CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
967 vulnerabilities reference this CWE, most recent first.
GHSA-7594-89X5-4CR4
Vulnerability from github – Published: 2022-05-17 03:03 – Updated: 2025-04-20 03:31Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.
{
"affected": [],
"aliases": [
"CVE-2016-3177"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-23T21:59:00Z",
"severity": "CRITICAL"
},
"details": "Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.",
"id": "GHSA-7594-89x5-4cr4",
"modified": "2025-04-20T03:31:27Z",
"published": "2022-05-17T03:03:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3177"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/giflib/bugs/83"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/03/16/12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-76G6-5V2W-PW2H
Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2025-01-10 18:31In the Linux kernel, the following vulnerability has been resolved:
vhost-vdpa: fix use after free in vhost_vdpa_probe()
The put_device() calls vhost_vdpa_release_dev() which calls ida_simple_remove() and frees "v". So this call to ida_simple_remove() is a use after free and a double free.
{
"affected": [],
"aliases": [
"CVE-2023-52795"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T16:15:18Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost-vdpa: fix use after free in vhost_vdpa_probe()\n\nThe put_device() calls vhost_vdpa_release_dev() which calls\nida_simple_remove() and frees \"v\". So this call to\nida_simple_remove() is a use after free and a double free.",
"id": "GHSA-76g6-5v2w-pw2h",
"modified": "2025-01-10T18:31:37Z",
"published": "2024-05-21T18:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52795"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ae8ea4e200675a940c365b496ef8e3fb4123601c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bf04132cd64ccde4e9e9765d489c83fe83c09b7f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c0f8b8fb7df9d1a38652eb5aa817afccd3c56111"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e07754e0a1ea2d63fb29574253d1fd7405607343"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-76M2-73WX-8HJ7
Vulnerability from github – Published: 2024-05-22 09:31 – Updated: 2025-01-06 21:30In the Linux kernel, the following vulnerability has been resolved:
regmap: Fix possible double-free in regcache_rbtree_exit()
In regcache_rbtree_insert_to_block(), when 'present' realloc failed, the 'blk' which is supposed to assign to 'rbnode->block' will be freed, so 'rbnode->block' points a freed memory, in the error handling path of regcache_rbtree_init(), 'rbnode->block' will be freed again in regcache_rbtree_exit(), KASAN will report double-free as follows:
BUG: KASAN: double-free or invalid-free in kfree+0xce/0x390 Call Trace: slab_free_freelist_hook+0x10d/0x240 kfree+0xce/0x390 regcache_rbtree_exit+0x15d/0x1a0 regcache_rbtree_init+0x224/0x2c0 regcache_init+0x88d/0x1310 __regmap_init+0x3151/0x4a80 __devm_regmap_init+0x7d/0x100 madera_spi_probe+0x10f/0x333 [madera_spi] spi_probe+0x183/0x210 really_probe+0x285/0xc30
To fix this, moving up the assignment of rbnode->block to immediately after the reallocation has succeeded so that the data structure stays valid even if the second reallocation fails.
{
"affected": [],
"aliases": [
"CVE-2021-47483"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-22T09:15:10Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: Fix possible double-free in regcache_rbtree_exit()\n\nIn regcache_rbtree_insert_to_block(), when \u0027present\u0027 realloc failed,\nthe \u0027blk\u0027 which is supposed to assign to \u0027rbnode-\u003eblock\u0027 will be freed,\nso \u0027rbnode-\u003eblock\u0027 points a freed memory, in the error handling path of\nregcache_rbtree_init(), \u0027rbnode-\u003eblock\u0027 will be freed again in\nregcache_rbtree_exit(), KASAN will report double-free as follows:\n\nBUG: KASAN: double-free or invalid-free in kfree+0xce/0x390\nCall Trace:\n slab_free_freelist_hook+0x10d/0x240\n kfree+0xce/0x390\n regcache_rbtree_exit+0x15d/0x1a0\n regcache_rbtree_init+0x224/0x2c0\n regcache_init+0x88d/0x1310\n __regmap_init+0x3151/0x4a80\n __devm_regmap_init+0x7d/0x100\n madera_spi_probe+0x10f/0x333 [madera_spi]\n spi_probe+0x183/0x210\n really_probe+0x285/0xc30\n\nTo fix this, moving up the assignment of rbnode-\u003eblock to immediately after\nthe reallocation has succeeded so that the data structure stays valid even\nif the second reallocation fails.",
"id": "GHSA-76m2-73wx-8hj7",
"modified": "2025-01-06T21:30:49Z",
"published": "2024-05-22T09:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47483"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1cead23c1c0bc766dacb900a3b0269f651ad596f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/36e911a16b377bde0ad91a8c679069d0d310b1a6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3dae1a4eced3ee733d7222e69b8a55caf2d61091"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/50cc1462a668dc62949a1127388bc3af785ce047"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/55e6d8037805b3400096d621091dfbf713f97e83"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/758ced2c3878ff789801e6fee808e185c5cf08d6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e72dce9afbdbfa70d9b44f5908a50ff6c4858999"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fc081477b47dfc3a6cb50a96087fc29674013fc2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-774V-X675-J22M
Vulnerability from github – Published: 2025-07-08 15:32 – Updated: 2025-07-08 15:32Memory corruption while retrieving the CBOR data from TA.
{
"affected": [],
"aliases": [
"CVE-2025-21432"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T13:15:29Z",
"severity": "HIGH"
},
"details": "Memory corruption while retrieving the CBOR data from TA.",
"id": "GHSA-774v-x675-j22m",
"modified": "2025-07-08T15:32:02Z",
"published": "2025-07-08T15:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21432"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-77Q3-4VM7-HR7J
Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-32170"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-12T18:16:58Z",
"severity": "MODERATE"
},
"details": "Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-77q3-4vm7-hr7j",
"modified": "2026-05-12T18:30:41Z",
"published": "2026-05-12T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32170"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32170"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7864-H326-5M8J
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174052148
{
"affected": [],
"aliases": [
"CVE-2021-0397"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-10T16:15:00Z",
"severity": "CRITICAL"
},
"details": "In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174052148",
"id": "GHSA-7864-h326-5m8j",
"modified": "2022-05-24T17:44:09Z",
"published": "2022-05-24T17:44:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0397"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2021-03-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-78PF-52M8-MXJC
Vulnerability from github – Published: 2022-05-24 22:00 – Updated: 2022-05-24 22:00In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2019-2115"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-05T22:15:00Z",
"severity": "HIGH"
},
"details": "In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-78pf-52m8-mxjc",
"modified": "2022-05-24T22:00:26Z",
"published": "2022-05-24T22:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2115"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2019-09-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7C73-PPWR-83WP
Vulnerability from github – Published: 2022-05-14 01:29 – Updated: 2022-05-14 01:29The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.
{
"affected": [],
"aliases": [
"CVE-2018-7480"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-25T20:29:00Z",
"severity": "HIGH"
},
"details": "The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.",
"id": "GHSA-7c73-ppwr-83wp",
"modified": "2022-05-14T01:29:14Z",
"published": "2022-05-14T01:29:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7480"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/9b54d816e00425c3a517514e0d677bb3cec49258"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3654-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3654-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3656-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b54d816e00425c3a517514e0d677bb3cec49258"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7CJC-HVXF-GQH7
Vulnerability from github – Published: 2021-08-25 20:47 – Updated: 2021-08-19 21:18An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "bitvec"
},
"ranges": [
{
"events": [
{
"introduced": "0.11.0"
},
{
"fixed": "0.17.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35862"
],
"database_specific": {
"cwe_ids": [
"CWE-415",
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:18:16Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free.",
"id": "GHSA-7cjc-hvxf-gqh7",
"modified": "2021-08-19T21:18:16Z",
"published": "2021-08-25T20:47:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35862"
},
{
"type": "WEB",
"url": "https://github.com/myrrlyn/bitvec/issues/55"
},
{
"type": "PACKAGE",
"url": "https://github.com/myrrlyn/bitvec"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0007.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Use after free and double free in bitvec"
}
GHSA-7CWC-RHFJ-QP22
Vulnerability from github – Published: 2022-05-14 01:05 – Updated: 2022-05-14 01:05GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.
{
"affected": [],
"aliases": [
"CVE-2017-11139"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-10T03:29:00Z",
"severity": "CRITICAL"
},
"details": "GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.",
"id": "GHSA-7cwc-rhfj-qp22",
"modified": "2022-05-14T01:05:48Z",
"published": "2022-05-14T01:05:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11139"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"type": "WEB",
"url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/4d0baa77245b"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99504"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.