CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,395 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 93 of 148
- CVE-2024-33059MEDIUMCVSS 6.7EG 6.72025-01-06
Memory corruption while processing frame command IOCTL calls.
- CVE-2024-33060HIGHCVSS 8.4EG 8.42024-09-02
Memory corruption when two threads try to map and unmap a single node simultaneously.
- CVE-2024-33068HIGHCVSS 7.5EG 7.52024-11-04
Transient DOS while parsing fragments of MBSSID IE from beacon frame.
- CVE-2024-33069HIGHCVSS 7.5EG 7.52024-10-07
Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.
- CVE-2024-34094HIGHCVSS 7.8EG 7.82024-05-15
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2024-34095HIGHCVSS 7.8EG 7.82024-05-15
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2024-34096HIGHCVSS 7.8EG 7.82024-05-15
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2024-34097HIGHCVSS 7.8EG 7.82024-05-15
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2024-34100HIGHCVSS 7.8EG 7.82024-05-15
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2024-34117HIGHCVSS 7.8EG 7.82024-08-14
Photoshop Desktop versions 24.7.3, 25.9.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in …
- CVE-2024-34161MEDIUMCVSS 5.3EG 5.32024-05-29
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker p…
- CVE-2024-34362MEDIUMCVSS 5.9EG 5.92024-06-04
Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this vulnerability by sending a request with…
- CVE-2024-34747HIGHCVSS 7.8EG 8.42024-11-13
In DevmemXIntMapPages of devicemem_server.c, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interacti…
- CVE-2024-34748HIGHCVSS 8.4EG 8.42025-01-28
In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User intera…
- CVE-2024-3515MEDIUMCVSS 6.5EG 3.72024-04-10
Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-35264HIGHCVSS 8.1EG 8.12024-07-09
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2024-35789HIGHCVSS 7.8EG 7.82024-05-17
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a …
- CVE-2024-35791HIGHCVSS 7.8EG 7.82024-05-17
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Do the cache flush of converted pages in svm_register_enc_region() before dropping kvm->loc…
- CVE-2024-35792HIGHCVSS 7.8EG 7.82024-05-17
In the Linux kernel, the following vulnerability has been resolved: crypto: rk3288 - Fix use after free in unprepare The unprepare call must be carried out before the finalize call as the latter can free the request.
- CVE-2024-35801MEDIUMCVSS 5.5EG 7.82024-05-17
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Commit 672365477ae8 ("x86/fpu: Update XFD state where required") and commit 8bf26758ca96 ("x86/fpu: Add XFD state to fp…
- CVE-2024-35811MEDIUMCVSS 5.5EG 5.52024-05-17
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach This is the candidate patch of CVE-2023-47233 : https://nvd.nist.gov/vuln/detail/CVE-2023-47233 In brcm8…
- CVE-2024-35836MEDIUMCVSS 5.5EG 5.52024-05-17
In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirely freed (other kernel module instance of the same PCI d…
- CVE-2024-35843MEDIUMCVSS 6.8EG 6.82024-05-17
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Use device rbtree in iopf reporting path The existing I/O page fault handler currently locates the PCI device by calling pci_get_domain_bus_and_slot(). This …
- CVE-2024-35853MEDIUMCVSS 6.4EG 6.42024-05-17
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (a…
- CVE-2024-35854HIGHCVSS 8.8EG 8.82024-05-17
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of availa…
- CVE-2024-35855HIGHCVSS 7.8EG 7.82024-05-17
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules an…
- CVE-2024-35861HIGHCVSS 7.8EG 7.82024-05-19
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.
- CVE-2024-35862HIGHCVSS 7.8EG 7.82024-05-19
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_network_name_deleted() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.
- CVE-2024-35863HIGHCVSS 7.8EG 7.82024-05-19
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in is_valid_oplock_break() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.
- CVE-2024-35864HIGHCVSS 7.8EG 7.82024-05-19
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_valid_lease_break() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.
- CVE-2024-35865MEDIUMCVSS 5.5EG 5.52024-05-19
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_valid_oplock_break() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.
- CVE-2024-35866HIGHCVSS 7.8EG 7.82024-05-19
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_dump_full_key() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.
- CVE-2024-35867HIGHCVSS 7.8EG 7.82024-05-19
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_stats_proc_show() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.
- CVE-2024-35868HIGHCVSS 7.8EG 7.82024-05-19
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_stats_proc_write() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.
- CVE-2024-35869HIGHCVSS 8.4EG 8.42024-05-19
In the Linux kernel, the following vulnerability has been resolved: smb: client: guarantee refcounted children from parent session Avoid potential use-after-free bugs when walking DFS referrals, mounting and performing DFS failover by en…
- CVE-2024-35870MEDIUMCVSS 4.4EG 4.42024-05-19
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread tha…
- CVE-2024-35887HIGHCVSS 7.8EG 7.82024-05-19
In the Linux kernel, the following vulnerability has been resolved: ax25: fix use-after-free bugs caused by ax25_ds_del_timer When the ax25 device is detaching, the ax25_dev_device_down() calls ax25_ds_del_timer() to cleanup the slave_ti…
- CVE-2024-35921HIGHCVSS 7.8EG 7.82024-05-19
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix oops when HEVC init fails The stateless HEVC decoder saves the instance pointer in the context regardless if the initialization worked or no…
- CVE-2024-35932HIGHCVSS 7.8EG 7.82024-05-19
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: don't check if plane->state->fb == state->fb Currently, when using non-blocking commits, we can see the following kernel warning: [ 110.908514] ------------[ …
- CVE-2024-35955HIGHCVSS 8.8EG 8.82024-05-20
In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE…
- CVE-2024-35979HIGHCVSS 7.8EG 7.82024-05-20
In the Linux kernel, the following vulnerability has been resolved: raid1: fix use-after-free for original bio in raid1_write_request() r1_bio->bios[] is used to record new bios that will be issued to underlying disks, however, in raid1_…
- CVE-2024-35986MEDIUMCVSS 5.5EG 5.52024-05-20
In the Linux kernel, the following vulnerability has been resolved: phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered The power_supply frame-work is not really designed for there to be long living in kernel refe…
- CVE-2024-36012HIGHCVSS 7.8EG 7.82024-05-23
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: msft: fix slab-use-after-free in msft_do_close() Tying the msft->data lifetime to hdev by freeing it in hci_release_dev() to fix the following case: [use] ms…
- CVE-2024-36013MEDIUMCVSS 6.8EG 6.82024-05-23
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() Extend a critical section to prevent chan from early freeing. Also make the l2cap_connect() return type void…
- CVE-2024-3655HIGHCVSS 7.8EG 7.82024-09-03
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations t…
- CVE-2024-36844HIGHCVSS 7.5EG 7.52024-05-31
libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.
- CVE-2024-36886HIGHCVSS 7.8EG 7.82024-05-30
In the Linux kernel, the following vulnerability has been resolved: tipc: fix UAF in error path Sam Page (sam4k) working with Trend Micro Zero Day Initiative reported a UAF in the tipc_buf_append() error path: BUG: KASAN: slab-use-after…
- CVE-2024-36899HIGHCVSS 7.0EG 7.02024-05-30
In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpio_…
- CVE-2024-36904HIGHCVSS 7.8EG 7.82024-05-30
In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c26…
- CVE-2024-36932MEDIUMCVSS 5.5EG 5.52024-05-30
In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Prevent use-after-free from occurring after cdev removal Since thermal_debug_cdev_remove() does not run under cdev->lock, it can run in parallel with th…
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →