CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
967 vulnerabilities reference this CWE, most recent first.
GHSA-86MC-C53C-6QPJ
Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38The function read_data() in security.c in curl before version 7.51.0 is vulnerable to memory double free.
{
"affected": [],
"aliases": [
"CVE-2016-8619"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-01T06:29:00Z",
"severity": "CRITICAL"
},
"details": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.",
"id": "GHSA-86mc-c53c-6qpj",
"modified": "2022-05-13T01:38:40Z",
"published": "2022-05-13T01:38:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8619"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619"
},
{
"type": "WEB",
"url": "https://curl.haxx.se/CVE-2016-8619.patch"
},
{
"type": "WEB",
"url": "https://curl.haxx.se/docs/adv_20161102E.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-47"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94100"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037192"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-86W2-R376-87W2
Vulnerability from github – Published: 2022-09-03 00:00 – Updated: 2022-09-09 00:01Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
{
"affected": [],
"aliases": [
"CVE-2022-25668"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-02T12:15:00Z",
"severity": "CRITICAL"
},
"details": "Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"id": "GHSA-86w2-r376-87w2",
"modified": "2022-09-09T00:01:04Z",
"published": "2022-09-03T00:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25668"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-874W-M2V2-MJ64
Vulnerability from github – Published: 2021-03-29 20:48 – Updated: 2022-10-07 13:10AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.3.1"
},
"package": {
"ecosystem": "NuGet",
"name": "adplug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-15151"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-23T20:51:24Z",
"nvd_published_at": "2019-08-18T21:15:00Z",
"severity": "CRITICAL"
},
"details": "AdPlug 2.3.1 has a double free in the `Cu6mPlayer` class in `u6m.h`.",
"id": "GHSA-874w-m2v2-mj64",
"modified": "2022-10-07T13:10:52Z",
"published": "2021-03-29T20:48:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15151"
},
{
"type": "WEB",
"url": "https://github.com/adplug/adplug/issues/91"
},
{
"type": "WEB",
"url": "https://github.com/adplug/adplug/commit/1a282a486a8e33fef3e15998bf6408d3515dc07e"
},
{
"type": "WEB",
"url": "https://github.com/miller-alex/adplug/commit/8abb9328bf27dcbdafc67ade3e75af0ffd8f7633"
},
{
"type": "PACKAGE",
"url": "https://github.com/adplug/adplug"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q32A64R2APAC5PXIMSYIEFDQX5AD4GAS"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3PW6PLDTPSQQRHKTU2FB72SUB4Q66NE"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Double Free in Adplug"
}
GHSA-8795-X9RH-F2M7
Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2024-04-04 00:54In EffectRelease of EffectBundle.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-123237974.
{
"affected": [],
"aliases": [
"CVE-2019-2096"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-07T20:29:00Z",
"severity": "HIGH"
},
"details": "In EffectRelease of EffectBundle.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-123237974.",
"id": "GHSA-8795-x9rh-f2m7",
"modified": "2024-04-04T00:54:34Z",
"published": "2022-05-24T16:47:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2096"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2019-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-87CM-47XV-J472
Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14.
{
"affected": [],
"aliases": [
"CVE-2020-15710"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-19T03:15:00Z",
"severity": "MODERATE"
},
"details": "Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14.",
"id": "GHSA-87cm-47xv-j472",
"modified": "2022-05-24T17:34:37Z",
"published": "2022-05-24T17:34:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15710"
},
{
"type": "WEB",
"url": "https://launchpad.net/bugs/1884738"
},
{
"type": "WEB",
"url": "https://ubuntu.com/USN-4519-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-88GP-PH45-WPX4
Vulnerability from github – Published: 2024-11-09 12:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: clear wdev->cqm_config pointer on free
When we free wdev->cqm_config when unregistering, we also need to clear out the pointer since the same wdev/netdev may get re-registered in another network namespace, then destroyed later, running this code again, which results in a double-free.
{
"affected": [],
"aliases": [
"CVE-2024-50235"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-09T11:15:09Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: clear wdev-\u003ecqm_config pointer on free\n\nWhen we free wdev-\u003ecqm_config when unregistering, we also\nneed to clear out the pointer since the same wdev/netdev\nmay get re-registered in another network namespace, then\ndestroyed later, running this code again, which results in\na double-free.",
"id": "GHSA-88gp-ph45-wpx4",
"modified": "2025-11-04T00:31:59Z",
"published": "2024-11-09T12:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50235"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/64e4c45d23cd7f6167f69cc2d2877bc7f54292e5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6c44abb2d4c3262737d5d67832daebc8cf48b8c9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ba392e1355ba74b1d4fa11b85f71ab6ed7ecc058"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d5fee261dfd9e17b08b1df8471ac5d5736070917"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-88Q8-28J6-6QVJ
Vulnerability from github – Published: 2025-07-28 12:30 – Updated: 2025-11-19 18:31In the Linux kernel, the following vulnerability has been resolved:
net: libwx: remove duplicate page_pool_put_full_page()
page_pool_put_full_page() should only be invoked when freeing Rx buffers or building a skb if the size is too short. At other times, the pages need to be reused. So remove the redundant page put. In the original code, double free pages cause kernel panic:
[ 876.949834] __irq_exit_rcu+0xc7/0x130 [ 876.949836] common_interrupt+0xb8/0xd0 [ 876.949838] [ 876.949838] [ 876.949840] asm_common_interrupt+0x22/0x40 [ 876.949841] RIP: 0010:cpuidle_enter_state+0xc2/0x420 [ 876.949843] Code: 00 00 e8 d1 1d 5e ff e8 ac f0 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 cd fc 5c ff 45 84 ff 0f 85 40 02 00 00 fb 0f 1f 44 00 00 <45> 85 f6 0f 88 84 01 00 00 49 63 d6 48 8d 04 52 48 8d 04 82 49 8d [ 876.949844] RSP: 0018:ffffaa7340267e78 EFLAGS: 00000246 [ 876.949845] RAX: ffff9e3f135be000 RBX: 0000000000000002 RCX: 0000000000000000 [ 876.949846] RDX: 000000cc2dc4cb7c RSI: ffffffff89ee49ae RDI: ffffffff89ef9f9e [ 876.949847] RBP: ffff9e378f940800 R08: 0000000000000002 R09: 00000000000000ed [ 876.949848] R10: 000000000000afc8 R11: ffff9e3e9e5a9b6c R12: ffffffff8a6d8580 [ 876.949849] R13: 000000cc2dc4cb7c R14: 0000000000000002 R15: 0000000000000000 [ 876.949852] ? cpuidle_enter_state+0xb3/0x420 [ 876.949855] cpuidle_enter+0x29/0x40 [ 876.949857] cpuidle_idle_call+0xfd/0x170 [ 876.949859] do_idle+0x7a/0xc0 [ 876.949861] cpu_startup_entry+0x25/0x30 [ 876.949862] start_secondary+0x117/0x140 [ 876.949864] common_startup_64+0x13e/0x148 [ 876.949867] [ 876.949868] ---[ end trace 0000000000000000 ]--- [ 876.949869] ------------[ cut here ]------------ [ 876.949870] list_del corruption, ffffead40445a348->next is NULL [ 876.949873] WARNING: CPU: 14 PID: 0 at lib/list_debug.c:52 __list_del_entry_valid_or_report+0x67/0x120 [ 876.949875] Modules linked in: snd_hrtimer(E) bnep(E) binfmt_misc(E) amdgpu(E) squashfs(E) vfat(E) loop(E) fat(E) amd_atl(E) snd_hda_codec_realtek(E) intel_rapl_msr(E) snd_hda_codec_generic(E) intel_rapl_common(E) snd_hda_scodec_component(E) snd_hda_codec_hdmi(E) snd_hda_intel(E) edac_mce_amd(E) snd_intel_dspcfg(E) snd_hda_codec(E) snd_hda_core(E) amdxcp(E) kvm_amd(E) snd_hwdep(E) gpu_sched(E) drm_panel_backlight_quirks(E) cec(E) snd_pcm(E) drm_buddy(E) snd_seq_dummy(E) drm_ttm_helper(E) btusb(E) kvm(E) snd_seq_oss(E) btrtl(E) ttm(E) btintel(E) snd_seq_midi(E) btbcm(E) drm_exec(E) snd_seq_midi_event(E) i2c_algo_bit(E) snd_rawmidi(E) bluetooth(E) drm_suballoc_helper(E) irqbypass(E) snd_seq(E) ghash_clmulni_intel(E) sha512_ssse3(E) drm_display_helper(E) aesni_intel(E) snd_seq_device(E) rfkill(E) snd_timer(E) gf128mul(E) drm_client_lib(E) drm_kms_helper(E) snd(E) i2c_piix4(E) joydev(E) soundcore(E) wmi_bmof(E) ccp(E) k10temp(E) i2c_smbus(E) gpio_amdpt(E) i2c_designware_platform(E) gpio_generic(E) sg(E) [ 876.949914] i2c_designware_core(E) sch_fq_codel(E) parport_pc(E) drm(E) ppdev(E) lp(E) parport(E) fuse(E) nfnetlink(E) ip_tables(E) ext4 crc16 mbcache jbd2 sd_mod sfp mdio_i2c i2c_core txgbe ahci ngbe pcs_xpcs libahci libwx r8169 phylink libata realtek ptp pps_core video wmi [ 876.949933] CPU: 14 UID: 0 PID: 0 Comm: swapper/14 Kdump: loaded Tainted: G W E 6.16.0-rc2+ #20 PREEMPT(voluntary) [ 876.949935] Tainted: [W]=WARN, [E]=UNSIGNED_MODULE [ 876.949936] Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024 [ 876.949936] RIP: 0010:__list_del_entry_valid_or_report+0x67/0x120 [ 876.949938] Code: 00 00 00 48 39 7d 08 0f 85 a6 00 00 00 5b b8 01 00 00 00 5d 41 5c e9 73 0d 93 ff 48 89 fe 48 c7 c7 a0 31 e8 89 e8 59 7c b3 ff <0f> 0b 31 c0 5b 5d 41 5c e9 57 0d 93 ff 48 89 fe 48 c7 c7 c8 31 e8 [ 876.949940] RSP: 0018:ffffaa73405d0c60 EFLAGS: 00010282 [ 876.949941] RAX: 0000000000000000 RBX: ffffead40445a348 RCX: 0000000000000000 [ 876.949942] RDX: 0000000000000105 RSI: 00000 ---truncated---
{
"affected": [],
"aliases": [
"CVE-2025-38490"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-28T12:15:31Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: remove duplicate page_pool_put_full_page()\n\npage_pool_put_full_page() should only be invoked when freeing Rx buffers\nor building a skb if the size is too short. At other times, the pages\nneed to be reused. So remove the redundant page put. In the original\ncode, double free pages cause kernel panic:\n\n[ 876.949834] __irq_exit_rcu+0xc7/0x130\n[ 876.949836] common_interrupt+0xb8/0xd0\n[ 876.949838] \u003c/IRQ\u003e\n[ 876.949838] \u003cTASK\u003e\n[ 876.949840] asm_common_interrupt+0x22/0x40\n[ 876.949841] RIP: 0010:cpuidle_enter_state+0xc2/0x420\n[ 876.949843] Code: 00 00 e8 d1 1d 5e ff e8 ac f0 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 cd fc 5c ff 45 84 ff 0f 85 40 02 00 00 fb 0f 1f 44 00 00 \u003c45\u003e 85 f6 0f 88 84 01 00 00 49 63 d6 48 8d 04 52 48 8d 04 82 49 8d\n[ 876.949844] RSP: 0018:ffffaa7340267e78 EFLAGS: 00000246\n[ 876.949845] RAX: ffff9e3f135be000 RBX: 0000000000000002 RCX: 0000000000000000\n[ 876.949846] RDX: 000000cc2dc4cb7c RSI: ffffffff89ee49ae RDI: ffffffff89ef9f9e\n[ 876.949847] RBP: ffff9e378f940800 R08: 0000000000000002 R09: 00000000000000ed\n[ 876.949848] R10: 000000000000afc8 R11: ffff9e3e9e5a9b6c R12: ffffffff8a6d8580\n[ 876.949849] R13: 000000cc2dc4cb7c R14: 0000000000000002 R15: 0000000000000000\n[ 876.949852] ? cpuidle_enter_state+0xb3/0x420\n[ 876.949855] cpuidle_enter+0x29/0x40\n[ 876.949857] cpuidle_idle_call+0xfd/0x170\n[ 876.949859] do_idle+0x7a/0xc0\n[ 876.949861] cpu_startup_entry+0x25/0x30\n[ 876.949862] start_secondary+0x117/0x140\n[ 876.949864] common_startup_64+0x13e/0x148\n[ 876.949867] \u003c/TASK\u003e\n[ 876.949868] ---[ end trace 0000000000000000 ]---\n[ 876.949869] ------------[ cut here ]------------\n[ 876.949870] list_del corruption, ffffead40445a348-\u003enext is NULL\n[ 876.949873] WARNING: CPU: 14 PID: 0 at lib/list_debug.c:52 __list_del_entry_valid_or_report+0x67/0x120\n[ 876.949875] Modules linked in: snd_hrtimer(E) bnep(E) binfmt_misc(E) amdgpu(E) squashfs(E) vfat(E) loop(E) fat(E) amd_atl(E) snd_hda_codec_realtek(E) intel_rapl_msr(E) snd_hda_codec_generic(E) intel_rapl_common(E) snd_hda_scodec_component(E) snd_hda_codec_hdmi(E) snd_hda_intel(E) edac_mce_amd(E) snd_intel_dspcfg(E) snd_hda_codec(E) snd_hda_core(E) amdxcp(E) kvm_amd(E) snd_hwdep(E) gpu_sched(E) drm_panel_backlight_quirks(E) cec(E) snd_pcm(E) drm_buddy(E) snd_seq_dummy(E) drm_ttm_helper(E) btusb(E) kvm(E) snd_seq_oss(E) btrtl(E) ttm(E) btintel(E) snd_seq_midi(E) btbcm(E) drm_exec(E) snd_seq_midi_event(E) i2c_algo_bit(E) snd_rawmidi(E) bluetooth(E) drm_suballoc_helper(E) irqbypass(E) snd_seq(E) ghash_clmulni_intel(E) sha512_ssse3(E) drm_display_helper(E) aesni_intel(E) snd_seq_device(E) rfkill(E) snd_timer(E) gf128mul(E) drm_client_lib(E) drm_kms_helper(E) snd(E) i2c_piix4(E) joydev(E) soundcore(E) wmi_bmof(E) ccp(E) k10temp(E) i2c_smbus(E) gpio_amdpt(E) i2c_designware_platform(E) gpio_generic(E) sg(E)\n[ 876.949914] i2c_designware_core(E) sch_fq_codel(E) parport_pc(E) drm(E) ppdev(E) lp(E) parport(E) fuse(E) nfnetlink(E) ip_tables(E) ext4 crc16 mbcache jbd2 sd_mod sfp mdio_i2c i2c_core txgbe ahci ngbe pcs_xpcs libahci libwx r8169 phylink libata realtek ptp pps_core video wmi\n[ 876.949933] CPU: 14 UID: 0 PID: 0 Comm: swapper/14 Kdump: loaded Tainted: G W E 6.16.0-rc2+ #20 PREEMPT(voluntary)\n[ 876.949935] Tainted: [W]=WARN, [E]=UNSIGNED_MODULE\n[ 876.949936] Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024\n[ 876.949936] RIP: 0010:__list_del_entry_valid_or_report+0x67/0x120\n[ 876.949938] Code: 00 00 00 48 39 7d 08 0f 85 a6 00 00 00 5b b8 01 00 00 00 5d 41 5c e9 73 0d 93 ff 48 89 fe 48 c7 c7 a0 31 e8 89 e8 59 7c b3 ff \u003c0f\u003e 0b 31 c0 5b 5d 41 5c e9 57 0d 93 ff 48 89 fe 48 c7 c7 c8 31 e8\n[ 876.949940] RSP: 0018:ffffaa73405d0c60 EFLAGS: 00010282\n[ 876.949941] RAX: 0000000000000000 RBX: ffffead40445a348 RCX: 0000000000000000\n[ 876.949942] RDX: 0000000000000105 RSI: 00000\n---truncated---",
"id": "GHSA-88q8-28j6-6qvj",
"modified": "2025-11-19T18:31:17Z",
"published": "2025-07-28T12:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38490"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/003e4765d8661be97e650a833868c53d35574130"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/08d18bda0d03f5ec376929a8c6c4495f9594593a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1b7e585c04cd5f0731dd25ffd396277e55fae0e6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3c91a56762b1f0d1e4af2d86c2cba83b61ed9eaa"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-89FH-8VX8-H844
Vulnerability from github – Published: 2025-07-10 09:32 – Updated: 2025-11-18 15:30In the Linux kernel, the following vulnerability has been resolved:
eth: fbnic: avoid double free when failing to DMA-map FW msg
The semantics are that caller of fbnic_mbx_map_msg() retains the ownership of the message on error. All existing callers dutifully free the page.
{
"affected": [],
"aliases": [
"CVE-2025-38341"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-10T09:15:28Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: fbnic: avoid double free when failing to DMA-map FW msg\n\nThe semantics are that caller of fbnic_mbx_map_msg() retains\nthe ownership of the message on error. All existing callers\ndutifully free the page.",
"id": "GHSA-89fh-8vx8-h844",
"modified": "2025-11-18T15:30:41Z",
"published": "2025-07-10T09:32:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38341"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0a211e23852019ef55c70094524e87a944accbb5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5bd1bafd4474ee26f504b41aba11f3e2a1175b88"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/670179265ad787b9dd8e701601914618b8927755"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-89RW-HGR3-HVFX
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
{
"affected": [],
"aliases": [
"CVE-2018-14638"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-14T19:29:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.",
"id": "GHSA-89rw-hgr3-hvfx",
"modified": "2022-05-13T01:34:30Z",
"published": "2022-05-13T01:34:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14638"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2757"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638"
},
{
"type": "WEB",
"url": "https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-89VX-8J4R-PM86
Vulnerability from github – Published: 2025-04-17 21:30 – Updated: 2025-04-17 21:30In the Linux kernel, the following vulnerability has been resolved:
remoteproc: mtk_scp: Fix a potential double free
'scp->rproc' is allocated using devm_rproc_alloc(), so there is no need to free it explicitly in the remove function.
{
"affected": [],
"aliases": [
"CVE-2022-49391"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:15Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: mtk_scp: Fix a potential double free\n\n\u0027scp-\u003erproc\u0027 is allocated using devm_rproc_alloc(), so there is no need\nto free it explicitly in the remove function.",
"id": "GHSA-89vx-8j4r-pm86",
"modified": "2025-04-17T21:30:44Z",
"published": "2025-04-17T21:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49391"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/adc02700236613b344a947a897fc2741d52a43b9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eac3e5b1c12f85732e60f5f8b985444d273866bb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.