CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-26C6-8J4F-JWQH
Vulnerability from github – Published: 2022-04-14 00:00 – Updated: 2022-04-21 00:00A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.
{
"affected": [],
"aliases": [
"CVE-2022-1280"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-13T18:15:00Z",
"severity": "MODERATE"
},
"details": "A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.",
"id": "GHSA-26c6-8j4f-jwqh",
"modified": "2022-04-21T00:00:39Z",
"published": "2022-04-14T00:00:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1280"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071022"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2022/04/12/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26CR-CCPQ-MR63
Vulnerability from github – Published: 2023-02-27 00:30 – Updated: 2024-03-25 03:31In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c.
{
"affected": [],
"aliases": [
"CVE-2023-26606"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-26T23:15:00Z",
"severity": "HIGH"
},
"details": "In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c.",
"id": "GHSA-26cr-ccpq-mr63",
"modified": "2024-03-25T03:31:43Z",
"published": "2023-02-27T00:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26606"
},
{
"type": "WEB",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=557d19675a470bb0a98beccec38c5dc3735c20fa"
},
{
"type": "WEB",
"url": "https://lkml.org/lkml/2023/2/20/860"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230316-0010"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26F4-FCJC-C6C3
Vulnerability from github – Published: 2025-06-26 21:31 – Updated: 2025-06-26 21:31PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26536.
{
"affected": [],
"aliases": [
"CVE-2025-6644"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-25T22:15:21Z",
"severity": "HIGH"
},
"details": "PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26536.",
"id": "GHSA-26f4-fcjc-c6c3",
"modified": "2025-06-26T21:31:14Z",
"published": "2025-06-26T21:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6644"
},
{
"type": "WEB",
"url": "https://www.pdf-xchange.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-429"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26G6-GMVF-M8XM
Vulnerability from github – Published: 2022-05-24 17:02 – Updated: 2022-10-31 19:00In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.
{
"affected": [],
"aliases": [
"CVE-2019-19524"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-03T16:15:00Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.",
"id": "GHSA-26g6-gmvf-m8xm",
"modified": "2022-10-31T19:00:32Z",
"published": "2022-05-24T17:02:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19524"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.12"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa3a5a1880c91bb92594ad42dfe9eedad7996b86"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2020/Jan/10"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4225-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4225-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4226-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4227-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4227-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4228-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4228-2"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26HQ-7M9G-65CF
Vulnerability from github – Published: 2022-05-14 01:27 – Updated: 2022-05-14 01:27Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
{
"affected": [],
"aliases": [
"CVE-2018-4932"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-19T17:29:00Z",
"severity": "HIGH"
},
"details": "Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
"id": "GHSA-26hq-7m9g-65cf",
"modified": "2022-05-14T01:27:35Z",
"published": "2022-05-14T01:27:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4932"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1119"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201804-11"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103708"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040648"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26P5-HQ43-Q649
Vulnerability from github – Published: 2024-01-19 18:30 – Updated: 2024-01-25 15:31A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution.
{
"affected": [],
"aliases": [
"CVE-2024-22915"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-19T18:15:08Z",
"severity": "HIGH"
},
"details": "A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution.",
"id": "GHSA-26p5-hq43-q649",
"modified": "2024-01-25T15:31:52Z",
"published": "2024-01-19T18:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22915"
},
{
"type": "WEB",
"url": "https://github.com/matthiaskramm/swftools/issues/215"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26PQ-GVCV-RC9V
Vulnerability from github – Published: 2025-10-24 21:31 – Updated: 2025-10-24 21:31In the Linux kernel, the following vulnerability has been resolved:
tty: goldfish: Fix free_irq() on remove
Pass the correct dev_id to free_irq() to fix this splat when the driver is unbound:
WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irq Trying to free already-free IRQ 65 Call Trace: warn_slowpath_fmt free_irq goldfish_tty_remove platform_remove device_remove device_release_driver_internal device_driver_detach unbind_store drv_attr_store ...
{
"affected": [],
"aliases": [
"CVE-2022-49724"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:48Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: goldfish: Fix free_irq() on remove\n\nPass the correct dev_id to free_irq() to fix this splat when the driver\nis unbound:\n\n WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irq\n Trying to free already-free IRQ 65\n Call Trace:\n warn_slowpath_fmt\n free_irq\n goldfish_tty_remove\n platform_remove\n device_remove\n device_release_driver_internal\n device_driver_detach\n unbind_store\n drv_attr_store\n ...",
"id": "GHSA-26pq-gvcv-rc9v",
"modified": "2025-10-24T21:31:09Z",
"published": "2025-10-24T21:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49724"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/499e13aac6c762e1e828172b0f0f5275651d6512"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/65ca4db68b6819244df9024aea4be55edf8af1ef"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a6fcd7ffd76a9c1d998a2d02d518c78a55c5bed8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c4b0b8edccb0cfb15a8cecf4161e0571d3daac64"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c83a1d40dc624070a203eb383ef9fb60eb634136"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7183c76d500324b8b5bd0af5e663cfa57b7b836"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fb15e79cacddfbc62264e6e807bde50ad688e988"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26PV-M6P4-24P9
Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:32Tungsten Automation Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XPS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24464.
{
"affected": [],
"aliases": [
"CVE-2024-9748"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-22T21:15:28Z",
"severity": "HIGH"
},
"details": "Tungsten Automation Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24464.",
"id": "GHSA-26pv-m6p4-24p9",
"modified": "2024-11-22T21:32:20Z",
"published": "2024-11-22T21:32:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9748"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1339"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26RF-29MW-GF9H
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-16 15:33In the Linux kernel, the following vulnerability has been resolved:
of: unittest: fix use-after-free in testdrv_probe()
The function testdrv_probe() retrieves the device_node from the PCI device, applies an overlay, and then immediately calls of_node_put(dn). This releases the reference held by the PCI core, potentially freeing the node if the reference count drops to zero. Later, the same freed pointer 'dn' is passed to of_platform_default_populate(), leading to a use-after-free.
The reference to pdev->dev.of_node is owned by the device model and should not be released by the driver. Remove the erroneous of_node_put() to prevent premature freeing.
{
"affected": [],
"aliases": [
"CVE-2026-45989"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:16Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: unittest: fix use-after-free in testdrv_probe()\n\nThe function testdrv_probe() retrieves the device_node from the PCI\ndevice, applies an overlay, and then immediately calls of_node_put(dn).\nThis releases the reference held by the PCI core, potentially freeing\nthe node if the reference count drops to zero. Later, the same freed\npointer \u0027dn\u0027 is passed to of_platform_default_populate(), leading to a\nuse-after-free.\n\nThe reference to pdev-\u003edev.of_node is owned by the device model and\nshould not be released by the driver. Remove the erroneous of_node_put()\nto prevent premature freeing.",
"id": "GHSA-26rf-29mw-gf9h",
"modified": "2026-06-16T15:33:39Z",
"published": "2026-05-27T15:33:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45989"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/07fd339b2c253205794bea5d9b4b7548a4546c56"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0ba03e06f037df704d9b032e36d417633e2326bc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5b6122a67a295f8a08b7c18d908a1bd974dfaec8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6b2023286d2c6ed3bf964fb92e34c9c14d42eb69"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d68347b07b9801791c9eaab8f772770b52b8cd5c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26V4-WJ6C-25PG
Vulnerability from github – Published: 2022-05-14 01:14 – Updated: 2022-05-14 01:14In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.
{
"affected": [],
"aliases": [
"CVE-2018-9517"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-07T23:29:00Z",
"severity": "HIGH"
},
"details": "In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.",
"id": "GHSA-26v4-wj6c-25pg",
"modified": "2022-05-14T01:14:00Z",
"published": "2022-05-14T01:14:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9517"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2018-09-01"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3932-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3932-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.