CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-Q2H2-9XQM-XCC7
Vulnerability from github – Published: 2023-02-02 00:30 – Updated: 2024-03-25 03:31The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.
{
"affected": [],
"aliases": [
"CVE-2023-25012"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-02T00:15:00Z",
"severity": "MODERATE"
},
"details": "The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.",
"id": "GHSA-q2h2-9xqm-xcc7",
"modified": "2024-03-25T03:31:43Z",
"published": "2023-02-02T00:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25012"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1207560"
},
{
"type": "WEB",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=27d2a2fd844ec7da70d19fabb482304fd1e0595b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=76ca8da989c7d97a7f76c75d475fe95a584439d7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9fefb6201c4f8dd9f58c581b2a66e5cde2895ea2"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dcef16%40diag.uniroma1.it"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dcef16@diag.uniroma1.it"
},
{
"type": "WEB",
"url": "https://seclists.org/oss-sec/2023/q1/53"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/02/02/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/11/05/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q2HP-PXG7-67RR
Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
{
"affected": [],
"aliases": [
"CVE-2019-16464"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-19T16:16:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",
"id": "GHSA-q2hp-pxg7-67rr",
"modified": "2022-05-24T17:04:43Z",
"published": "2022-05-24T17:04:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16464"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-55.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-Q2M5-77H9-P5JR
Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving floating styles.
{
"affected": [],
"aliases": [
"CVE-2011-2790"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-08-03T00:55:00Z",
"severity": "MODERATE"
},
"details": "Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving floating styles.",
"id": "GHSA-q2m5-77h9-p5jr",
"modified": "2022-05-13T01:26:28Z",
"published": "2022-05-13T01:26:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2790"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68952"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14078"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=86502"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/74240"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4981"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4999"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5000"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-Q2M9-J68Q-X65J
Vulnerability from github – Published: 2024-05-01 15:30 – Updated: 2024-12-23 21:30In the Linux kernel, the following vulnerability has been resolved:
media: edia: dvbdev: fix a use-after-free
In dvb_register_device, pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, pdvbdev is not set to NULL after dvbdev's deallocation, causing use-after-frees in many places, for example, in the following call chain:
budget_register |-> dvb_dmxdev_init |-> dvb_register_device |-> dvb_dmxdev_release |-> dvb_unregister_device |-> dvb_remove_device |-> dvb_device_put |-> kref_put
When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in dvb_register_device) could point to memory that had been freed in dvb_register_device. Thereafter, this pointer is transferred to kref_put and triggering a use-after-free.
{
"affected": [],
"aliases": [
"CVE-2024-27043"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T13:15:49Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: edia: dvbdev: fix a use-after-free\n\nIn dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed\nin several error-handling paths. However, *pdvbdev is not set to NULL\nafter dvbdev\u0027s deallocation, causing use-after-frees in many places,\nfor example, in the following call chain:\n\nbudget_register\n |-\u003e dvb_dmxdev_init\n |-\u003e dvb_register_device\n |-\u003e dvb_dmxdev_release\n |-\u003e dvb_unregister_device\n |-\u003e dvb_remove_device\n |-\u003e dvb_device_put\n |-\u003e kref_put\n\nWhen calling dvb_unregister_device, dmxdev-\u003edvbdev (i.e. *pdvbdev in\ndvb_register_device) could point to memory that had been freed in\ndvb_register_device. Thereafter, this pointer is transferred to\nkref_put and triggering a use-after-free.",
"id": "GHSA-q2m9-j68q-x65j",
"modified": "2024-12-23T21:30:50Z",
"published": "2024-05-01T15:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27043"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/096237039d00c839f3e3a5fe6d001bf0db45b644"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0d3fe80b6d175c220b3e252efc6c6777e700e98e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/35674111a043b0482a9bc69da8850a83f465b07d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/437a111f79a2f5b2a5f21e27fdec6f40c8768712"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/779e8db7efb22316c8581d6c229636d2f5694a62"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8c64f4cdf4e6cc5682c52523713af8c39c94e6d5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b7586e902128e4fb7bfbb661cb52e4215a65637b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d0f5c28333822f9baa5280d813124920720fd856"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f20c3270f3ed5aa6919a87e4de9bf6c05fb57086"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q2P4-QWRR-RMWF
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2018-3942"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-08T16:29:00Z",
"severity": "HIGH"
},
"details": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software\u0027s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability.",
"id": "GHSA-q2p4-qwrr-rmwf",
"modified": "2022-05-13T01:01:54Z",
"published": "2022-05-13T01:01:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3942"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0609"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041769"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q2QW-486M-J3C6
Vulnerability from github – Published: 2024-03-11 18:31 – Updated: 2024-12-12 15:31In the Linux kernel, the following vulnerability has been resolved:
riscv: Fix module loading free order
Reverse order of kfree calls to resolve use-after-free error.
{
"affected": [],
"aliases": [
"CVE-2024-26619"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-11T18:15:19Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix module loading free order\n\nReverse order of kfree calls to resolve use-after-free error.",
"id": "GHSA-q2qw-486m-j3c6",
"modified": "2024-12-12T15:31:05Z",
"published": "2024-03-11T18:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26619"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2fa79badf4bfeffda6b5032cf62b828486ec9a99"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/78996eee79ebdfe8b6f0e54cb6dcc792d5129291"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q2R6-4P8P-594Q
Vulnerability from github – Published: 2025-02-27 21:32 – Updated: 2025-02-27 21:32In the Linux kernel, the following vulnerability has been resolved:
media: pci: cx23885: Fix the error handling in cx23885_initdev()
When the driver fails to call the dma_set_mask(), the driver will get the following splat:
[ 55.853884] BUG: KASAN: use-after-free in __process_removed_driver+0x3c/0x240 [ 55.854486] Read of size 8 at addr ffff88810de60408 by task modprobe/590 [ 55.856822] Call Trace: [ 55.860327] __process_removed_driver+0x3c/0x240 [ 55.861347] bus_for_each_dev+0x102/0x160 [ 55.861681] i2c_del_driver+0x2f/0x50
This is because the driver has initialized the i2c related resources in cx23885_dev_setup() but not released them in error handling, fix this bug by modifying the error path that jumps after failing to call the dma_set_mask().
{
"affected": [],
"aliases": [
"CVE-2022-49524"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:28Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: cx23885: Fix the error handling in cx23885_initdev()\n\nWhen the driver fails to call the dma_set_mask(), the driver will get\nthe following splat:\n\n[ 55.853884] BUG: KASAN: use-after-free in __process_removed_driver+0x3c/0x240\n[ 55.854486] Read of size 8 at addr ffff88810de60408 by task modprobe/590\n[ 55.856822] Call Trace:\n[ 55.860327] __process_removed_driver+0x3c/0x240\n[ 55.861347] bus_for_each_dev+0x102/0x160\n[ 55.861681] i2c_del_driver+0x2f/0x50\n\nThis is because the driver has initialized the i2c related resources\nin cx23885_dev_setup() but not released them in error handling, fix this\nbug by modifying the error path that jumps after failing to call the\ndma_set_mask().",
"id": "GHSA-q2r6-4p8p-594q",
"modified": "2025-02-27T21:32:14Z",
"published": "2025-02-27T21:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49524"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/453514a874c78df1e7804e6e3aaa60c8d8deb6a8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6041d1a0365baa729b6adfb6ed5386d9388018db"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7b9978e1c94e569d65a0e7e719abb9340f5db4a0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/86bd6a579c6c60547706cabf299cd2c9feab3332"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/98106f100f50c487469903b9cf6d966785fc9cc3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca17e7a532d1a55466cc007b3f4d319541a27493"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e8123311cf06d7dae71e8c5fe78e0510d20cd30b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fa636e9ee4442215cd9a2e079cd5a8e1fe0cb8ba"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q2V7-8374-Q2M6
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:48Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
{
"affected": [],
"aliases": [
"CVE-2019-7072"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-24T19:29:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",
"id": "GHSA-q2v7-8374-q2m6",
"modified": "2024-04-04T00:48:25Z",
"published": "2022-05-24T16:46:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7072"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-215"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q2VM-C2RH-9GWX
Vulnerability from github – Published: 2026-04-29 00:30 – Updated: 2026-04-29 21:31Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-7357"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-28T23:16:23Z",
"severity": "HIGH"
},
"details": "Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-q2vm-c2rh-9gwx",
"modified": "2026-04-29T21:31:25Z",
"published": "2026-04-29T00:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7357"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/497047552"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q2X5-6Q7Q-R872
Vulnerability from github – Published: 2022-01-06 22:10 – Updated: 2022-01-07 17:52An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "tremor-script"
},
"ranges": [
{
"events": [
{
"introduced": "0.7.2"
},
{
"fixed": "0.11.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-45701"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-06T13:27:33Z",
"nvd_published_at": "2021-12-27T00:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free.",
"id": "GHSA-q2x5-6q7q-r872",
"modified": "2022-01-07T17:52:38Z",
"published": "2022-01-06T22:10:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45701"
},
{
"type": "WEB",
"url": "https://github.com/tremor-rs/tremor-runtime/pull/1217"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tremor-script/RUSTSEC-2021-0111.md"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0111.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Use After Free in tremor-script"
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.