CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,395 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 94 of 148
- CVE-2024-36971HIGHCVSS 7.8EG 9.0⚠ KEV2024-06-10
In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules a…
- CVE-2024-36979HIGHCVSS 7.8EG 7.82024-06-19
In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage[1] in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be fr…
- CVE-2024-37004HIGHCVSS 7.8EG 8.82024-06-25
A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current pr…
- CVE-2024-37007HIGHCVSS 7.8EG 7.82024-06-25
A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current …
- CVE-2024-37030HIGHCVSS 8.2EG 8.22024-07-02
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free.
- CVE-2024-37320HIGHCVSS 8.8EG 8.82024-07-09
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
- CVE-2024-3759MEDIUMCVSS 6.5EG 6.52024-05-07
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free.
- CVE-2024-38053HIGHCVSS 8.8EG 8.82024-07-09
Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
- CVE-2024-38059HIGHCVSS 7.8EG 7.82024-07-09
Win32k Elevation of Privilege Vulnerability
- CVE-2024-38066HIGHCVSS 7.8EG 7.82024-07-09
Windows Win32k Elevation of Privilege Vulnerability
- CVE-2024-38078HIGHCVSS 7.5EG 7.52024-07-09
Xbox Wireless Adapter Remote Code Execution Vulnerability
- CVE-2024-38085HIGHCVSS 7.8EG 7.82024-07-09
Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2024-38107HIGHCVSS 7.8EG 9.0⚠ KEV2024-08-13
Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
- CVE-2024-38119HIGHCVSS 7.5EG 7.52024-09-10
Windows Network Address Translation (NAT) Remote Code Execution Vulnerability
- CVE-2024-38136HIGHCVSS 7.0EG 7.02024-08-13
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
- CVE-2024-38137HIGHCVSS 7.0EG 7.02024-08-13
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
- CVE-2024-38138HIGHCVSS 7.5EG 7.52024-08-13
Windows Deployment Services Remote Code Execution Vulnerability
- CVE-2024-38140CRITICALCVSS 9.8EG 9.82024-08-13
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
- CVE-2024-38141HIGHCVSS 7.8EG 7.82024-08-13
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2024-38147HIGHCVSS 7.8EG 7.82024-08-13
Microsoft DWM Core Library Elevation of Privilege Vulnerability
- CVE-2024-38150HIGHCVSS 7.8EG 7.82024-08-13
Windows DWM Core Library Elevation of Privilege Vulnerability
- CVE-2024-38158HIGHCVSS 7.0EG 7.02024-08-13
Azure IoT SDK Remote Code Execution Vulnerability
- CVE-2024-38159CRITICALCVSS 9.1EG 9.12024-08-13
Windows Network Virtualization Remote Code Execution Vulnerability
- CVE-2024-38171HIGHCVSS 7.8EG 7.82024-08-13
Microsoft PowerPoint Remote Code Execution Vulnerability
- CVE-2024-38193HIGHCVSS 7.8EG 9.0⚠ KEV2024-08-13
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2024-38199CRITICALCVSS 9.8EG 9.82024-08-13
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
- CVE-2024-38229HIGHCVSS 8.1EG 8.12024-10-08
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2024-38235MEDIUMCVSS 6.5EG 6.52024-09-10
Windows Hyper-V Denial of Service Vulnerability
- CVE-2024-38248HIGHCVSS 7.0EG 7.02024-09-10
Windows Storage Elevation of Privilege Vulnerability
- CVE-2024-38249HIGHCVSS 7.8EG 7.82024-09-10
Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2024-38252HIGHCVSS 7.8EG 7.82024-09-10
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
- CVE-2024-38253HIGHCVSS 7.8EG 7.82024-09-10
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
- CVE-2024-38259HIGHCVSS 8.8EG 8.82024-09-10
Microsoft Management Console Remote Code Execution Vulnerability
- CVE-2024-3834HIGHCVSS 8.8EG 8.82024-04-17
Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-3837HIGHCVSS 8.8EG 8.82024-04-17
Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-38375MEDIUMCVSS 5.3EG 5.32024-06-26
@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the resu…
- CVE-2024-38385MEDIUMCVSS 5.5EG 5.52024-06-25
In the Linux kernel, the following vulnerability has been resolved: genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() irq_find_at_or_after() dereferences the interrupt descriptor which is returned by mt_find() while neithe…
- CVE-2024-38399HIGHCVSS 8.4EG 8.42024-10-07
Memory corruption while processing user packets to generate page faults.
- CVE-2024-38401HIGHCVSS 7.8EG 7.82024-09-02
Memory corruption while processing concurrent IOCTL calls.
- CVE-2024-38402HIGHCVSS 7.8EG 7.82024-09-02
Memory corruption while processing IOCTL call for getting group info.
- CVE-2024-38411MEDIUMCVSS 6.6EG 6.62025-02-03
Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.
- CVE-2024-38412MEDIUMCVSS 6.6EG 6.62025-02-03
Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors.
- CVE-2024-38415HIGHCVSS 7.8EG 7.82024-11-04
Memory corruption while handling session errors from firmware.
- CVE-2024-38419HIGHCVSS 7.8EG 7.82024-11-04
Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.
- CVE-2024-38421HIGHCVSS 7.8EG 7.82024-11-04
Memory corruption while processing GPU commands.
- CVE-2024-38424HIGHCVSS 7.8EG 7.82024-11-04
Memory corruption during GNSS HAL process initialization.
- CVE-2024-3853HIGHCVSS 7.5EG 7.52024-04-16
A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125.
- CVE-2024-38544MEDIUMCVSS 6.3EG 6.32024-06-19
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt In rxe_comp_queue_pkt() an incoming response packet skb is enqueued to the resp_pkts queue and then a decision is made whet…
- CVE-2024-38545HIGHCVSS 7.8EG 7.82024-06-19
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been releas…
- CVE-2024-38555HIGHCVSS 7.8EG 7.82024-06-19
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal error state. Avoid calling completion h…
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →