CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-MM6G-9F9F-2M6Q
Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 18:31Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2026-11040"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T23:17:08Z",
"severity": "HIGH"
},
"details": "Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-mm6g-9f9f-2m6q",
"modified": "2026-06-05T18:31:33Z",
"published": "2026-06-05T00:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11040"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/498371085"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MMM9-39XR-FCC3
Vulnerability from github – Published: 2026-06-24 21:30 – Updated: 2026-06-24 21:30Use after free in Digital Credentials in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-13026"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-24T19:17:08Z",
"severity": "HIGH"
},
"details": "Use after free in Digital Credentials in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-mmm9-39xr-fcc3",
"modified": "2026-06-24T21:30:43Z",
"published": "2026-06-24T21:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13026"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/519728279"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MMMM-6M78-44Q2
Vulnerability from github – Published: 2025-10-28 15:30 – Updated: 2025-10-29 15:31Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability affects Firefox < 144.0.2.
{
"affected": [],
"aliases": [
"CVE-2025-12380"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-28T14:15:57Z",
"severity": "CRITICAL"
},
"details": "Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability affects Firefox \u003c 144.0.2.",
"id": "GHSA-mmmm-6m78-44q2",
"modified": "2025-10-29T15:31:53Z",
"published": "2025-10-28T15:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12380"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1993113"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2025-86"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MMMR-M93V-3XQG
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the username property of a TextField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7145.
{
"affected": [],
"aliases": [
"CVE-2018-17695"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-24T04:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the username property of a TextField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7145.",
"id": "GHSA-mmmr-m93v-3xqg",
"modified": "2022-05-13T01:33:50Z",
"published": "2022-05-13T01:33:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17695"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1199"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MMP2-P685-V76H
Vulnerability from github – Published: 2024-09-11 00:30 – Updated: 2024-09-12 15:33In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-23716"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-11T00:15:10Z",
"severity": "HIGH"
},
"details": "In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-mmp2-p685-v76h",
"modified": "2024-09-12T15:33:00Z",
"published": "2024-09-11T00:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23716"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2024-09-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MMQM-WJ2W-F634
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused. An attacker needs to trick the user to open the malicious file to trigger.
{
"affected": [],
"aliases": [
"CVE-2018-3940"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-08T16:29:00Z",
"severity": "HIGH"
},
"details": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software\u0027s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused. An attacker needs to trick the user to open the malicious file to trigger.",
"id": "GHSA-mmqm-wj2w-f634",
"modified": "2022-05-13T01:01:54Z",
"published": "2022-05-13T01:01:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3940"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0607"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041769"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MMQV-H65V-7P4P
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-04 15:30In the Linux kernel, the following vulnerability has been resolved:
block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq
Commit 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'") will access 'bic->bfqq' in bic_set_bfqq(), however, bfq_exit_icq_bfqq() can free bfqq first, and then call bic_set_bfqq(), which will cause uaf.
Fix the problem by moving bfq_exit_bfqq() behind bic_set_bfqq().
{
"affected": [],
"aliases": [
"CVE-2022-50329"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T15:15:45Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq\n\nCommit 64dc8c732f5c (\"block, bfq: fix possible uaf for \u0027bfqq-\u003ebic\u0027\")\nwill access \u0027bic-\u003ebfqq\u0027 in bic_set_bfqq(), however, bfq_exit_icq_bfqq()\ncan free bfqq first, and then call bic_set_bfqq(), which will cause uaf.\n\nFix the problem by moving bfq_exit_bfqq() behind bic_set_bfqq().",
"id": "GHSA-mmqv-h65v-7p4p",
"modified": "2025-12-04T15:30:31Z",
"published": "2025-09-15T15:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50329"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1425f1bb5df5239021fd09ebc2a5e8070e705d36"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1ed959fef5b1c6f1a7a3fbea543698c30ebd6678"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/246cf66e300b76099b5dbd3fdd39e9a5dbc53f02"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7949b0df3dd9f4817ed4a4e989fa9ee81df6205f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cfe5b38c37720313eff0dec5517442c7ab3c9a20"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MMVQ-3RP7-6CW4
Vulnerability from github – Published: 2023-06-01 03:30 – Updated: 2024-05-01 18:30A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.
{
"affected": [],
"aliases": [
"CVE-2023-2598"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-01T01:15:17Z",
"severity": "HIGH"
},
"details": "A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.",
"id": "GHSA-mmvq-3rp7-6cw4",
"modified": "2024-05-01T18:30:34Z",
"published": "2023-06-01T03:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2598"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230703-0006"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2023/05/08/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/04/24/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MMX3-2QHV-F4X6
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-11-24 21:30In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: Fix use after free for wext
Key information in wext.connect is not reset on (re)connect and can hold data from a previous connection.
Reset key data to avoid that drivers or mac80211 incorrectly detect a WEP connection request and access the freed or already reused memory.
Additionally optimize cfg80211_sme_connect() and avoid an useless schedule of conn_work.
{
"affected": [],
"aliases": [
"CVE-2023-53153"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T14:15:37Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: Fix use after free for wext\n\nKey information in wext.connect is not reset on (re)connect and can hold\ndata from a previous connection.\n\nReset key data to avoid that drivers or mac80211 incorrectly detect a\nWEP connection request and access the freed or already reused memory.\n\nAdditionally optimize cfg80211_sme_connect() and avoid an useless\nschedule of conn_work.",
"id": "GHSA-mmx3-2qhv-f4x6",
"modified": "2025-11-24T21:30:57Z",
"published": "2025-09-15T15:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53153"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/015b8cc5e7c4d7bb671f1984d7b7338c310b185b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/22dfb21bf1cd876616d45cda1bc6daa89eec6747"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2cfe78619b0de6d2da773978bc2d22797212eaa7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/66af4a2ab1d65d556d638cb9555a3b823c2557a9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6f1959c17d4cb5b74af6fc31dc787e1dc3e4f6e2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a2a92b3e9d8e03ee3f9ee407fc46a9b4bd02d8b6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f4b6a138efb8a32507b8946104e32cb926308da7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fd081afd21eb35b968b0330700c43ec94986e1c4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MP2P-6W3G-GFX8
Vulnerability from github – Published: 2023-08-10 15:30 – Updated: 2024-04-04 06:48Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2023-38243"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-10T14:15:14Z",
"severity": "MODERATE"
},
"details": "Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-mp2p-6w3g-gfx8",
"modified": "2024-04-04T06:48:16Z",
"published": "2023-08-10T15:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38243"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb23-30.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.