CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
967 vulnerabilities reference this CWE, most recent first.
GHSA-3RGG-FV5R-QJ8F
Vulnerability from github – Published: 2024-05-01 06:31 – Updated: 2024-06-03 18:55In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix double free of fcport
The server was crashing after LOGO because fcport was getting freed twice.
-----------[ cut here ]----------- kernel BUG at mm/slub.c:371! invalid opcode: 0000 1 SMP PTI CPU: 35 PID: 4610 Comm: bash Kdump: loaded Tainted: G OE --------- - - 4.18.0-425.3.1.el8.x86_64 #1 Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021 RIP: 0010:set_freepointer.part.57+0x0/0x10 RSP: 0018:ffffb07107027d90 EFLAGS: 00010246 RAX: ffff9cb7e3150000 RBX: ffff9cb7e332b9c0 RCX: ffff9cb7e3150400 RDX: 0000000000001f37 RSI: 0000000000000000 RDI: ffff9cb7c0005500 RBP: fffff693448c5400 R08: 0000000080000000 R09: 0000000000000009 R10: 0000000000000000 R11: 0000000000132af0 R12: ffff9cb7c0005500 R13: ffff9cb7e3150000 R14: ffffffffc06990e0 R15: ffff9cb7ea85ea58 FS: 00007ff6b79c2740(0000) GS:ffff9cb8f7ec0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055b426b7d700 CR3: 0000000169c18002 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: kfree+0x238/0x250 qla2x00_els_dcmd_sp_free+0x20/0x230 [qla2xxx] ? qla24xx_els_dcmd_iocb+0x607/0x690 [qla2xxx] qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx] ? qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx] ? kernfs_fop_write+0x11e/0x1a0
Remove one of the free calls and add check for valid fcport. Also use function qla2x00_free_fcport() instead of kfree().
{
"affected": [],
"aliases": [
"CVE-2024-26929"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T06:15:07Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix double free of fcport\n\nThe server was crashing after LOGO because fcport was getting freed twice.\n\n -----------[ cut here ]-----------\n kernel BUG at mm/slub.c:371!\n invalid opcode: 0000 1 SMP PTI\n CPU: 35 PID: 4610 Comm: bash Kdump: loaded Tainted: G OE --------- - - 4.18.0-425.3.1.el8.x86_64 #1\n Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021\n RIP: 0010:set_freepointer.part.57+0x0/0x10\n RSP: 0018:ffffb07107027d90 EFLAGS: 00010246\n RAX: ffff9cb7e3150000 RBX: ffff9cb7e332b9c0 RCX: ffff9cb7e3150400\n RDX: 0000000000001f37 RSI: 0000000000000000 RDI: ffff9cb7c0005500\n RBP: fffff693448c5400 R08: 0000000080000000 R09: 0000000000000009\n R10: 0000000000000000 R11: 0000000000132af0 R12: ffff9cb7c0005500\n R13: ffff9cb7e3150000 R14: ffffffffc06990e0 R15: ffff9cb7ea85ea58\n FS: 00007ff6b79c2740(0000) GS:ffff9cb8f7ec0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055b426b7d700 CR3: 0000000169c18002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n kfree+0x238/0x250\n qla2x00_els_dcmd_sp_free+0x20/0x230 [qla2xxx]\n ? qla24xx_els_dcmd_iocb+0x607/0x690 [qla2xxx]\n qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx]\n ? qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx]\n ? kernfs_fop_write+0x11e/0x1a0\n\nRemove one of the free calls and add check for valid fcport. Also use\nfunction qla2x00_free_fcport() instead of kfree().",
"id": "GHSA-3rgg-fv5r-qj8f",
"modified": "2024-06-03T18:55:50Z",
"published": "2024-05-01T06:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26929"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/282877633b25d67021a34169c5b5519b1d4ef65e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/82f522ae0d97119a43da53e0f729275691b9c525"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/846fb9f112f618ec6ae181d8dae7961652574774"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9b43d2884b54d415caab48878b526dfe2ae9921b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b03e626bd6d3f0684f56ee1890d70fc9ca991c04"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f85af9f1aa5e2f53694a6cbe72010f754b5ff862"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3RVP-XPMC-FGRF
Vulnerability from github – Published: 2024-06-11 18:30 – Updated: 2024-06-11 18:30Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-30097"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-11T17:15:58Z",
"severity": "HIGH"
},
"details": "Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability",
"id": "GHSA-3rvp-xpmc-fgrf",
"modified": "2024-06-11T18:30:49Z",
"published": "2024-06-11T18:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30097"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30097"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3V9C-8RH8-VMJ3
Vulnerability from github – Published: 2022-05-24 17:21 – Updated: 2022-05-24 17:21Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130
{
"affected": [],
"aliases": [
"CVE-2019-14091"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-22T07:15:00Z",
"severity": "MODERATE"
},
"details": "Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130",
"id": "GHSA-3v9c-8rh8-vmj3",
"modified": "2022-05-24T17:21:22Z",
"published": "2022-05-24T17:21:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14091"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3VVP-8645-4QMR
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
{
"affected": [],
"aliases": [
"CVE-2018-18751"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-29T12:29:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.",
"id": "GHSA-3vvp-8645-4qmr",
"modified": "2022-05-13T01:16:29Z",
"published": "2022-05-13T01:16:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18751"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3643"
},
{
"type": "WEB",
"url": "https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/doublefree"
},
{
"type": "WEB",
"url": "https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/heapcorruption"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3815-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3815-2"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00061.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00065.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00025.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3X9F-3C9H-X7GJ
Vulnerability from github – Published: 2024-09-10 18:30 – Updated: 2024-09-10 18:30Windows Graphics Component Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-38247"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-10T17:15:29Z",
"severity": "HIGH"
},
"details": "Windows Graphics Component Elevation of Privilege Vulnerability",
"id": "GHSA-3x9f-3c9h-x7gj",
"modified": "2024-09-10T18:30:46Z",
"published": "2024-09-10T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38247"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38247"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3X9F-9PXV-Q52X
Vulnerability from github – Published: 2023-01-06 21:30 – Updated: 2025-04-09 21:30The DUBAI module has a double free vulnerability.Successful exploitation of this vulnerability may affect system availability.
{
"affected": [],
"aliases": [
"CVE-2022-47975"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-06T20:15:00Z",
"severity": "HIGH"
},
"details": "The DUBAI module has a double free vulnerability.Successful exploitation of this vulnerability may affect system availability.",
"id": "GHSA-3x9f-9pxv-q52x",
"modified": "2025-04-09T21:30:35Z",
"published": "2023-01-06T21:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47975"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2023/1"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202302-0000001454769474"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3XQ4-8C55-JFWQ
Vulnerability from github – Published: 2022-07-23 00:00 – Updated: 2022-07-30 00:00io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859
{
"affected": [],
"aliases": [
"CVE-2022-2327"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-22T10:15:00Z",
"severity": "HIGH"
},
"details": "io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859",
"id": "GHSA-3xq4-8c55-jfwq",
"modified": "2022-07-30T00:00:18Z",
"published": "2022-07-23T00:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2327"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=df3f3bb5059d20ef094d6b2f0256c4bf4127a859"
},
{
"type": "WEB",
"url": "https://kernel.dance/#df3f3bb5059d20ef094d6b2f0256c4bf4127a859"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230203-0009"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-42QM-8J3V-68C9
Vulnerability from github – Published: 2025-03-07 18:31 – Updated: 2025-09-23 15:31A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory.
We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later
{
"affected": [],
"aliases": [
"CVE-2024-53698"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-07T17:15:20Z",
"severity": "LOW"
},
"details": "A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later",
"id": "GHSA-42qm-8j3v-68c9",
"modified": "2025-09-23T15:31:08Z",
"published": "2025-03-07T18:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53698"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-24-54"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-43MR-MM46-M2QQ
Vulnerability from github – Published: 2024-02-20 15:31 – Updated: 2024-02-20 15:31A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-38562"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-20T15:15:08Z",
"severity": "HIGH"
},
"details": "A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.",
"id": "GHSA-43mr-mm46-m2qq",
"modified": "2024-02-20T15:31:05Z",
"published": "2024-02-20T15:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38562"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1829"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1829"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-464V-QW54-XXXF
Vulnerability from github – Published: 2021-12-08 00:01 – Updated: 2021-12-09 00:01There is a Incorrect Calculation of Buffer Size vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory crash.
{
"affected": [],
"aliases": [
"CVE-2021-37072"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-07T17:15:00Z",
"severity": "HIGH"
},
"details": "There is a Incorrect Calculation of Buffer Size vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory crash.",
"id": "GHSA-464v-qw54-xxxf",
"modified": "2021-12-09T00:01:34Z",
"published": "2021-12-08T00:01:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37072"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.