CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
967 vulnerabilities reference this CWE, most recent first.
GHSA-89W3-2J93-4G79
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2024-05-23 18:30Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do).
{
"affected": [],
"aliases": [
"CVE-2021-36088"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-01T03:15:00Z",
"severity": "CRITICAL"
},
"details": "Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do).",
"id": "GHSA-89w3-2j93-4g79",
"modified": "2024-05-23T18:30:54Z",
"published": "2022-05-24T19:06:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36088"
},
{
"type": "WEB",
"url": "https://github.com/fluent/fluent-bit/pull/3453"
},
{
"type": "WEB",
"url": "https://github.com/fluent/fluent-bit/commit/22346a74c07ceb90296be872be2d53eb92252a54"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33750"
},
{
"type": "WEB",
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/fluent-bit/OSV-2021-702.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8C9Q-FCRX-QJP6
Vulnerability from github – Published: 2022-05-13 01:30 – Updated: 2022-05-13 01:30A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered.
{
"affected": [],
"aliases": [
"CVE-2018-14054"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-13T17:29:00Z",
"severity": "CRITICAL"
},
"details": "A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered.",
"id": "GHSA-8c9q-fcrx-qjp6",
"modified": "2022-05-13T01:30:32Z",
"published": "2022-05-13T01:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14054"
},
{
"type": "WEB",
"url": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6YCHVOYPIBGM5HYUMQ77KZH2IHSITKVE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRSO2IMK6P7MOIZWGWKONPIEHKBA7WL3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISUIWPKBWPXORUFNWBGFTKQS7UUVUC4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2018/07/13/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8CHQ-HJC6-56VH
Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2024-12-30 18:30In the Linux kernel, the following vulnerability has been resolved:
irqchip/gic-v3-its: Prevent double free on error
The error handling path in its_vpe_irq_domain_alloc() causes a double free when its_vpe_init() fails after successfully allocating at least one interrupt. This happens because its_vpe_irq_domain_free() frees the interrupts along with the area bitmap and the vprop_page and its_vpe_irq_domain_alloc() subsequently frees the area bitmap and the vprop_page again.
Fix this by unconditionally invoking its_vpe_irq_domain_free() which handles all cases correctly and by removing the bitmap/vprop_page freeing from its_vpe_irq_domain_alloc().
[ tglx: Massaged change log ]
{
"affected": [],
"aliases": [
"CVE-2024-35847"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T15:15:21Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v3-its: Prevent double free on error\n\nThe error handling path in its_vpe_irq_domain_alloc() causes a double free\nwhen its_vpe_init() fails after successfully allocating at least one\ninterrupt. This happens because its_vpe_irq_domain_free() frees the\ninterrupts along with the area bitmap and the vprop_page and\nits_vpe_irq_domain_alloc() subsequently frees the area bitmap and the\nvprop_page again.\n\nFix this by unconditionally invoking its_vpe_irq_domain_free() which\nhandles all cases correctly and by removing the bitmap/vprop_page freeing\nfrom its_vpe_irq_domain_alloc().\n\n[ tglx: Massaged change log ]",
"id": "GHSA-8chq-hjc6-56vh",
"modified": "2024-12-30T18:30:40Z",
"published": "2024-05-17T15:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35847"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/03170e657f62c26834172742492a8cb8077ef792"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5b012f77abde89bf0be8a0547636184fea618137"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5dbdbe1133911ca7d8466bb86885adec32ad9438"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aa44d21574751a7d6bca892eb8e0e9ac68372e52"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b72d2b1448b682844f995e660b77f2a1fabc1662"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c26591afd33adce296c022e3480dea4282b7ef91"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dd681710ab77c8beafe2e263064cb1bd0e2d6ca9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f5417ff561b8ac9a7e53c747b8627a7ab58378ae"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8CQC-8CQ8-X7QF
Vulnerability from github – Published: 2022-05-14 02:00 – Updated: 2022-05-14 02:00In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allocated is automatically freed on probe.
{
"affected": [],
"aliases": [
"CVE-2018-11276"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-18T18:29:00Z",
"severity": "HIGH"
},
"details": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allocated is automatically freed on probe.",
"id": "GHSA-8cqc-8cq8-x7qf",
"modified": "2022-05-14T02:00:08Z",
"published": "2022-05-14T02:00:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11276"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components"
},
{
"type": "WEB",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=83a44ca6057bf9c1e36515cded28edc32a4a1501"
},
{
"type": "WEB",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8F4H-WR7J-W67M
Vulnerability from github – Published: 2023-07-24 18:30 – Updated: 2024-07-24 18:31A double-free vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of vmw_buffer_object objects. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. This flaw allows a local privileged user to escalate privileges and execute code in the context of the kernel.
{
"affected": [],
"aliases": [
"CVE-2023-33952"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-24T16:15:11Z",
"severity": "MODERATE"
},
"details": "A double-free vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of vmw_buffer_object objects. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. This flaw allows a local privileged user to escalate privileges and execute code in the context of the kernel.",
"id": "GHSA-8f4h-wr7j-w67m",
"modified": "2024-07-24T18:31:15Z",
"published": "2023-07-24T18:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33952"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:6583"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:6901"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7077"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4823"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4831"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-33952"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218212"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8FV4-6828-W84J
Vulnerability from github – Published: 2022-05-14 01:45 – Updated: 2022-05-14 01:45In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated is automatically released by the kernel if the 'probe' function fails with an error code.
{
"affected": [],
"aliases": [
"CVE-2018-11918"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-27T16:29:00Z",
"severity": "HIGH"
},
"details": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated is automatically released by the kernel if the \u0027probe\u0027 function fails with an error code.",
"id": "GHSA-8fv4-6828-w84j",
"modified": "2022-05-14T01:45:55Z",
"published": "2022-05-14T01:45:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11918"
},
{
"type": "WEB",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=5ca16318bf1a409e9e5c169dc5b7f0821e5323d7"
},
{
"type": "WEB",
"url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8GH5-Q362-WHFC
Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-26179"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T18:16:54Z",
"severity": "HIGH"
},
"details": "Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-8gh5-q362-whfc",
"modified": "2026-04-14T18:30:38Z",
"published": "2026-04-14T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26179"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26179"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8GMX-CPCG-F8H5
Vulnerability from github – Published: 2021-08-25 20:55 – Updated: 2023-06-13 17:37The clone_from implementation for IdMap drops the values present in the map and then begins cloning values from the other map. If a .clone() call pancics, then the afformentioned dropped elements can be freed again. get_or_insert
get_or_insert reserves space for a value, before calling the user provided insertion function f. If the function f panics then uninitialized or previously freed memory can be dropped. remove_set
When removing a set of elements, ptr::drop_in_place is called on each of the element to be removed. If the Drop impl of one of these elements panics then the previously dropped elements can be dropped again.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "id-map"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-30455"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T17:04:17Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "The clone_from implementation for IdMap drops the values present in the map and then begins cloning values from the other map. If a .clone() call pancics, then the afformentioned dropped elements can be freed again.\nget_or_insert\n\nget_or_insert reserves space for a value, before calling the user provided insertion function f. If the function f panics then uninitialized or previously freed memory can be dropped.\nremove_set\n\nWhen removing a set of elements, ptr::drop_in_place is called on each of the element to be removed. If the Drop impl of one of these elements panics then the previously dropped elements can be dropped again.",
"id": "GHSA-8gmx-cpcg-f8h5",
"modified": "2023-06-13T17:37:47Z",
"published": "2021-08-25T20:55:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30455"
},
{
"type": "WEB",
"url": "https://github.com/andrewhickman/id-map/issues/3"
},
{
"type": "PACKAGE",
"url": "https://github.com/andrewhickman/id-map"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0052.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Double-free in id-map"
}
GHSA-8GXF-RFC3-W42V
Vulnerability from github – Published: 2022-01-26 00:00 – Updated: 2022-02-02 00:02On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2022-23012"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-25T20:15:00Z",
"severity": "HIGH"
},
"details": "On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-8gxf-rfc3-w42v",
"modified": "2022-02-02T00:02:02Z",
"published": "2022-01-26T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23012"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K26310765"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8H7Q-934R-3XXV
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-11 21:31In the Linux kernel, the following vulnerability has been resolved:
soc: ti: pruss: Fix double free in pruss_clk_mux_setup()
In the pruss_clk_mux_setup(), the devm_add_action_or_reset() indirectly calls pruss_of_free_clk_provider(), which calls of_node_put(clk_mux_np) on the error path. However, after the devm_add_action_or_reset() returns, the of_node_put(clk_mux_np) is called again, causing a double free.
Fix by returning directly, to avoid the duplicate of_node_put().
{
"affected": [],
"aliases": [
"CVE-2026-43196"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T12:16:38Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: ti: pruss: Fix double free in pruss_clk_mux_setup()\n\nIn the pruss_clk_mux_setup(), the devm_add_action_or_reset() indirectly\ncalls pruss_of_free_clk_provider(), which calls of_node_put(clk_mux_np)\non the error path. However, after the devm_add_action_or_reset()\nreturns, the of_node_put(clk_mux_np) is called again, causing a double\nfree.\n\nFix by returning directly, to avoid the duplicate of_node_put().",
"id": "GHSA-8h7q-934r-3xxv",
"modified": "2026-05-11T21:31:30Z",
"published": "2026-05-06T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43196"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/04dbbb18cc9c8795c9ff47d8994bc03ebfef9d68"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/24c40076e3bc3d73c839c886d6bda1da6c4d9b93"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/69aa67c1e22d13e9aad4b08c86304ad8e743dcab"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/80db65d4acfb9ff12d00172aed39ea8b98261aad"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/818cf66d91c8ef09b01664a12d5f4ea786d64396"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b7db9953c2f8da37de498198623b05b46f8e2ca0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dbda01bf2dfe5af33163e1e5fca1b82b619c2803"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e113339cc7d23be4948891f3a702e9dce5b47035"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.