CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,392 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 70 of 148
- CVE-2022-50422HIGHCVSS 7.8EG 7.82025-10-01
In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() When executing SMP task failed, the smp_execute_task_sg() calls del_timer() to delete "slow_task->timer". H…
- CVE-2022-50423HIGHCVSS 7.8EG 7.82025-10-01
In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() There is an use-after-free reported by KASAN: BUG: KASAN: use-after-free in acpi_ut_remove_reference…
- CVE-2022-50432HIGHCVSS 7.8EG 7.82025-10-01
In the Linux kernel, the following vulnerability has been resolved: kernfs: fix use-after-free in __kernfs_remove Syzkaller managed to trigger concurrent calls to kernfs_remove_by_name_ns() for the same file resulting in a KASAN detected…
- CVE-2022-50433HIGHCVSS 7.8EG 7.82025-10-01
In the Linux kernel, the following vulnerability has been resolved: efi: ssdt: Don't free memory if ACPI table was loaded successfully Amadeusz reports KASAN use-after-free errors introduced by commit 3881ee0b1edc ("efi: avoid efivars la…
- CVE-2022-50454HIGHCVSS 7.8EG 7.82025-10-01
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On …
- CVE-2022-50488HIGHCVSS 7.8EG 7.82025-10-04
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible uaf for 'bfqq->bic' Our test report a uaf for 'bfqq->bic' in 5.10: ================================================================== BUG: KASA…
- CVE-2022-50492HIGHCVSS 7.8EG 7.82025-10-04
In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix use-after-free on probe deferral The bridge counter was never reset when tearing down the DRM device so that stale pointers to deallocated structures would …
- CVE-2022-50496HIGHCVSS 7.8EG 7.82025-10-04
In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy() Dm_cache also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Therefore, cancelling timer again in destroy().
- CVE-2022-50507HIGHCVSS 7.8EG 7.82025-10-04
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate data run offset This adds sanity checks for data run offset. We should make sure data run offset is legit before trying to unpack them, otherwise we m…
- CVE-2022-50542HIGHCVSS 7.8EG 7.82025-10-07
In the Linux kernel, the following vulnerability has been resolved: media: si470x: Fix use-after-free in si470x_int_in_callback() syzbot reported use-after-free in si470x_int_in_callback() [1]. This indicates that urb->context, which co…
- CVE-2022-50552HIGHCVSS 7.8EG 7.82025-10-07
In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's run_work may be racing with the elevator switch when reinitializing hardware queues. The queue…
- CVE-2023-0030HIGHCVSS 7.8EG 7.82023-03-08
A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges…
- CVE-2023-0128HIGHCVSS 8.8EG 8.82023-01-10
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chro…
- CVE-2023-0134HIGHCVSS 8.8EG 8.82023-01-10
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium secu…
- CVE-2023-0135HIGHCVSS 8.8EG 8.82023-01-10
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium secu…
- CVE-2023-0215HIGHCVSS 7.5EG 7.52023-02-08
The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by en…
- CVE-2023-0240HIGHCVSS 7.8EG 7.82023-01-30
There is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot …
- CVE-2023-0266HIGHCVSS 7.9EG 9.0⚠ KEV2023-01-30
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access f…
- CVE-2023-0358HIGHCVSS 7.8EG 7.82023-01-18
Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.
- CVE-2023-0461HIGHCVSS 7.8EG 7.82023-02-28
There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but t…
- CVE-2023-0468MEDIUMCVSS 4.7EG 4.72023-01-26
A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference.
- CVE-2023-0469MEDIUMCVSS 5.5EG 5.52023-01-26
A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service.
- CVE-2023-0471HIGHCVSS 8.8EG 8.82023-01-30
Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-0472HIGHCVSS 8.8EG 8.82023-01-30
Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-0474HIGHCVSS 8.8EG 8.82023-01-30
Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium)
- CVE-2023-0494HIGHCVSS 7.8EG 7.82023-03-27
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to loca…
- CVE-2023-0590MEDIUMCVSS 4.7EG 4.72023-03-23
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not ap…
- CVE-2023-0699HIGHCVSS 8.8EG 8.82023-02-07
Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium)
- CVE-2023-0799MEDIUMCVSS 6.8EG 5.52023-02-13
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
- CVE-2023-0927HIGHCVSS 8.8EG 8.82023-02-22
Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security se…
- CVE-2023-0928HIGHCVSS 8.8EG 8.82023-02-22
Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-0929HIGHCVSS 8.8EG 8.82023-02-22
Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-0931HIGHCVSS 8.8EG 8.82023-02-22
Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-0932HIGHCVSS 8.8EG 8.82023-02-22
Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium s…
- CVE-2023-0941HIGHCVSS 8.8EG 8.82023-02-22
Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2023-1079MEDIUMCVSS 6.8EG 6.82023-03-27
A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25…
- CVE-2023-1118HIGHCVSS 7.8EG 7.82023-03-02
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the s…
- CVE-2023-1192MEDIUMCVSS 6.5EG 6.52023-11-01
A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it fa…
- CVE-2023-1193MEDIUMCVSS 6.5EG 6.52023-11-01
A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.
- CVE-2023-1194HIGHCVSS 7.1EG 7.12023-11-03
An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due…
- CVE-2023-1195MEDIUMCVSS 5.5EG 5.52023-05-18
A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request.
- CVE-2023-1213HIGHCVSS 8.8EG 8.82023-03-07
Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-1216HIGHCVSS 8.8EG 8.82023-03-07
Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security …
- CVE-2023-1218HIGHCVSS 8.8EG 8.82023-03-07
Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-1227HIGHCVSS 8.8EG 8.82023-03-07
Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium secur…
- CVE-2023-1249MEDIUMCVSS 5.5EG 5.52023-03-23
A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel c…
- CVE-2023-1252HIGHCVSS 7.8EG 7.82023-03-23
A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileg…
- CVE-2023-1281HIGHCVSS 7.8EG 7.82023-03-22
Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()'…
- CVE-2023-1393HIGHCVSS 7.8EG 7.82023-03-30
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in…
- CVE-2023-1476HIGHCVSS 7.0EG 7.02023-11-03
A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially…
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →