CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,387 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 55 of 148
- CVE-2022-1919HIGHCVSS 8.8EG 8.82022-07-28
Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1934HIGHCVSS 7.8EG 7.82022-05-31
Use After Free in GitHub repository mruby/mruby prior to 3.2.
- CVE-2022-1968HIGHCVSS 7.8EG 7.82022-06-02
Use After Free in GitHub repository vim/vim prior to 8.2.
- CVE-2022-1973HIGHCVSS 7.1EG 7.12022-08-05
A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.
- CVE-2022-1974MEDIUMCVSS 4.1EG 4.12022-08-31
A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.
- CVE-2022-1976HIGHCVSS 7.8EG 7.82022-08-31
A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to m…
- CVE-2022-1998HIGHCVSS 7.8EG 7.82022-06-09
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially …
- CVE-2022-20031HIGHCVSS 7.8EG 7.82022-02-09
In fb driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05…
- CVE-2022-20035MEDIUMCVSS 4.4EG 4.42022-02-09
In vcu driver, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS061…
- CVE-2022-20044HIGHCVSS 7.8EG 7.82022-02-09
In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS061268…
- CVE-2022-20045HIGHCVSS 7.8EG 7.82022-02-09
In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS061268…
- CVE-2022-20052MEDIUMCVSS 6.5EG 6.52022-04-11
In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS05836642; Issue ID:…
- CVE-2022-20062MEDIUMCVSS 6.7EG 6.72022-04-11
In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836418; Issue …
- CVE-2022-2007HIGHCVSS 8.8EG 8.82022-07-28
Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-20090MEDIUMCVSS 6.4EG 6.42022-05-03
In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209197; I…
- CVE-2022-20091MEDIUMCVSS 6.4EG 6.42022-05-03
In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; I…
- CVE-2022-20109HIGHCVSS 7.8EG 7.82022-05-03
In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I…
- CVE-2022-2011HIGHCVSS 8.8EG 8.82022-07-28
Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-20118HIGHCVSS 7.0EG 7.02022-05-10
In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ex…
- CVE-2022-20122CRITICALCVSS 9.8EG 9.82022-08-24
The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges required and this results in kernel memory corruption.Prod…
- CVE-2022-20141HIGHCVSS 7.0EG 7.82022-06-15
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interacti…
- CVE-2022-20153MEDIUMCVSS 6.7EG 6.72022-06-15
In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed fo…
- CVE-2022-20158MEDIUMCVSS 6.7EG 6.72022-08-11
In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exp…
- CVE-2022-20185MEDIUMCVSS 6.7EG 6.72022-06-15
In TBD of TBD, there is a possible use after free bug. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroi…
- CVE-2022-20228MEDIUMCVSS 6.5EG 6.52022-07-13
In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for e…
- CVE-2022-20306MEDIUMCVSS 6.7EG 6.72022-08-12
In Camera Provider HAL, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: Andro…
- CVE-2022-20325HIGHCVSS 7.8EG 7.82022-08-12
In Media, there is a possible code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions…
- CVE-2022-20372MEDIUMCVSS 6.7EG 6.72022-08-11
In exynos5_i2c_irq of (TBD), there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product…
- CVE-2022-20376MEDIUMCVSS 6.7EG 6.72022-08-11
In trusty_log_seq_start of trusty-log.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.…
- CVE-2022-20379MEDIUMCVSS 6.7EG 6.72022-08-11
In lwis_buffer_alloc of lwis_buffer.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for explo…
- CVE-2022-20409MEDIUMCVSS 6.7EG 6.72022-10-11
In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.…
- CVE-2022-2042HIGHCVSS 7.8EG 9.82022-06-10
Use After Free in GitHub repository vim/vim prior to 8.2.
- CVE-2022-20421HIGHCVSS 7.8EG 7.82022-10-11
In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for …
- CVE-2022-20447MEDIUMCVSS 6.5EG 6.52022-11-08
In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed f…
- CVE-2022-20496MEDIUMCVSS 5.5EG 5.52022-12-13
In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…
- CVE-2022-20502MEDIUMCVSS 5.5EG 5.52022-12-13
In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exp…
- CVE-2022-20514MEDIUMCVSS 6.7EG 6.72022-12-16
In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator of Idmap2Service.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege w…
- CVE-2022-20524HIGHCVSS 7.8EG 7.82022-12-16
In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat…
- CVE-2022-20540HIGHCVSS 7.8EG 7.82022-12-16
In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n…
- CVE-2022-20552MEDIUMCVSS 5.5EG 5.52022-12-16
In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not n…
- CVE-2022-20554MEDIUMCVSS 6.7EG 6.72022-12-16
In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Pro…
- CVE-2022-20561HIGHCVSS 7.8EG 7.82022-12-16
In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Pro…
- CVE-2022-20566HIGHCVSS 7.8EG 7.82022-12-16
In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.P…
- CVE-2022-20568HIGHCVSS 7.8EG 7.82022-12-16
In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.P…
- CVE-2022-20571MEDIUMCVSS 6.7EG 6.72022-12-16
In extract_metadata of dm-android-verity.c, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed …
- CVE-2022-20581MEDIUMCVSS 6.7EG 6.72022-12-16
In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Prod…
- CVE-2022-21504MEDIUMCVSS 5.5EG 6.52022-06-14
The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of the ker…
- CVE-2022-21540MEDIUMCVSS 5.3EG 5.32022-07-19
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Ent…
- CVE-2022-2156HIGHCVSS 8.8EG 8.82022-07-28
Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-2157HIGHCVSS 8.8EG 8.82022-07-28
Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →