-10T18:31:06Z",
  "published": "2024-03-01T00:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46959"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/001c8e83646ad3b847b18f6ac55a54367d917d74"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/28a5529068c51cdf0295ab1e11a99a3a909a03e4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/62bb2c7f2411a0045c24831f11ecacfc35610815"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/794aaf01444d4e765e2b067cba01cc69c1c68ed9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8735248ebb918d25427965f0db07939ed0473ec6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8bf96425c90f5c1dcf3b7b9df568019a1d4b8a0e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e029707f50a82c53172359c686b2536ab54e58c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c7fabe372a9031acd00498bc718ce27c253abfd1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cee78aa24578edac8cf00513dca618c0acc17cd7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P65G-Q79M-939X

Vulnerability from github – Published: 2022-05-04 00:00 – Updated: 2022-05-12 00:01
VLAI
Details

In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399915.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20109"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-03T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399915.",
  "id": "GHSA-p65g-q79m-939x",
  "modified": "2022-05-12T00:01:46Z",
  "published": "2022-05-04T00:00:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20109"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/May-2022"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P665-9X5G-HPFH

Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-05-24 19:01
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12947.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31470"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-07T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12947.",
  "id": "GHSA-p665-9x5g-hpfh",
  "modified": "2022-05-24T19:01:41Z",
  "published": "2022-05-24T19:01:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31470"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-527"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-P666-3CC6-G2C6

Vulnerability from github – Published: 2022-05-14 01:22 – Updated: 2022-05-14 01:22
VLAI
Details

exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-12882"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-26T03:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.",
  "id": "GHSA-p666-3cc6-g2c6",
  "modified": "2022-05-14T01:22:29Z",
  "published": "2022-05-14T01:22:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12882"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/bug.php?id=76409"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20181109-0001"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3702-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3702-2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104551"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P66G-2GM8-7HXQ

Vulnerability from github – Published: 2026-04-30 09:30 – Updated: 2026-04-30 15:30
VLAI
Details

SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5655"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-30T07:16:38Z",
    "severity": "MODERATE"
  },
  "details": "SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service",
  "id": "GHSA-p66g-2gm8-7hxq",
  "modified": "2026-04-30T15:30:39Z",
  "published": "2026-04-30T09:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5655"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/issues/21112"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21112"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2026-19.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P674-869C-G45Q

Vulnerability from github – Published: 2022-05-24 17:10 – Updated: 2022-05-24 17:10
VLAI
Details

Unhandled paging request is observed due to dereferencing an already freed object because of race condition between sparse free and sparse bind ioctls which access the same physical entry in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8096AU, APQ8098, MDM9607, MSM8909W, MSM8939, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-14072"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-03-05T09:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Unhandled paging request is observed due to dereferencing an already freed object because of race condition between sparse free and sparse bind ioctls which access the same physical entry in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in APQ8009, APQ8096AU, APQ8098, MDM9607, MSM8909W, MSM8939, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",
  "id": "GHSA-p674-869c-g45q",
  "modified": "2022-05-24T17:10:13Z",
  "published": "2022-05-24T17:10:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14072"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-P67V-3W7G-WJG7

Vulnerability from github – Published: 2026-06-19 16:37 – Updated: 2026-06-19 16:37
VLAI
Summary
Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime
Details

Summary

Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression could read invalid memory and potentially segfault.

This is only reachable when application code constructs an XPathContext directly and lets the document become unreachable while continuing to use the context. The normal Document#xpath, #css, and related search methods are not affected, and it is not triggerable by malicious document input.

Nokogiri 1.19.4 makes XPathContext keep its source document alive for as long as the context exists.

Only the CRuby implementation is affected. JRuby is not affected.

Severity

The Nokogiri maintainers have evaluated this as low severity. Reaching it requires an unusual API-usage pattern that does not arise during normal use. The application must construct an XML::XPathContext directly and continue using it after allowing its source document to be garbage-collected. Nokogiri 1.19.4 makes this pattern safe with no change to the public API. The context now keeps its source document alive for as long as it exists.

Mitigation

Upgrade to Nokogiri 1.19.4 or later.

As a workaround, ensure the source document remains referenced for as long as any XPathContext created from it is in use. The standard Document#xpath, #css, and related search methods already do this and are unaffected.

Credit

This issue was responsibly reported by Zheng Yu from depthfirst.com.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "nokogiri"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.19.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-19T16:37:13Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Summary\n\n`Nokogiri::XML::XPathContext` did not keep its source document alive for garbage collection. If an `XPathContext` outlived its document and the document was collected, evaluating an XPath expression could read invalid memory and potentially segfault.\n\nThis is only reachable when application code constructs an `XPathContext` directly and lets the document become unreachable while continuing to use the context. The normal `Document#xpath`, `#css`, and related search methods are not affected, and it is not triggerable by malicious document input.\n\nNokogiri 1.19.4 makes `XPathContext` keep its source document alive for as long as the context exists.\n\nOnly the CRuby implementation is affected. JRuby is not affected.\n\n### Severity\n\nThe Nokogiri maintainers have evaluated this as low severity. Reaching it requires an unusual API-usage pattern that does not arise during normal use. The application must construct an `XML::XPathContext` directly and continue using it after allowing its source document to be garbage-collected. Nokogiri 1.19.4 makes this pattern safe with no change to the public API. The context now keeps its source document alive for as long as it exists.\n\n### Mitigation\n\nUpgrade to Nokogiri 1.19.4 or later.\n\nAs a workaround, ensure the source document remains referenced for as long as any `XPathContext` created from it is in use. The standard `Document#xpath`, `#css`, and related search methods already do this and are unaffected.\n\n### Credit\n\nThis issue was responsibly reported by Zheng Yu from depthfirst.com.",
  "id": "GHSA-p67v-3w7g-wjg7",
  "modified": "2026-06-19T16:37:13Z",
  "published": "2026-06-19T16:37:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-p67v-3w7g-wjg7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sparklemotion/nokogiri"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime"
}

GHSA-P6CR-4F2H-M98V

Vulnerability from github – Published: 2024-03-04 15:31 – Updated: 2025-02-10 21:31
VLAI
Details

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Midgard GPU Kernel Driver: from r13p0 through r32p0; Bifrost GPU Kernel Driver: from r11p0 through r25p0; Valhall GPU Kernel Driver: from r19p0 through r25p0, from r29p0 through r46p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r46p0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6241"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-04T13:15:43Z",
    "severity": "HIGH"
  },
  "details": "Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing operations. If the system\u2019s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Midgard GPU Kernel Driver: from r13p0 through r32p0; Bifrost GPU Kernel Driver: from r11p0 through r25p0; Valhall GPU Kernel Driver: from r19p0 through r25p0, from r29p0 through r46p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r46p0.",
  "id": "GHSA-p6cr-4f2h-m98v",
  "modified": "2025-02-10T21:31:26Z",
  "published": "2024-03-04T15:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6241"
    },
    {
      "type": "WEB",
      "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.