CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,398 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 109 of 148
- CVE-2025-21928HIGHCVSS 7.8EG 7.82025-04-01
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() The system can experience a random crash a few minutes after the driver is removed. This issue occurs …
- CVE-2025-21929HIGHCVSS 7.8EG 7.82025-04-01
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() During the `rmmod` operation for the `intel_ishtp_hid` driver, a use-after-free issue can occur in …
- CVE-2025-21934HIGHCVSS 7.8EG 7.82025-04-01
In the Linux kernel, the following vulnerability has been resolved: rapidio: fix an API misues when rio_add_net() fails rio_add_net() calls device_register() and fails when device_register() fails. Thus, put_device() should be used rath…
- CVE-2025-21945HIGHCVSS 7.8EG 7.82025-04-01
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2_lock If smb_lock->zero_len has value, ->llist of smb_lock is not delete and flock is old one. It will cause use-after-free on error han…
- CVE-2025-21967HIGHCVSS 7.8EG 7.82025-04-01
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_free_work_struct ->interim_entry of ksmbd_work could be deleted after oplock is freed. We don't need to manage it with linked list. Th…
- CVE-2025-21968HIGHCVSS 7.8EG 7.82025-04-01
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free on hdcp_work [Why] A slab-use-after-free is reported when HDCP is destroyed but the property_validate_dwork queue is still runni…
- CVE-2025-21969HIGHCVSS 7.8EG 7.82025-04-01
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd After the hci sync command releases l2cap_conn, the hci receive data work queue references the released …
- CVE-2025-21979HIGHCVSS 7.8EG 7.82025-04-01
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel wiphy_work before freeing wiphy A wiphy_work can be queued from the moment the wiphy is allocated and initialized (i.e. wiphy_new_nm). When a wiph…
- CVE-2025-21999HIGHCVSS 7.8EG 7.82025-04-03
In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don't belong to /proc, it belongs to a modul…
- CVE-2025-22004HIGHCVSS 7.8EG 7.82025-04-03
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a use after free.
- CVE-2025-22020HIGHCVSS 7.8EG 7.82025-04-16
In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ===============================================================…
- CVE-2025-22023HIGHCVSS 7.8EG 7.82025-04-16
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Don't skip on Stopped - Length Invalid Up until commit d56b0b2ab142 ("usb: xhci: ensure skipped isoc TDs are returned when isoc ring is stopped") in v6.11, th…
- CVE-2025-22024MEDIUMCVSS 5.5EG 5.52025-04-16
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix management of listener transports Currently, when no active threads are running, a root user using nfsdctl command can try to remove a particular listener from…
- CVE-2025-22035HIGHCVSS 7.8EG 7.82025-04-16
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix use-after-free in print_graph_function_flags during tracer switching Kairui reported a UAF issue in print_graph_function_flags() during ftrace stress testin…
- CVE-2025-22036HIGHCVSS 7.0EG 7.02025-04-16
In the Linux kernel, the following vulnerability has been resolved: exfat: fix random stack corruption after get_block When get_block is called with a buffer_head allocated on the stack, such as do_mpage_readpage, stack corruption due to…
- CVE-2025-22040HIGHCVSS 8.8EG 7.82025-04-16
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbd_sessions_deregister. The session can be freed befo…
- CVE-2025-22041HIGHCVSS 8.8EG 7.82025-04-16
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode, UAF issue can occur in session_deregister when the second channel sets up a session throug…
- CVE-2025-22068HIGHCVSS 7.8EG 7.82025-04-16
In the Linux kernel, the following vulnerability has been resolved: ublk: make sure ubq->canceling is set when queue is frozen Now ublk driver depends on `ubq->canceling` for deciding if the request can be dispatched via uring_cmd & io_u…
- CVE-2025-22083HIGHCVSS 7.8EG 7.82025-04-16
In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint If vhost_scsi_set_endpoint is called multiple times without a vhost_scsi_clear_endpoint between the…
- CVE-2025-22085HIGHCVSS 7.8EG 7.82025-04-16
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace: =============================================…
- CVE-2025-22088HIGHCVSS 7.8EG 7.82025-04-16
In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cau…
- CVE-2025-22097HIGHCVSS 7.8EG 7.82025-04-16
In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If the driver initialization fails, the vkms_exit() function might access an uninitialized or freed default_co…
- CVE-2025-22126HIGHCVSS 7.8EG 7.82025-04-16
In the Linux kernel, the following vulnerability has been resolved: md: fix mddev uaf while iterating all_mddevs list While iterating all_mddevs list from md_notify_reboot() and md_exit(), list_for_each_entry_safe is used, and this can r…
- CVE-2025-22403CRITICALCVSS 9.8EG 9.82025-08-26
In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not …
- CVE-2025-22404HIGHCVSS 8.4EG 8.42025-08-26
In avct_lcb_msg_ind of avct_lcb_act.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not nee…
- CVE-2025-22405HIGHCVSS 8.4EG 8.42025-08-26
In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat…
- CVE-2025-22406HIGHCVSS 8.4EG 8.42025-08-26
In bnepu_check_send_packet of bnep_utils.cc, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no…
- CVE-2025-22407MEDIUMCVSS 5.5EG 5.52025-08-26
In hidd_check_config_done of hidd_conn.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not n…
- CVE-2025-22408CRITICALCVSS 9.8EG 9.82025-08-26
In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for e…
- CVE-2025-22409HIGHCVSS 8.4EG 8.42025-08-26
In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ne…
- CVE-2025-22410HIGHCVSS 8.4EG 8.42025-08-26
In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat…
- CVE-2025-22411HIGHCVSS 8.8EG 8.82025-08-26
In process_service_attr_rsp of sdp_discovery.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interac…
- CVE-2025-22412HIGHCVSS 8.8EG 8.82025-08-26
In multiple functions of sdp_server.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is n…
- CVE-2025-22438HIGHCVSS 7.8EG 7.82025-09-02
In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitatio…
- CVE-2025-23098HIGHCVSS 7.8EG 7.82025-06-03
An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380. A Use-After-Free in the mobile processor leads to privilege escalation.
- CVE-2025-23101MEDIUMCVSS 6.5EG 6.52025-06-04
An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation.
- CVE-2025-23104MEDIUMCVSS 6.5EG 6.52025-06-02
An issue was discovered in Samsung Mobile Processor Exynos 2200. A Use-After-Free in the mobile processor leads to privilege escalation.
- CVE-2025-23106MEDIUMCVSS 6.5EG 6.52025-06-04
An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
- CVE-2025-23115CRITICALCVSS 9.0EG 9.02025-03-01
A Use After Free vulnerability on UniFi Protect Cameras could allow a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras management network.
- CVE-2025-23142HIGHCVSS 7.8EG 7.82025-05-01
In the Linux kernel, the following vulnerability has been resolved: sctp: detect and prevent references to a freed transport in sendmsg sctp_sendmsg() re-uses associations and transports when possible by doing a lookup based on the socke…
- CVE-2025-23280HIGHCVSS 7.0EG 7.02025-10-10
NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, …
- CVE-2025-23281HIGHCVSS 7.0EG 7.02025-08-02
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. A successful exploit of this vulnerability might…
- CVE-2025-23402HIGHCVSS 7.8EG 7.82025-03-11
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualiza…
- CVE-2025-23409LOWCVSS 3.8EG 3.82025-03-04
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.
- CVE-2025-23414LOWCVSS 3.8EG 3.82025-03-04
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.
- CVE-2025-24044HIGHCVSS 7.8EG 7.82025-03-11
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
- CVE-2025-24046HIGHCVSS 7.8EG 7.82025-03-11
Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-24064HIGHCVSS 8.1EG 8.12025-03-11
Use after free in DNS Server allows an unauthorized attacker to execute code over a network.
- CVE-2025-24072HIGHCVSS 7.8EG 7.82025-03-11
Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.
- CVE-2025-24077HIGHCVSS 7.8EG 7.82025-03-11
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →