Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9811 vulnerabilities reference this CWE, most recent first.

GHSA-X6H6-973G-Q656

Vulnerability from github – Published: 2024-10-21 15:32 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

nbd: fix race between timeout and normal completion

If request timetout is handled by nbd_requeue_cmd(), normal completion has to be stopped for avoiding to complete this requeued request, other use-after-free can be triggered.

Fix the race by clearing NBD_CMD_INFLIGHT in nbd_requeue_cmd(), meantime make sure that cmd->lock is grabbed for clearing the flag and the requeue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T13:15:06Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix race between timeout and normal completion\n\nIf request timetout is handled by nbd_requeue_cmd(), normal completion\nhas to be stopped for avoiding to complete this requeued request, other\nuse-after-free can be triggered.\n\nFix the race by clearing NBD_CMD_INFLIGHT in nbd_requeue_cmd(), meantime\nmake sure that cmd-\u003elock is grabbed for clearing the flag and the\nrequeue.",
  "id": "GHSA-x6h6-973g-q656",
  "modified": "2025-11-04T00:31:39Z",
  "published": "2024-10-21T15:32:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49855"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5236ada8ebbd9e7461f17477357582f5be4f46f7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6e73b946a379a1dfbb62626af93843bdfb53753d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9a74c3e6c0d686c26ba2aab66d15ddb89dc139cc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9c25faf72d780a9c71081710cd48759d61ff6e9b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c9ea57c91f03bcad415e1a20113bdb2077bcf990"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X6JW-CPGX-JHW4

Vulnerability from github – Published: 2022-02-19 00:00 – Updated: 2022-03-01 00:00
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15702.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-24359"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-18T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15702.",
  "id": "GHSA-x6jw-cpgx-jhw4",
  "modified": "2022-03-01T00:00:47Z",
  "published": "2022-02-19T00:00:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24359"
    },
    {
      "type": "WEB",
      "url": "https://www.foxit.com/support/security-bulletins.html"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-270"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-X6M2-5JQG-M646

Vulnerability from github – Published: 2023-10-30 18:30 – Updated: 2023-11-03 21:30
VLAI
Details

In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-30T18:15:09Z",
    "severity": "HIGH"
  },
  "details": "In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-x6m2-5jqg-m646",
  "modified": "2023-11-03T21:30:25Z",
  "published": "2023-10-30T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21381"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/docs/security/bulletin/android-14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X6Q3-GW4H-79F9

Vulnerability from github – Published: 2026-06-09 00:33 – Updated: 2026-06-09 03:31
VLAI
Details

Use after free in InterestGroups in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-11673"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T00:16:50Z",
    "severity": "HIGH"
  },
  "details": "Use after free in InterestGroups in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-x6q3-gw4h-79f9",
  "modified": "2026-06-09T03:31:39Z",
  "published": "2026-06-09T00:33:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11673"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/516902973"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X6R5-RGXM-C9CX

Vulnerability from github – Published: 2026-05-14 21:30 – Updated: 2026-05-15 00:30
VLAI
Details

Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8553"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-14T20:17:16Z",
    "severity": "LOW"
  },
  "details": "Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-x6r5-rgxm-c9cx",
  "modified": "2026-05-15T00:30:29Z",
  "published": "2026-05-14T21:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8553"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/498715368"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X6VG-GVF6-HMP9

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-10-27 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

blktrace: Fix uaf in blk_trace access after removing by sysfs

There is an use-after-free problem triggered by following process:

  P1(sda)               P2(sdb)
        echo 0 > /sys/block/sdb/trace/enable
          blk_trace_remove_queue
            synchronize_rcu
            blk_trace_free
              relay_close

rcu_read_lock __blk_add_trace trace_note_tsk (Iterate running_trace_list) relay_close_buf relay_destroy_buf kfree(buf) trace_note(sdb's bt) relay_reserve buf->offset <- nullptr deference (use-after-free) !!! rcu_read_unlock

[ 502.714379] BUG: kernel NULL pointer dereference, address: 0000000000000010 [ 502.715260] #PF: supervisor read access in kernel mode [ 502.715903] #PF: error_code(0x0000) - not-present page [ 502.716546] PGD 103984067 P4D 103984067 PUD 17592b067 PMD 0 [ 502.717252] Oops: 0000 [#1] SMP [ 502.720308] RIP: 0010:trace_note.isra.0+0x86/0x360 [ 502.732872] Call Trace: [ 502.733193] __blk_add_trace.cold+0x137/0x1a3 [ 502.733734] blk_add_trace_rq+0x7b/0xd0 [ 502.734207] blk_add_trace_rq_issue+0x54/0xa0 [ 502.734755] blk_mq_start_request+0xde/0x1b0 [ 502.735287] scsi_queue_rq+0x528/0x1140 ... [ 502.742704] sg_new_write.isra.0+0x16e/0x3e0 [ 502.747501] sg_ioctl+0x466/0x1100

Reproduce method: ioctl(/dev/sda, BLKTRACESETUP, blk_user_trace_setup[buf_size=127]) ioctl(/dev/sda, BLKTRACESTART) ioctl(/dev/sdb, BLKTRACESETUP, blk_user_trace_setup[buf_size=127]) ioctl(/dev/sdb, BLKTRACESTART)

echo 0 > /sys/block/sdb/trace/enable & // Add delay(mdelay/msleep) before kernel enters blk_trace_free()

ioctl$SG_IO(/dev/sda, SG_IO, ...) // Enters trace_note_tsk() after blk_trace_free() returned // Use mdelay in rcu region rather than msleep(which may schedule out)

Remove blk_trace from running_list before calling blk_trace_free() by sysfs if blk_trace is at Blktrace_running state.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47375"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:23Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblktrace: Fix uaf in blk_trace access after removing by sysfs\n\nThere is an use-after-free problem triggered by following process:\n\n      P1(sda)\t\t\t\tP2(sdb)\n\t\t\techo 0 \u003e /sys/block/sdb/trace/enable\n\t\t\t  blk_trace_remove_queue\n\t\t\t    synchronize_rcu\n\t\t\t    blk_trace_free\n\t\t\t      relay_close\nrcu_read_lock\n__blk_add_trace\n  trace_note_tsk\n  (Iterate running_trace_list)\n\t\t\t        relay_close_buf\n\t\t\t\t  relay_destroy_buf\n\t\t\t\t    kfree(buf)\n    trace_note(sdb\u0027s bt)\n      relay_reserve\n        buf-\u003eoffset \u003c- nullptr deference (use-after-free) !!!\nrcu_read_unlock\n\n[  502.714379] BUG: kernel NULL pointer dereference, address:\n0000000000000010\n[  502.715260] #PF: supervisor read access in kernel mode\n[  502.715903] #PF: error_code(0x0000) - not-present page\n[  502.716546] PGD 103984067 P4D 103984067 PUD 17592b067 PMD 0\n[  502.717252] Oops: 0000 [#1] SMP\n[  502.720308] RIP: 0010:trace_note.isra.0+0x86/0x360\n[  502.732872] Call Trace:\n[  502.733193]  __blk_add_trace.cold+0x137/0x1a3\n[  502.733734]  blk_add_trace_rq+0x7b/0xd0\n[  502.734207]  blk_add_trace_rq_issue+0x54/0xa0\n[  502.734755]  blk_mq_start_request+0xde/0x1b0\n[  502.735287]  scsi_queue_rq+0x528/0x1140\n...\n[  502.742704]  sg_new_write.isra.0+0x16e/0x3e0\n[  502.747501]  sg_ioctl+0x466/0x1100\n\nReproduce method:\n  ioctl(/dev/sda, BLKTRACESETUP, blk_user_trace_setup[buf_size=127])\n  ioctl(/dev/sda, BLKTRACESTART)\n  ioctl(/dev/sdb, BLKTRACESETUP, blk_user_trace_setup[buf_size=127])\n  ioctl(/dev/sdb, BLKTRACESTART)\n\n  echo 0 \u003e /sys/block/sdb/trace/enable \u0026\n  // Add delay(mdelay/msleep) before kernel enters blk_trace_free()\n\n  ioctl$SG_IO(/dev/sda, SG_IO, ...)\n  // Enters trace_note_tsk() after blk_trace_free() returned\n  // Use mdelay in rcu region rather than msleep(which may schedule out)\n\nRemove blk_trace from running_list before calling blk_trace_free() by\nsysfs if blk_trace is at Blktrace_running state.",
  "id": "GHSA-x6vg-gvf6-hmp9",
  "modified": "2024-10-27T15:30:43Z",
  "published": "2024-05-21T15:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47375"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3815fe7371d2411ce164281cef40d9fc7b323dee"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/488da313edf3abea7f7733efe011c96b23740ab5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5afedf670caf30a2b5a52da96eb7eac7dee6a9c9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/677e362ba807f3aafe6f405c07e0b37244da5222"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a5f8e86192612d0183047448d8bbe7918b3f1a26"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d56171d9360c0170c5c5f8f7e2362a2e999eca40"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dacfd5e4d1142bfb3809aab3634a375f6f373269"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ebb8d26d93c3ec3c7576c52a8373a2309423c069"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X6XM-M3J7-465M

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onBlur events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6334.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-17616"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-29T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onBlur events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6334.",
  "id": "GHSA-x6xm-m3j7-465m",
  "modified": "2022-05-13T01:34:02Z",
  "published": "2022-05-13T01:34:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17616"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://zerodayinitiative.com/advisories/ZDI-18-1097"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X74X-9VC6-FMQ8

Vulnerability from github – Published: 2023-08-10 15:30 – Updated: 2024-04-04 06:47
VLAI
Details

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38222"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-10T14:15:12Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-x74x-9vc6-fmq8",
  "modified": "2024-04-04T06:47:26Z",
  "published": "2023-08-10T15:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38222"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb23-30.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X75Q-532J-6F9M

Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09
VLAI
Details

Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-30581"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-03T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-x75q-532j-6f9m",
  "modified": "2022-05-24T19:09:42Z",
  "published": "2022-05-24T19:09:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30581"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1194431"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LVY4WIWTVVYKQMROJJS365TZBKEARCF"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-X77F-2WPM-X48R

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-03 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: dvbdev: adopts refcnt to avoid UAF

dvb_unregister_device() is known that prone to use-after-free. That is, the cleanup from dvb_unregister_device() releases the dvb_device even if there are pointers stored in file->private_data still refer to it.

This patch adds a reference counter into struct dvb_device and delays its deallocation until no pointer refers to the object.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50274"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:38Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: adopts refcnt to avoid UAF\n\ndvb_unregister_device() is known that prone to use-after-free.\nThat is, the cleanup from dvb_unregister_device() releases the dvb_device\neven if there are pointers stored in file-\u003eprivate_data still refer to it.\n\nThis patch adds a reference counter into struct dvb_device and delays its\ndeallocation until no pointer refers to the object.",
  "id": "GHSA-x77f-2wpm-x48r",
  "modified": "2025-12-03T18:30:20Z",
  "published": "2025-09-15T15:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50274"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0fc044b2b5e2d05a1fa1fb0d7f270367a7855d79"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/219b44bf94203bd433aa91b7796475bf656348e5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2abd73433872194bccdf1432a0980e4ec5273c2a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6d18b44bb44e1f4d97dfe0efe92ac0f0984739c2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/88a6f8a72d167294c0931c7874941bf37a41b6dd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9945d05d6693710574f354c5dbddc47f5101eb77"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a2f0a08aa613176c9688c81d7b598a7779974991"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ac521bbe3d00fa574e66a9361763f2b37725bc97"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.