CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,398 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 102 of 148
- CVE-2024-53218HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix race in concurrent f2fs_stop_gc_thread In my test case, concurrent calls to f2fs shutdown report the following stack trace: Oops: general protection fault, p…
- CVE-2024-53227HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Fix use-after-free in bfad_im_module_exit() BUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20 Read of size 8 at addr ffff8881082d80c8 by task mo…
- CVE-2024-53232MEDIUMCVSS 5.5EG 5.52024-12-27
In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Implement blocking domain This fixes a crash when surprise hot-unplugging a PCI device. This crash happens because during hot-unplug __iommu_group_set_domain…
- CVE-2024-53237HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix use-after-free in device_for_each_child() Syzbot has reported the following KASAN splat: BUG: KASAN: slab-use-after-free in device_for_each_child+0x18f/0…
- CVE-2024-53239HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: Release resources at card release The current 6fire code tries to release the resources right after the call of usb6fire_chip_abort(). But at this moment, …
- CVE-2024-53953HIGHCVSS 7.8EG 7.82024-12-10
Animate versions 23.0.8, 24.0.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic…
- CVE-2024-54030MEDIUMCVSS 4.4EG 4.42025-01-07
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through use after free.
- CVE-2024-54458HIGHCVSS 7.8EG 7.82025-02-27
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: bsg: Set bsg_queue to NULL after removal Currently, this does not cause any issues, but I believe it is necessary to set bsg_queue to NULL after removing it t…
- CVE-2024-54499HIGHCVSS 8.8EG 8.12025-01-27
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted image may lead to arbitrary …
- CVE-2024-5494HIGHCVSS 8.8EG 7.52024-05-30
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-5495HIGHCVSS 8.8EG 7.52024-05-30
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-5496HIGHCVSS 8.8EG 7.52024-05-30
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-5498HIGHCVSS 8.8EG 5.42024-05-30
Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-55549HIGHCVSS 7.8EG 7.82025-03-14
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
- CVE-2024-56171HIGHCVSS 7.8EG 7.82025-02-18
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certa…
- CVE-2024-56434MEDIUMCVSS 4.4EG 4.42025-01-08
UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device.
- CVE-2024-56538HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_kms: Unplug DRM device before removal Prevent userspace accesses to the DRM device from causing use-after-frees by unplugging the device before we remove it.…
- CVE-2024-56541HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup() During ath12k module removal, in ath12k_core_deinit(), ath12k_mac_destroy() un-registers ah->hw from mac80211 …
- CVE-2024-56551HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix usage slab after free [ +0.000021] BUG: KASAN: slab-use-after-free in drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched] [ +0.000027] Read of size 8 at add…
- CVE-2024-56554HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: binder: fix freeze UAF in binder_release_work() When a binder reference is cleaned up, any freeze work queued in the associated process should also be removed. Otherwise…
- CVE-2024-56556HIGHCVSS 7.0EG 7.02024-12-27
In the Linux kernel, the following vulnerability has been resolved: binder: fix node UAF in binder_add_freeze_work() In binder_add_freeze_work() we iterate over the proc->nodes with the proc->inner_lock held. However, this lock is tempor…
- CVE-2024-56558HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: nfsd: make sure exp active before svc_export_show The function `e_show` was called with protection from RCU. This only ensures that `exp` will not be freed. Therefore, t…
- CVE-2024-56561HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy() pci_epc_destroy() invokes pci_bus_release_domain_nr() to release the PCI domain ID, but there are two issue…
- CVE-2024-56581HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: btrfs: ref-verify: fix use-after-free after invalid ref action At btrfs_ref_tree_mod() after we successfully inserted the new ref entry (local variable 'ref') into the r…
- CVE-2024-56582HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free in btrfs_encoded_read_endio() Shinichiro reported the following use-after free that sometimes is happening in our CI system when running fstest…
- CVE-2024-56600HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6_create() sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails …
- CVE-2024-56601HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails late…
- CVE-2024-56602HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() sock_init_data() attaches the allocated sk object to the provided sock object. If ieee802154_c…
- CVE-2024-56603HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: net: af_can: do not leave a dangling sk pointer in can_create() On error can_create() frees the allocated sk object, but sock_init_data() has already attached it to the …
- CVE-2024-56604HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() bt_sock_alloc() attaches allocated sk object to the provided sock object. If rfcomm_dlc_alloc…
- CVE-2024-56605HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() bt_sock_alloc() allocates the sk object and attaches it to the provided sock object. O…
- CVE-2024-56606HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: af_packet: avoid erroring out after sock_init_data() in packet_create() After sock_init_data() the allocated sk object is attached to the provided sock object. On error,…
- CVE-2024-56619HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() Syzbot reported that when searching for records in a directory where the inode's i_size is corrup…
- CVE-2024-56623MEDIUMCVSS 5.5EG 5.52024-12-27
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. There are 2 signals to tell dpc_thread to terminate (UNL…
- CVE-2024-56631HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sg_release() Fix a use-after-free bug in sg_release(), detected by syzbot with KASAN: BUG: KASAN: slab-use-after-free in lock_…
- CVE-2024-56635HIGHCVSS 7.0EG 7.02024-12-27
In the Linux kernel, the following vulnerability has been resolved: net: avoid potential UAF in default_operstate() syzbot reported an UAF in default_operstate() [1] Issue is a race between device and netns dismantles. After calling __…
- CVE-2024-56640HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix LGR and link use-after-free issue We encountered a LGR/link use-after-free issue, which manifested as the LGR/link refcnt reaching 0 early and entering the …
- CVE-2024-56642HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free of kernel socket in cleanup_bearer(). syzkaller reported a use-after-free of UDP kernel socket in cleanup_bearer() without repro. [0][1] When b…
- CVE-2024-56651HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110_can_ist(): fix potential use-after-free The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr during bus-off") removed the reporting o…
- CVE-2024-56652HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: drm/xe/reg_sr: Remove register pool That pool implementation doesn't really work: if the krealloc happens to move the memory and return another address, the entries in t…
- CVE-2024-56653HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: avoid UAF in btmtk_process_coredump hci_devcd_append may lead to the release of the skb, so it cannot be accessed once it is called. =================…
- CVE-2024-56658HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: net: defer final 'struct net' free in netns dismantle Ilya reported a slab-use-after-free in dst_destroy [1] Issue is in xfrm6_net_init() and xfrm4_net_init() : They c…
- CVE-2024-56664HIGHCVSS 7.0EG 7.02024-12-27
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix race between element replace and close() Element replace (with a socket different from the one stored) may race with socket's close() link popping & un…
- CVE-2024-56669HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove cache tags before disabling ATS The current implementation removes cache tags after disabling ATS, leading to potential memory leaks and kernel crashe…
- CVE-2024-56672HIGHCVSS 7.0EG 7.02024-12-27
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix UAF in blkcg_unpin_online() blkcg_unpin_online() walks up the blkcg hierarchy putting the online pin. To walk up, it uses blkcg_parent(blkcg) but it was …
- CVE-2024-56675HIGHCVSS 7.8EG 7.82024-12-27
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors Uprobes always use bpf_prog_run_array_uprobe() under tasks-trace-RCU protection. But it is possible to attac…
- CVE-2024-56678HIGHCVSS 7.8EG 7.82024-12-28
In the Linux kernel, the following vulnerability has been resolved: powerpc/mm/fault: Fix kfence page fault reporting copy_from_kernel_nofault() can be called when doing read of /proc/kcore. /proc/kcore can have some unmapped kfence obje…
- CVE-2024-56693HIGHCVSS 7.8EG 7.82024-12-28
In the Linux kernel, the following vulnerability has been resolved: brd: defer automatic disk creation until module initialization succeeds My colleague Wupeng found the following problems during fault injection: BUG: unable to handle p…
- CVE-2024-56759HIGHCVSS 7.8EG 7.82025-01-06
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when COWing tree bock and tracing is enabled When a COWing a tree block, at btrfs_cow_block(), and we have the tracepoint trace_btrfs_cow_block…
- CVE-2024-56764HIGHCVSS 7.8EG 7.82025-01-06
In the Linux kernel, the following vulnerability has been resolved: ublk: detach gendisk from ublk device if add_disk() fails Inside ublk_abort_requests(), gendisk is grabbed for aborting all inflight requests. And ublk_abort_requests() …
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →