CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-XMHQ-FW78-WJXR
Vulnerability from github – Published: 2023-11-01 18:30 – Updated: 2025-04-29 21:31Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2023-5856"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-01T18:15:10Z",
"severity": "HIGH"
},
"details": "Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-xmhq-fw78-wjxr",
"modified": "2025-04-29T21:31:31Z",
"published": "2023-11-01T18:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5856"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1493380"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-34"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5546"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XMJJ-HRW9-X35M
Vulnerability from github – Published: 2024-08-17 09:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
media: venus: fix use after free in vdec_close
There appears to be a possible use after free with vdec_close(). The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly closing the decoder device from userspace during normal decoding can incur a read after free for inst.
Fix it by cancelling the work in vdec_close.
{
"affected": [],
"aliases": [
"CVE-2024-42313"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-17T09:15:11Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free in vdec_close\n\nThere appears to be a possible use after free with vdec_close().\nThe firmware will add buffer release work to the work queue through\nHFI callbacks as a normal part of decoding. Randomly closing the\ndecoder device from userspace during normal decoding can incur\na read after free for inst.\n\nFix it by cancelling the work in vdec_close.",
"id": "GHSA-xmjj-hrw9-x35m",
"modified": "2025-11-04T00:31:14Z",
"published": "2024-08-17T09:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42313"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4c9d235630d35db762b85a4149bbb0be9d504c36"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/66fa52edd32cdbb675f0803b3c4da10ea19b6635"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6a96041659e834dc0b172dda4b2df512d63920c2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/72aff311194c8ceda934f24fd6f250b8827d7567"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a0157b5aa34eb43ec4c5510f9c260bbb03be937e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ad8cf035baf29467158e0550c7a42b7bb43d1db6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/da55685247f409bf7f976cc66ba2104df75d8dad"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f8e9a63b982a8345470c225679af4ba86e4a7282"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XMJP-848V-P77X
Vulnerability from github – Published: 2022-07-28 00:00 – Updated: 2022-08-04 00:00Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2022-1859"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-27T22:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-xmjp-848v-p77x",
"modified": "2022-08-04T00:00:23Z",
"published": "2022-07-28T00:00:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1859"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1322744"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-25"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XMJX-29FM-9QH3
Vulnerability from github – Published: 2025-08-27 00:31 – Updated: 2025-08-27 15:33In bnepu_check_send_packet of bnep_utils.cc, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2025-22406"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-26T23:15:33Z",
"severity": "HIGH"
},
"details": "In bnepu_check_send_packet of bnep_utils.cc, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-xmjx-29fm-9qh3",
"modified": "2025-08-27T15:33:15Z",
"published": "2025-08-27T00:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22406"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/806774b1cf641e0c0e7df8024e327febf23d7d7c"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2025-03-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XMP7-HHPR-WJGH
Vulnerability from github – Published: 2023-06-02 12:30 – Updated: 2024-04-04 04:28An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0.
{
"affected": [],
"aliases": [
"CVE-2023-28469"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-02T12:15:09Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm\u0027s GPU Architecture Gen5 r41p0 through r42p0 before r43p0.",
"id": "GHSA-xmp7-hhpr-wjgh",
"modified": "2024-04-04T04:28:51Z",
"published": "2023-06-02T12:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28469"
},
{
"type": "WEB",
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XMVQ-5949-6227
Vulnerability from github – Published: 2024-03-02 00:31 – Updated: 2024-12-09 21:31In the Linux kernel, the following vulnerability has been resolved:
habanalabs/gaudi: Fix a potential use after free in gaudi_memset_device_memory
Our code analyzer reported a uaf.
In gaudi_memset_device_memory, cb is get via hl_cb_kernel_create() with 2 refcount. If hl_cs_allocate_job() failed, the execution runs into release_cb branch. One ref of cb is dropped by hl_cb_put(cb) and could be freed if other thread also drops one ref. Then cb is used by cb->id later, which is a potential uaf.
My patch add a variable 'id' to accept the value of cb->id before the hl_cb_put(cb) is called, to avoid the potential uaf.
{
"affected": [],
"aliases": [
"CVE-2021-47081"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-01T22:15:47Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhabanalabs/gaudi: Fix a potential use after free in gaudi_memset_device_memory\n\nOur code analyzer reported a uaf.\n\nIn gaudi_memset_device_memory, cb is get via hl_cb_kernel_create()\nwith 2 refcount.\nIf hl_cs_allocate_job() failed, the execution runs into release_cb\nbranch. One ref of cb is dropped by hl_cb_put(cb) and could be freed\nif other thread also drops one ref. Then cb is used by cb-\u003eid later,\nwhich is a potential uaf.\n\nMy patch add a variable \u0027id\u0027 to accept the value of cb-\u003eid before the\nhl_cb_put(cb) is called, to avoid the potential uaf.",
"id": "GHSA-xmvq-5949-6227",
"modified": "2024-12-09T21:31:00Z",
"published": "2024-03-02T00:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47081"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/115726c5d312b462c9d9931ea42becdfa838a076"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b49f5af30b0e4064fbd91e83823a4bfcb2c7a3e7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XMVQ-J2GC-Q94F
Vulnerability from github – Published: 2022-05-12 00:00 – Updated: 2022-05-12 00:00Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2022-27801"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-11T18:15:00Z",
"severity": "HIGH"
},
"details": "Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-xmvq-j2gc-q94f",
"modified": "2022-05-12T00:00:46Z",
"published": "2022-05-12T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27801"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb22-16.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XP4X-RP64-962G
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-26 21:30In the Linux kernel, the following vulnerability has been resolved:
staging: greybus: uart: fix tty use after free
User space can hold a tty open indefinitely and tty drivers must not release the underlying structures until the last user is gone.
Switch to using the tty-port reference counter to manage the life time of the greybus tty state to avoid use after free after a disconnect.
{
"affected": [],
"aliases": [
"CVE-2021-47358"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:22Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: greybus: uart: fix tty use after free\n\nUser space can hold a tty open indefinitely and tty drivers must not\nrelease the underlying structures until the last user is gone.\n\nSwitch to using the tty-port reference counter to manage the life time\nof the greybus tty state to avoid use after free after a disconnect.",
"id": "GHSA-xp4x-rp64-962g",
"modified": "2024-12-26T21:30:36Z",
"published": "2024-05-21T15:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47358"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4dc56951a8d9d61d364d346c61a5f1d70b4f5e14"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/64062fcaca8872f063ec9da011e7bf30470be33f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/92b67aaafb7c449db9f0c3dcabc0ff967cb3a42d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/92dc0b1f46e12cfabd28d709bb34f7a39431b44f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9872ff6fdce8b229f01993b611b5d1719cb70ff1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a5cfd51f6348e8fd7531461366946039c29c7e69"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b9e697e60ce9890e9258a73eb061288e7d68e5e6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XP52-49J5-H754
Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2024-03-27 18:32Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
{
"affected": [],
"aliases": [
"CVE-2020-8231"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-14T20:15:00Z",
"severity": "HIGH"
},
"details": "Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.",
"id": "GHSA-xp52-49j5-h754",
"modified": "2024-03-27T18:32:37Z",
"published": "2022-05-24T17:36:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8231"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/948876"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"type": "WEB",
"url": "https://curl.haxx.se/docs/CVE-2020-8231.html"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202012-14"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4881"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XP8M-46MM-88P5
Vulnerability from github – Published: 2022-05-14 03:45 – Updated: 2022-05-14 03:45VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.
{
"affected": [],
"aliases": [
"CVE-2017-4949"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-11T14:29:00Z",
"severity": "HIGH"
},
"details": "VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.",
"id": "GHSA-xp8m-46mm-88p5",
"modified": "2022-05-14T03:45:21Z",
"published": "2022-05-14T03:45:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-4949"
},
{
"type": "WEB",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0005.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102489"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040161"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.