Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-2938-5HF8-58M3

Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2025-11-04 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ima: Fix use-after-free on a dentry's dname.name

->d_name.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->d_lock on dentry, ->d_lock on its parent, ->i_rwsem exclusive on the parent's inode, rename_lock), but none of those are met at any of the sites. Take a stable snapshot of the name instead.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39494"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-12T13:15:12Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix use-after-free on a dentry\u0027s dname.name\n\n-\u003ed_name.name can change on rename and the earlier value can be freed;\nthere are conditions sufficient to stabilize it (-\u003ed_lock on dentry,\n-\u003ed_lock on its parent, -\u003ei_rwsem exclusive on the parent\u0027s inode,\nrename_lock), but none of those are met at any of the sites. Take a stable\nsnapshot of the name instead.",
  "id": "GHSA-2938-5hf8-58m3",
  "modified": "2025-11-04T00:30:51Z",
  "published": "2024-07-12T15:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39494"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b31e28fbd773aefb6164687e0767319b8199829"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/480afcbeb7aaaa22677d3dd48ec590b441eaac1a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7fb374981e31c193b1152ed8d3b0a95b671330d4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a78a6f0da57d058e2009e9958fdcef66f165208c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/be84f32bb2c981ca670922e047cdde1488b233de"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dd431c3ac1fc34a9268580dd59ad3e3c76b32a8c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/edf287bc610b18d7a9c0c0c1cb2e97b9348c71bb"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-294C-HPXH-5QRX

Vulnerability from github – Published: 2023-10-25 21:30 – Updated: 2025-11-04 21:30
VLAI
Details

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-5380"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-25T20:15:18Z",
    "severity": "MODERATE"
  },
  "details": "A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.",
  "id": "GHSA-294c-hpxh-5qrx",
  "modified": "2025-11-04T21:30:46Z",
  "published": "2023-10-25T21:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5380"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5534"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20231130-0004"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-30"
    },
    {
      "type": "WEB",
      "url": "https://lists.x.org/archives/xorg-announce/2023-October/003430.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244736"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-5380"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:3067"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2995"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2298"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2169"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:7428"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2956-GJ54-R9FG

Vulnerability from github – Published: 2024-07-09 18:30 – Updated: 2024-07-09 18:30
VLAI
Details

Windows Graphics Component Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-38085"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-09T17:15:44Z",
    "severity": "HIGH"
  },
  "details": "Windows Graphics Component Elevation of Privilege Vulnerability",
  "id": "GHSA-2956-gj54-r9fg",
  "modified": "2024-07-09T18:30:52Z",
  "published": "2024-07-09T18:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38085"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38085"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-295V-HJGH-6C75

Vulnerability from github – Published: 2023-07-25 21:31 – Updated: 2024-04-04 06:21
VLAI
Details

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-39129"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-25T19:15:11Z",
    "severity": "MODERATE"
  },
  "details": "GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.",
  "id": "GHSA-295v-hjgh-6c75",
  "modified": "2024-04-04T06:21:15Z",
  "published": "2023-07-25T21:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39129"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=30640"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-298C-RVVP-XH7Q

Vulnerability from github – Published: 2024-07-29 15:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: topology: Fix references to freed memory

Most users after parsing a topology file, release memory used by it, so having pointer references directly into topology file contents is wrong. Use devm_kmemdup(), to allocate memory as needed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41069"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-29T15:15:14Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: topology: Fix references to freed memory\n\nMost users after parsing a topology file, release memory used by it, so\nhaving pointer references directly into topology file contents is wrong.\nUse devm_kmemdup(), to allocate memory as needed.",
  "id": "GHSA-298c-rvvp-xh7q",
  "modified": "2025-11-04T00:31:01Z",
  "published": "2024-07-29T15:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41069"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ab5a6208b4d6872b1c6ecea1867940fc668cc76d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b188d7f3dfab10e332e3c1066e18857964a520d2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ccae5c6a1fab9494c86b7856faf05e296c617702"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-29GG-QVJ7-46C7

Vulnerability from github – Published: 2025-06-10 18:32 – Updated: 2025-06-10 18:32
VLAI
Details

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47165"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-10T17:23:36Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.",
  "id": "GHSA-29gg-qvj7-46c7",
  "modified": "2025-06-10T18:32:30Z",
  "published": "2025-06-10T18:32:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47165"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47165"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-29PG-8Q2M-R6XM

Vulnerability from github – Published: 2026-04-29 15:30 – Updated: 2026-06-25 21:31
VLAI
Details

Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption.

The Parse, print, getline, and getline_all methods invoke registered callbacks (for example after_parse, before_print, or on_error) and cache the Perl argument stack pointer across the call. If a callback extends the argument stack enough to trigger a reallocation, the return value is written through the stale pointer into the freed buffer, and the caller reads the original $self argument as the return value instead.

Calling code that expects parsed data from getline_all receives the Text::CSV_XS object in its place, leading to logic errors or crashes. Text::CSV_XS objects used without any registered callbacks are not affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-7111"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-29T15:16:09Z",
    "severity": "HIGH"
  },
  "details": "Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption.\n\nThe Parse, print, getline, and getline_all methods invoke registered callbacks (for example after_parse, before_print, or on_error) and cache the Perl argument stack pointer across the call. If a callback extends the argument stack enough to trigger a reallocation, the return value is written through the stale pointer into the freed buffer, and the caller reads the original $self argument as the return value instead.\n\nCalling code that expects parsed data from getline_all receives the Text::CSV_XS object in its place, leading to logic errors or crashes. Text::CSV_XS objects used without any registered callbacks are not affected.",
  "id": "GHSA-29pg-8q2m-r6xm",
  "modified": "2026-06-25T21:31:18Z",
  "published": "2026-04-29T15:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7111"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cpan-authors/Text-CSV_XS/commit/c17f31a5f2bf36674748eb4b6e25672f0571a224.patch"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00037.html"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/HMBRAND/Text-CSV_XS-1.62/changes"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/29/17"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-29QV-H4J6-WVJ9

Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24
VLAI
Details

Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-1823"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-09-24T19:00:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.",
  "id": "GHSA-29qv-h4j6-wvj9",
  "modified": "2022-05-13T01:24:50Z",
  "published": "2022-05-13T01:24:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1823"
    },
    {
      "type": "WEB",
      "url": "https://bugs.webkit.org/show_bug.cgi?id=43055"
    },
    {
      "type": "WEB",
      "url": "https://bugs.webkit.org/show_bug.cgi?id=44533"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=50250"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4808"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4981"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-29R6-F3MM-4W5F

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-24 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

power: supply: pf1550: Fix use-after-free in power_supply_changed()

Using the devm_ variant for requesting IRQ before the devm_ variant for allocating/registering the power_supply handle, means that the power_supply handle will be deallocated/unregistered before the interrupt handler (since devm_ naturally deallocates in reverse allocation order). This means that during removal, there is a race condition where an interrupt can fire just after the power_supply handle has been freed, but just before the corresponding unregistration of the IRQ handler has run.

This will lead to the IRQ handler calling power_supply_changed() with a freed power_supply handle. Which usually crashes the system or otherwise silently corrupts the memory...

Note that there is a similar situation which can also happen during probe(); the possibility of an interrupt firing before registering the power_supply handle. This would then lead to the nasty situation of using the power_supply handle uninitialized in power_supply_changed().

Fix this racy use-after-free by making sure the IRQ is requested after the registration of the power_supply handle.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45906"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:05Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: pf1550: Fix use-after-free in power_supply_changed()\n\nUsing the `devm_` variant for requesting IRQ _before_ the `devm_`\nvariant for allocating/registering the `power_supply` handle, means that\nthe `power_supply` handle will be deallocated/unregistered _before_ the\ninterrupt handler (since `devm_` naturally deallocates in reverse\nallocation order). This means that during removal, there is a race\ncondition where an interrupt can fire just _after_ the `power_supply`\nhandle has been freed, *but* just _before_ the corresponding\nunregistration of the IRQ handler has run.\n\nThis will lead to the IRQ handler calling `power_supply_changed()` with\na freed `power_supply` handle. Which usually crashes the system or\notherwise silently corrupts the memory...\n\nNote that there is a similar situation which can also happen during\n`probe()`; the possibility of an interrupt firing _before_ registering\nthe `power_supply` handle. This would then lead to the nasty situation\nof using the `power_supply` handle *uninitialized* in\n`power_supply_changed()`.\n\nFix this racy use-after-free by making sure the IRQ is requested _after_\nthe registration of the `power_supply` handle.",
  "id": "GHSA-29r6-f3mm-4w5f",
  "modified": "2026-06-24T18:32:27Z",
  "published": "2026-05-27T15:33:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45906"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1bdefeed904f1f17e1f73a4d8a035515f3a9fad8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/838767f5074700552d3f006d867caed65edc7328"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-29W5-279F-VR72

Vulnerability from github – Published: 2024-05-01 15:30 – Updated: 2026-05-12 12:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work

The workqueue might still be running, when the driver is stopped. To avoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27052"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-01T13:15:50Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work\n\nThe workqueue might still be running, when the driver is stopped. To\navoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop().",
  "id": "GHSA-29w5-279f-vr72",
  "modified": "2026-05-12T12:31:44Z",
  "published": "2024-05-01T15:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27052"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1213acb478a7181cd73eeaf00db430f1e45b1361"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/156012667b85ca7305cb363790d3ae8519a6f41e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3518cea837de4d106efa84ddac18a07b6de1384e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/58fe3bbddfec10c6b216096d8c0e517cd8463e3a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7059cdb69f8e1a2707dd1e2f363348b507ed7707"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ac512507ac89c01ed6cd4ca53032f52cdb23ea59"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dddedfa3b29a63c2ca4336663806a6128b8545b4"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.