Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9813 vulnerabilities reference this CWE, most recent first.

GHSA-M6C8-J9JQ-G4MJ

Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43
VLAI
Details

Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21167"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-09T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-m6c8-j9jq-g4mj",
  "modified": "2022-05-24T17:43:55Z",
  "published": "2022-05-24T17:43:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21167"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1161144"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBT54RKAE5XLMWSHLVUKJ7T2XHHYMXLH"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCIDZ77XUDMB2EBPPWCQXPEIJERDNSNT"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202104-08"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4886"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-M6FV-RJWF-HMJ9

Vulnerability from github – Published: 2023-03-02 18:30 – Updated: 2023-03-14 18:30
VLAI
Details

A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25363"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-02T16:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely.",
  "id": "GHSA-m6fv-rjwf-hmj9",
  "modified": "2023-03-14T18:30:22Z",
  "published": "2023-03-02T18:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25363"
    },
    {
      "type": "WEB",
      "url": "https://bugs.webkit.org/show_bug.cgi?id=242684"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-32"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/04/21/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6FX-RQ2W-98MR

Vulnerability from github – Published: 2024-01-26 03:30 – Updated: 2024-01-26 03:30
VLAI
Details

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21385"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-26T01:15:10Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability",
  "id": "GHSA-m6fx-rq2w-98mr",
  "modified": "2024-01-26T03:30:19Z",
  "published": "2024-01-26T03:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21385"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21385"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6G2-MPP7-VR6R

Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-04-02 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: pm8001: Fix use-after-free in pm8001_queue_command()

Commit e29c47fe8946 ("scsi: pm8001: Simplify pm8001_task_exec()") refactors pm8001_queue_command(), however it introduces a potential cause of a double free scenario when it changes the function to return -ENODEV in case of phy down/device gone state.

In this path, pm8001_queue_command() updates task status and calls task_done to indicate to upper layer that the task has been handled. However, this also frees the underlying SAS task. A -ENODEV is then returned to the caller. When libsas sas_ata_qc_issue() receives this error value, it assumes the task wasn't handled/queued by LLDD and proceeds to clean up and free the task again, resulting in a double free.

Since pm8001_queue_command() handles the SAS task in this case, it should return 0 to the caller indicating that the task has been handled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23306"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T11:16:26Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free in pm8001_queue_command()\n\nCommit e29c47fe8946 (\"scsi: pm8001: Simplify pm8001_task_exec()\") refactors\npm8001_queue_command(), however it introduces a potential cause of a double\nfree scenario when it changes the function to return -ENODEV in case of phy\ndown/device gone state.\n\nIn this path, pm8001_queue_command() updates task status and calls\ntask_done to indicate to upper layer that the task has been handled.\nHowever, this also frees the underlying SAS task. A -ENODEV is then\nreturned to the caller. When libsas sas_ata_qc_issue() receives this error\nvalue, it assumes the task wasn\u0027t handled/queued by LLDD and proceeds to\nclean up and free the task again, resulting in a double free.\n\nSince pm8001_queue_command() handles the SAS task in this case, it should\nreturn 0 to the caller indicating that the task has been handled.",
  "id": "GHSA-m6g2-mpp7-vr6r",
  "modified": "2026-04-02T15:31:36Z",
  "published": "2026-03-25T12:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23306"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/227ff4af00abc40b95123cc27ee8079069dcd8d7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/38353c26db28efd984f51d426eac2396d299cca7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/824a7672e3540962d5c77d4c6666254d7aa6f0b3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8b00427317ba7b7ec91252b034009f638d0f311b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c5dc39f8ae055520fd778b7fb0423f11586f15c4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ebbb852ffbc952b95ddb7e3872b67b3e74c6da47"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6J5-5GGV-5F8W

Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53
VLAI
Details

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-12776"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-20T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
  "id": "GHSA-m6j5-5ggv-5f8w",
  "modified": "2022-05-14T00:53:02Z",
  "published": "2022-05-14T00:53:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12776"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104701"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041250"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6MV-2CMV-2VPR

Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43
VLAI
Details

A use after free issue has been identified in Fatek FvDesigner Version 1.5.76 and prior in the way the application processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22662"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-03T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use after free issue has been identified in Fatek FvDesigner Version 1.5.76 and prior in the way the application processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.",
  "id": "GHSA-m6mv-2cmv-2vpr",
  "modified": "2022-05-24T17:43:33Z",
  "published": "2022-05-24T17:43:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22662"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-M6QC-GQ4X-8CQ4

Vulnerability from github – Published: 2021-12-07 00:00 – Updated: 2022-03-17 00:06
VLAI
Details

vim is vulnerable to Use After Free

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-4069"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-06T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "vim is vulnerable to Use After Free",
  "id": "GHSA-m6qc-gq4x-8cq4",
  "modified": "2022-03-17T00:06:41Z",
  "published": "2021-12-07T00:00:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4069"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYB2LLNUFJUKJJ5HYCZ6MV3Z6YX3U5BN"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-32"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6R7-J99R-J8CP

Vulnerability from github – Published: 2023-08-02 00:30 – Updated: 2024-01-31 18:31
VLAI
Details

Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3727"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-01T23:15:31Z",
    "severity": "HIGH"
  },
  "details": "Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-m6r7-j99r-j8cp",
  "modified": "2024-01-31T18:31:17Z",
  "published": "2023-08-02T00:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3727"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1454086"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-34"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6WG-2MWG-4RFQ

Vulnerability from github – Published: 2021-05-18 15:29 – Updated: 2023-02-14 00:12
VLAI
Summary
GPGME Go wrapper contains Use After Free
Details

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/proglottis/gpgme"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-8945"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-17T22:00:21Z",
    "nvd_published_at": "2020-02-12T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.",
  "id": "GHSA-m6wg-2mwg-4rfq",
  "modified": "2023-02-14T00:12:15Z",
  "published": "2021-05-18T15:29:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8945"
    },
    {
      "type": "WEB",
      "url": "https://github.com/proglottis/gpgme/pull/23"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0679"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0689"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0697"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/proglottis/gpgme"
    },
    {
      "type": "WEB",
      "url": "https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H6P6SSNKN4H6GSEVROHBDXA64PX7EOED"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDBT77KV3U7BESJX3P4S4MPVDGRTAQA2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXV7NZELYWRRCXATXU3FYD3G3WJT3WYM"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2021-0096"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "GPGME Go wrapper contains Use After Free"
}

GHSA-M6WX-5X43-45RQ

Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2026-05-12 12:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts

This patch is against CVE-2023-6270. The description of cve is:

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on struct net_device, and a use-after-free can be triggered by racing between the free on the struct and the access through the skbtxq global queue. This could lead to a denial of service condition or potential code execution.

In aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial code is finished. But the net_device ifp will still be used in later tx()->dev_queue_xmit() in kthread. Which means that the dev_put(ifp) should NOT be called in the success path of skb initial code in aoecmd_cfg_pkts(). Otherwise tx() may run into use-after-free because the net_device is freed.

This patch removed the dev_put(ifp) in the success path in aoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26898"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-17T11:15:10Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: fix the potential use-after-free problem in aoecmd_cfg_pkts\n\nThis patch is against CVE-2023-6270. The description of cve is:\n\n  A flaw was found in the ATA over Ethernet (AoE) driver in the Linux\n  kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on\n  `struct net_device`, and a use-after-free can be triggered by racing\n  between the free on the struct and the access through the `skbtxq`\n  global queue. This could lead to a denial of service condition or\n  potential code execution.\n\nIn aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial\ncode is finished. But the net_device ifp will still be used in\nlater tx()-\u003edev_queue_xmit() in kthread. Which means that the\ndev_put(ifp) should NOT be called in the success path of skb\ninitial code in aoecmd_cfg_pkts(). Otherwise tx() may run into\nuse-after-free because the net_device is freed.\n\nThis patch removed the dev_put(ifp) in the success path in\naoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx().",
  "id": "GHSA-m6wx-5x43-45rq",
  "modified": "2026-05-12T12:31:39Z",
  "published": "2024-04-17T12:32:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26898"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/079cba4f4e307c69878226fdf5228c20aa1c969c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1a54aa506b3b2f31496731039e49778f54eee881"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/74ca3ef68d2f449bc848c0a814cefc487bf755fa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a16fbb80064634b254520a46395e36b87ca4731e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ad80c34944d7175fa1f5c7a55066020002921a99"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb48680b0255a9e8a9bdc93d6a55b11c31262e62"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f98364e926626c678fb4b9004b75cacf92ff0662"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/faf0b4c5e00bb680e8e43ac936df24d3f48c8e65"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.