CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
966 vulnerabilities reference this CWE, most recent first.
GHSA-HWP9-GMCW-F7C2
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-06-29 00:00In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179687208
{
"affected": [],
"aliases": [
"CVE-2021-0473"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-11T17:15:00Z",
"severity": "HIGH"
},
"details": "In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179687208",
"id": "GHSA-hwp9-gmcw-f7c2",
"modified": "2022-06-29T00:00:38Z",
"published": "2022-05-24T19:05:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0473"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2021-05-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HWV2-9X95-Q8HX
Vulnerability from github – Published: 2022-05-14 02:00 – Updated: 2022-05-14 02:00In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, 'voice_svc_dev' is allocated as a device-managed resource. If error 'cdev_alloc_err' occurs, 'device_destroy' will free all associated resources, including 'voice_svc_dev' leading to a double free.
{
"affected": [],
"aliases": [
"CVE-2018-11273"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-18T18:29:00Z",
"severity": "HIGH"
},
"details": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, \u0027voice_svc_dev\u0027 is allocated as a device-managed resource. If error \u0027cdev_alloc_err\u0027 occurs, \u0027device_destroy\u0027 will free all associated resources, including \u0027voice_svc_dev\u0027 leading to a double free.",
"id": "GHSA-hwv2-9x95-q8hx",
"modified": "2022-05-14T02:00:28Z",
"published": "2022-05-14T02:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11273"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components"
},
{
"type": "WEB",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=789d4d21c3f1818dcbf74da4a051598e8f53676c"
},
{
"type": "WEB",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=f34f6271362484c1f87f4176e72a3bfb80ee7711"
},
{
"type": "WEB",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HXMX-44PV-H6F9
Vulnerability from github – Published: 2022-05-14 03:25 – Updated: 2022-05-14 03:25In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, incorrect error handling could lead to a double free in QTEE file service API.
{
"affected": [],
"aliases": [
"CVE-2015-9165"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-18T14:29:00Z",
"severity": "CRITICAL"
},
"details": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, incorrect error handling could lead to a double free in QTEE file service API.",
"id": "GHSA-hxmx-44pv-h6f9",
"modified": "2022-05-14T03:25:51Z",
"published": "2022-05-14T03:25:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9165"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103671"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J22W-F6G9-Q452
Vulnerability from github – Published: 2022-06-16 00:00 – Updated: 2022-06-25 00:01In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker can trigger an initialization failure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215387420
{
"affected": [],
"aliases": [
"CVE-2021-39806"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-15T14:15:00Z",
"severity": "HIGH"
},
"details": "In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker can trigger an initialization failure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215387420",
"id": "GHSA-j22w-f6g9-q452",
"modified": "2022-06-25T00:01:01Z",
"published": "2022-06-16T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39806"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2022-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J356-V755-MH97
Vulnerability from github – Published: 2022-05-17 00:16 – Updated: 2022-05-17 00:16The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2017-8140"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-22T19:29:00Z",
"severity": "HIGH"
},
"details": "The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.",
"id": "GHSA-j356-v755-mh97",
"modified": "2022-05-17T00:16:44Z",
"published": "2022-05-17T00:16:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8140"
},
{
"type": "WEB",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170605-01-smartphone-en"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J35C-G8JQ-8CR6
Vulnerability from github – Published: 2022-05-14 03:02 – Updated: 2022-05-14 03:02The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
{
"affected": [],
"aliases": [
"CVE-2017-8890"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-10T16:29:00Z",
"severity": "HIGH"
},
"details": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.",
"id": "GHSA-j35c-g8jq-8cr6",
"modified": "2022-05-14T03:02:49Z",
"published": "2022-05-14T03:02:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8890"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3886"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98562"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J35V-H5M8-P59M
Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device.
{
"affected": [],
"aliases": [
"CVE-2017-6166"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-22T16:29:00Z",
"severity": "MODERATE"
},
"details": "In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device.",
"id": "GHSA-j35v-h5m8-p59m",
"modified": "2022-05-13T01:04:37Z",
"published": "2022-05-13T01:04:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6166"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K65615624"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102264"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039949"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J3C2-WQF5-8PP4
Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-59289"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-14T17:16:12Z",
"severity": "HIGH"
},
"details": "Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-j3c2-wqf5-8pp4",
"modified": "2025-10-14T18:30:36Z",
"published": "2025-10-14T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59289"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59289"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J3C6-G69P-4H39
Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-26163"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T18:16:49Z",
"severity": "HIGH"
},
"details": "Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-j3c6-g69p-4h39",
"modified": "2026-04-14T18:30:37Z",
"published": "2026-04-14T18:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26163"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26163"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J52M-489X-V634
Vulnerability from github – Published: 2021-08-25 20:44 – Updated: 2023-06-13 17:45Affected versions of this crate did not properly implements the Matrix::zip_elements method, which causes an double free when the given trait implementation might panic. This allows an attacker to corrupt or take control of the memory.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "linea"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-16880"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:23:06Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "Affected versions of this crate did not properly implements the Matrix::zip_elements method, which causes an double free when the given trait implementation might panic. This allows an attacker to corrupt or take control of the memory.",
"id": "GHSA-j52m-489x-v634",
"modified": "2023-06-13T17:45:35Z",
"published": "2021-08-25T20:44:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16880"
},
{
"type": "WEB",
"url": "https://github.com/strake/linea.rs/issues/2"
},
{
"type": "PACKAGE",
"url": "https://github.com/strake/linea.rs"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2019-0021.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Double free in linea"
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.