Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9813 vulnerabilities reference this CWE, most recent first.

GHSA-WM2X-WP62-HMVX

Vulnerability from github – Published: 2022-05-14 03:55 – Updated: 2022-05-14 03:55
VLAI
Details

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, and CVE-2016-6932.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-6931"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-09-14T18:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, and CVE-2016-6932.",
  "id": "GHSA-wm2x-wp62-hmvx",
  "modified": "2022-05-14T03:55:52Z",
  "published": "2022-05-14T03:55:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6931"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201610-10"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-1865.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92927"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036791"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WM48-FXH8-5VF5

Vulnerability from github – Published: 2022-05-17 02:32 – Updated: 2022-05-17 02:32
VLAI
Details

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XFA module, related to the choiceList element. Successful exploitation could lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-3027"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-12T14:59:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XFA module, related to the choiceList element. Successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-wm48-fxh8-5vf5",
  "modified": "2022-05-17T02:32:28Z",
  "published": "2022-05-17T02:32:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3027"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97550"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038228"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WM4C-JGH8-M62G

Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2025-12-23 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()

Do the cache flush of converted pages in svm_register_enc_region() before dropping kvm->lock to fix use-after-free issues where region and/or its array of pages could be freed by a different task, e.g. if userspace has __unregister_enc_region_locked() already queued up for the region.

Note, the "obvious" alternative of using local variables doesn't fully resolve the bug, as region->pages is also dynamically allocated. I.e. the region structure itself would be fine, but region->pages could be freed.

Flushing multiple pages under kvm->lock is unfortunate, but the entire flow is a rare slow path, and the manual flush is only needed on CPUs that lack coherency for encrypted memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35791"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T13:15:58Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Flush pages under kvm-\u003elock to fix UAF in svm_register_enc_region()\n\nDo the cache flush of converted pages in svm_register_enc_region() before\ndropping kvm-\u003elock to fix use-after-free issues where region and/or its\narray of pages could be freed by a different task, e.g. if userspace has\n__unregister_enc_region_locked() already queued up for the region.\n\nNote, the \"obvious\" alternative of using local variables doesn\u0027t fully\nresolve the bug, as region-\u003epages is also dynamically allocated.  I.e. the\nregion structure itself would be fine, but region-\u003epages could be freed.\n\nFlushing multiple pages under kvm-\u003elock is unfortunate, but the entire\nflow is a rare slow path, and the manual flush is only needed on CPUs that\nlack coherency for encrypted memory.",
  "id": "GHSA-wm4c-jgh8-m62g",
  "modified": "2025-12-23T21:30:18Z",
  "published": "2024-05-17T15:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35791"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/12f8e32a5a389a5d58afc67728c76e61beee1ad4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2d13b79640b147bd77c34a5998533b2021a4122d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4868c0ecdb6cfde7c70cf478c46e06bb9c7e5865"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e126b508ed2e616d679d85fca2fbe77bb48bbdd7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f6d53d8a2617dd58c89171a6b9610c470ebda38a"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WM4W-V52H-8QFC

Vulnerability from github – Published: 2022-05-14 01:54 – Updated: 2024-10-21 15:32
VLAI
Details

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-12360"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-18T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
  "id": "GHSA-wm4w-v52h-8qfc",
  "modified": "2024-10-21T15:32:20Z",
  "published": "2022-05-14T01:54:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12360"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-19"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-18"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-17"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-16"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-15"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4244"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4235"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3714-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3705-1"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201811-13"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201810-01"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1459693"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2252"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2251"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2113"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2112"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104555"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041193"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WM5F-4G6V-FM7R

Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2024-10-24 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails

Smatch report warning as follows:

drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn: '&data->list' not removed from list

If ibmpex_find_sensors() fails in ibmpex_register_bmc(), data will be freed, but data->list will not be removed from driver_data.bmc_data, then list traversal may cause UAF.

Fix by removeing it from driver_data.bmc_data before free().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49029"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T20:15:13Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails\n\nSmatch report warning as follows:\n\ndrivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn:\n  \u0027\u0026data-\u003elist\u0027 not removed from list\n\nIf ibmpex_find_sensors() fails in ibmpex_register_bmc(), data will\nbe freed, but data-\u003elist will not be removed from driver_data.bmc_data,\nthen list traversal may cause UAF.\n\nFix by removeing it from driver_data.bmc_data before free().",
  "id": "GHSA-wm5f-4g6v-fm7r",
  "modified": "2024-10-24T18:30:42Z",
  "published": "2024-10-21T21:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49029"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/24b9633f7db7f4809be7053df1d2e117e7c2de10"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/45f6e81863747c0d7bc6a95ec51129900e71467a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/798198273bf86673b970b51acdb35e57f42b3fcb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7b2b67fe1339389e0bf3c37c7a677a004ac0e4e3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/90907cd4d11351ff76c9a447bcb5db0e264c47cd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e2a87785aab0dac190ac89be6a9ba955e2c634f2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e65cfd1f9cd27d9c27ee5cb88128a9f79f25d863"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f2a13196ad41c6c2ab058279dffe6c97292e753a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WM74-7G5X-VQ4X

Vulnerability from github – Published: 2022-03-31 00:00 – Updated: 2022-04-05 00:00
VLAI
Details

Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1154"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-30T12:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.",
  "id": "GHSA-wm74-7g5x-vq4x",
  "modified": "2022-04-05T00:00:37Z",
  "published": "2022-03-31T00:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1154"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-32"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-16"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WM78-9PRW-C5H4

Vulnerability from github – Published: 2023-11-28 00:30 – Updated: 2023-11-30 06:33
VLAI
Details

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-42363"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-27T22:15:07Z",
    "severity": "MODERATE"
  },
  "details": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.",
  "id": "GHSA-wm78-9prw-c5h4",
  "modified": "2023-11-30T06:33:24Z",
  "published": "2023-11-28T00:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42363"
    },
    {
      "type": "WEB",
      "url": "https://bugs.busybox.net/show_bug.cgi?id=15865"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WM87-X2VW-R6CH

Vulnerability from github – Published: 2024-08-26 12:31 – Updated: 2024-08-27 15:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mm: list_lru: fix UAF for memory cgroup

The mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or cgroup_mutex or others which could prevent returned memcg from being freed. Fix it by adding missing rcu read lock.

Found by code inspection.

[songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil] Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43888"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-26T11:15:03Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: list_lru: fix UAF for memory cgroup\n\nThe mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or\ncgroup_mutex or others which could prevent returned memcg from being\nfreed.  Fix it by adding missing rcu read lock.\n\nFound by code inspection.\n\n[songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil]\n  Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com",
  "id": "GHSA-wm87-x2vw-r6ch",
  "modified": "2024-08-27T15:32:43Z",
  "published": "2024-08-26T12:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43888"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4589f77c18dd98b65f45617b6d1e95313cf6fcab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5161b48712dcd08ec427c450399d4d1483e21dea"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WM97-XP23-F4X4

Vulnerability from github – Published: 2025-02-27 03:34 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ndisc: extend RCU protection in ndisc_send_skb()

ndisc_send_skb() can be called without RTNL or RCU held.

Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and avoid a potential UAF.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21760"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-27T03:15:16Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: extend RCU protection in ndisc_send_skb()\n\nndisc_send_skb() can be called without RTNL or RCU held.\n\nAcquire rcu_read_lock() earlier, so that we can use dev_net_rcu()\nand avoid a potential UAF.",
  "id": "GHSA-wm97-xp23-f4x4",
  "modified": "2026-07-14T15:31:18Z",
  "published": "2025-02-27T03:34:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21760"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/04e05112f10354ffc3bb6cc796d553bab161594c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/10a1f3fece2f0d23a3a618b72b2b4e6f408ef7d1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4d576202b90b1b95a7c428a80b536f91b8201bcc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/789230e5a8c1097301afc802e242c79bc8835c67"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a9319d800b5701e7f5e3fa71a5b7c4831fc20d6d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ae38982f521621c216fc2f5182cd091f4734641d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e24d225e4cb8cf108bde00b76594499b98f0a74d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ed6ae1f325d3c43966ec1b62ac1459e2b8e45640"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WMC5-HV62-89G7

Vulnerability from github – Published: 2022-03-30 00:00 – Updated: 2024-05-21 06:30
VLAI
Details

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1055"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-29T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5",
  "id": "GHSA-wmc5-hv62-89g7",
  "modified": "2024-05-21T06:30:50Z",
  "published": "2022-03-30T00:00:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1055"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5"
    },
    {
      "type": "WEB",
      "url": "https://kernel.dance/#04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220506-0007"
    },
    {
      "type": "WEB",
      "url": "https://syzkaller.appspot.com/bug?id=2212474c958978ab86525fe6832ac8102c309ffc"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.