CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,398 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 100 of 148
- CVE-2024-49128HIGHCVSS 8.1EG 8.12024-12-12
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
- CVE-2024-49132HIGHCVSS 8.1EG 8.12024-12-12
Windows Remote Desktop Services Remote Code Execution Vulnerability
- CVE-2024-49142HIGHCVSS 7.8EG 7.82024-12-12
Microsoft Access Remote Code Execution Vulnerability
- CVE-2024-4948MEDIUMCVSS 6.5EG 8.82024-05-15
Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-4949MEDIUMCVSS 6.5EG 9.62024-05-15
Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-49526HIGHCVSS 7.8EG 7.82024-11-12
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic…
- CVE-2024-49530HIGHCVSS 7.8EG 7.02024-12-10
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Explo…
- CVE-2024-49570HIGHCVSS 7.8EG 7.82025-02-27
In the Linux kernel, the following vulnerability has been resolved: drm/xe/tracing: Fix a potential TP_printk UAF The commit afd2627f727b ("tracing: Check "%s" dereference via the field and not the TP_printk format") exposes potential UA…
- CVE-2024-49576HIGHCVSS 8.8EG 8.82024-12-18
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory…
- CVE-2024-49848MEDIUMCVSS 6.7EG 6.72025-04-07
Memory corruption while processing multiple IOCTL calls from HLOS to DSP.
- CVE-2024-49852HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() The kref_put() function will call nport->release if the refcount drops to zero. The nport->rele…
- CVE-2024-49854HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for accessing waker_bfqq after splitting After commit 42c306ed7233 ("block, bfq: don't break merge chain in bfq_split_bfqq()"), if the current procre…
- CVE-2024-49855HIGHCVSS 7.0EG 7.02024-10-21
In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbd_requeue_cmd(), normal completion has to be stopped for avoiding to complete thi…
- CVE-2024-49865HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xa_alloc to prevent UAF Evil user can guess the next id of the vm before the ioctl completes and then call vm destroy ioctl to trigger UAF since create i…
- CVE-2024-49867MEDIUMCVSS 5.5EG 5.52024-10-21
In the Linux kernel, the following vulnerability has been resolved: btrfs: wait for fixup workers before stopping cleaner kthread during umount During unmount, at close_ctree(), we have the following steps in this order: 1) Park the cle…
- CVE-2024-49874HIGHCVSS 7.0EG 7.02024-10-21
In the Linux kernel, the following vulnerability has been resolved: i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition In the svc_i3c_master_probe function, &master->hj_work is bound with sv…
- CVE-2024-49876HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: drm/xe: fix UAF around queue destruction We currently do stuff like queuing the final destruction step on a random system wq, which will outlive the driver instance. Wit…
- CVE-2024-49883HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent() As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is reallocated in ext4_ext_create_new_leaf(…
- CVE-2024-49884HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4_split_extent_at() We hit the following use-after-free: ================================================================== BUG: KAS…
- CVE-2024-49889HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid use-after-free in ext4_ext_show_leaf() In ext4_find_extent(), path may be freed by error or be reallocated, so using a previously saved *ppath may have been …
- CVE-2024-49903HIGHCVSS 7.0EG 7.02024-10-21
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uaf in dbFreeBits [syzbot reported] ================================================================== BUG: KASAN: slab-use-after-free in __mutex_lock_common ke…
- CVE-2024-49924HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: fbdev: pxafb: Fix possible use after free in pxafb_task() In the pxafb_probe function, it calls the pxafb_init_fbinfo function, after which &fbi->task is associated with…
- CVE-2024-49925MEDIUMCVSS 5.5EG 5.52024-10-21
In the Linux kernel, the following vulnerability has been resolved: fbdev: efifb: Register sysfs groups through driver core The driver core can register and cleanup sysfs groups already. Make use of that functionality to simplify the err…
- CVE-2024-49936HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: net/xen-netback: prevent UAF in xenvif_flush_hash() During the list_for_each_entry_rcu iteration call of xenvif_flush_hash, kfree_rcu does not exist inside the rcu read …
- CVE-2024-49945MEDIUMCVSS 5.5EG 5.52024-10-21
In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resulting in use-after-free bugs or ker…
- CVE-2024-49950HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2cap_connect [Syzbot reported] BUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 R…
- CVE-2024-49960HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount Syzbot has found an ODEBUG bug in ext4_fill_super The del_timer_sync function cancels the s_err_report timer, which remin…
- CVE-2024-49966HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: ocfs2: cancel dqi_sync_work before freeing oinfo ocfs2_global_read_info() will initialize and schedule dqi_sync_work at the end, if error occurs after successfully readi…
- CVE-2024-49981HIGHCVSS 7.0EG 7.02024-10-21
In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free bug in venus_remove due to race condition in venus_probe, core->work is bound with venus_sys_error_handler, which is used to handle erro…
- CVE-2024-49982HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts") …
- CVE-2024-49986HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors x86_android_tablet_remove() frees the pdevs[] array, so it should not be used …
- CVE-2024-49988MEDIUMCVSS 5.5EG 5.52024-10-21
In the Linux kernel, the following vulnerability has been resolved: ksmbd: add refcnt to ksmbd_conn struct When sending an oplock break request, opinfo->conn is used, But freed ->conn can be used on multichannel. This patch add a referen…
- CVE-2024-49991HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pass pointer reference to amdgpu_bo_unref to clear the correct pointer, otherwise amdgpu_bo_unref clear the loc…
- CVE-2024-49992HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: drm/stm: Avoid use-after-free issues with crtc and plane ltdc_load() calls functions drm_crtc_init_with_planes(), drm_universal_plane_init() and drm_encoder_init(). Thes…
- CVE-2024-50005HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: mac802154: Fix potential RCU dereference issue in mac802154_scan_worker In the `mac802154_scan_worker` function, the `scan_req->type` field was accessed after the RCU re…
- CVE-2024-50027MEDIUMCVSS 5.5EG 5.52024-10-21
In the Linux kernel, the following vulnerability has been resolved: thermal: core: Free tzp copy along with the thermal zone The object pointed to by tz->tzp may still be accessed after being freed in thermal_zone_device_unregister(), so…
- CVE-2024-50029HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync This checks if the ACL connection remains valid as it could be destroyed while hci_enhanced_setup_sync is pending…
- CVE-2024-50030HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: drm/xe/ct: prevent UAF in send_recv() Ensure we serialize with completion side to prevent UAF with fence going out of scope on the stack, since we have no clue if it wil…
- CVE-2024-50043HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix possible badness in FREE_STATEID When multiple FREE_STATEIDs are sent for the same delegation stateid, it can lead to a possible either use-after-free or count…
- CVE-2024-50047HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption (large read) crashes with a slab-use-after-free way down in the crypto API. Reproducer: # mount.c…
- CVE-2024-50051HIGHCVSS 7.8EG 7.82025-01-11
In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Add cancel_work_sync before module remove If we remove the module which will call mpc52xx_spi_remove it will free 'ms' through spi_unregister_controller. w…
- CVE-2024-50059HIGHCVSS 7.0EG 7.02024-10-21
In the Linux kernel, the following vulnerability has been resolved: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition In the switchtec_ntb_add function, it can call switchtec_ntb_init_s…
- CVE-2024-50061HIGHCVSS 7.0EG 7.02024-10-21
In the Linux kernel, the following vulnerability has been resolved: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition In the cdns_i3c_master_probe function, &master->hj_work is bound with…
- CVE-2024-50067HIGHCVSS 7.8EG 7.82024-10-28
In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args Uprobe needs to fetch args into a percpu buffer, and then copy to ring buffer to avoid non-atomic context prob…
- CVE-2024-50073HIGHCVSS 7.8EG 7.82024-10-29
In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux BUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] Read of size 8 at addr …
- CVE-2024-50084MEDIUMCVSS 5.5EG 5.52024-10-29
In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() Commit a3c1e45156ad ("net: microchip: vcap: Fix use-after-free error in kunit test") fixed the …
- CVE-2024-50085MEDIUMCVSS 5.5EG 5.52024-10-29
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow Syzkaller reported this splat: ================================================================== BUG: KAS…
- CVE-2024-50086HIGHCVSS 7.0EG 7.02024-10-29
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix user-after-free from session log off There is racy issue between smb2 session log off and smb2 session setup. It will cause user-after-free from session log o…
- CVE-2024-50106HIGHCVSS 7.0EG 7.02024-11-05
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and free_stateid There is a race between laundromat handling of revoked delegations and a client sending free_stateid operation. Laundr…
- CVE-2024-50114HIGHCVSS 7.8EG 7.82024-11-05
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unregister redistributor for failed vCPU creation Alex reports that syzkaller has managed to trigger a use-after-free when tearing down a VM: BUG: KASAN: …
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →