CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,396 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 97 of 148
- CVE-2024-43057HIGHCVSS 7.8EG 7.82025-03-03
Memory corruption while processing command in Glink linux.
- CVE-2024-43059HIGHCVSS 7.8EG 7.82025-03-03
Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.
- CVE-2024-43061HIGHCVSS 7.8EG 7.82025-03-03
Memory corruption during voice activation, when sound model parameters are loaded from HLOS, and the received sound model list is empty in HLOS drive.
- CVE-2024-43062HIGHCVSS 7.8EG 7.82025-03-03
Memory corruption caused by missing locks and checks on the DMA fence and improper synchronization.
- CVE-2024-43066HIGHCVSS 7.8EG 7.82025-04-07
Memory corruption while handling file descriptor during listener registration/de-registration.
- CVE-2024-43102CRITICALCVSS 10.0EG 9.82024-09-05
Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be fre…
- CVE-2024-4331HIGHCVSS 8.8EG 7.52024-05-01
Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-43374MEDIUMCVSS 4.7EG 4.52024-08-16
The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened i…
- CVE-2024-43459HIGHCVSS 8.8EG 8.82024-11-12
SQL Server Native Client Remote Code Execution Vulnerability
- CVE-2024-43463HIGHCVSS 7.8EG 7.82024-09-10
Microsoft Office Visio Remote Code Execution Vulnerability
- CVE-2024-43465HIGHCVSS 7.8EG 7.82024-09-10
Microsoft Excel Elevation of Privilege Vulnerability
- CVE-2024-43472MEDIUMCVSS 5.8EG 5.82024-08-16
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- CVE-2024-43491CRITICALCVSS 9.8EG 9.82024-09-10
Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker co…
- CVE-2024-43504HIGHCVSS 7.8EG 7.82024-10-08
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2024-43509HIGHCVSS 7.8EG 7.82024-10-08
Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2024-43533HIGHCVSS 8.8EG 8.82024-10-08
Remote Desktop Client Remote Code Execution Vulnerability
- CVE-2024-43535HIGHCVSS 7.0EG 7.02024-10-08
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
- CVE-2024-43552HIGHCVSS 7.3EG 7.32024-10-08
Windows Shell Remote Code Execution Vulnerability
- CVE-2024-43556HIGHCVSS 7.8EG 7.82024-10-08
Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2024-43570MEDIUMCVSS 6.4EG 6.42024-10-08
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2024-43574HIGHCVSS 8.3EG 8.32024-10-08
Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability
- CVE-2024-43582HIGHCVSS 8.1EG 8.12024-10-08
Remote Desktop Protocol Server Remote Code Execution Vulnerability
- CVE-2024-43599HIGHCVSS 8.8EG 8.82024-10-08
Remote Desktop Client Remote Code Execution Vulnerability
- CVE-2024-43625HIGHCVSS 8.1EG 8.12024-11-12
Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
- CVE-2024-43642HIGHCVSS 7.5EG 7.52024-11-12
Windows SMB Denial of Service Vulnerability
- CVE-2024-4368HIGHCVSS 8.8EG 6.32024-05-01
Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-43701HIGHCVSS 7.8EG 7.82024-10-14
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
- CVE-2024-43703HIGHCVSS 8.1EG 8.12024-11-30
Software installed and run as a non-privileged user may conduct improper GPU system calls to achieve unauthorised reads and writes of physical memory from the GPU HW.
- CVE-2024-43758HIGHCVSS 7.8EG 7.82024-09-13
Illustrator versions 28.6, 27.9.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v…
- CVE-2024-43830HIGHCVSS 7.8EG 7.82024-08-17
In the Linux kernel, the following vulnerability has been resolved: leds: trigger: Unregister sysfs attributes before calling deactivate() Triggers which have trigger specific sysfs attributes typically store related data in trigger-data…
- CVE-2024-43853MEDIUMCVSS 5.5EG 5.52024-08-17
In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proc_cpuset_show() An UAF can happen when /proc/cpuset is read as reported in [1]. This can be reproduced by the following methods: 1.add …
- CVE-2024-43864MEDIUMCVSS 5.5EG 5.52024-08-21
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix CT entry update leaks of modify header context The cited commit allocates a new modify header to replace the old one when updating CT entry. But if failed…
- CVE-2024-43883HIGHCVSS 7.0EG 7.02024-08-23
In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure …
- CVE-2024-43888HIGHCVSS 7.8EG 7.82024-08-26
In the Linux kernel, the following vulnerability has been resolved: mm: list_lru: fix UAF for memory cgroup The mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or cgroup_mutex or others which could prevent returned mem…
- CVE-2024-43891MEDIUMCVSS 4.7EG 4.72024-08-26
In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENT_FILE_FL_FREED When eventfs was introduced, special care had to be done to coordinate the freeing of the file meta data with the fil…
- CVE-2024-43900HIGHCVSS 7.8EG 7.82024-08-26
In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in load_firmware_cb() syzkaller reported use-after-free in load_firmware_cb() [1]. The reason is because the module allocated a struc…
- CVE-2024-44068HIGHCVSS 8.1EG 8.12024-10-07
An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation.
- CVE-2024-44285HIGHCVSS 7.8EG 8.42024-10-28
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. An app may be able to cause unexpected system termination or …
- CVE-2024-44932HIGHCVSS 7.8EG 7.82024-08-26
In the Linux kernel, the following vulnerability has been resolved: idpf: fix UAFs when destroying the queues The second tagged commit started sometimes (very rarely, but possible) throwing WARNs from net/core/page_pool.c:page_pool_disab…
- CVE-2024-44934HIGHCVSS 7.8EG 7.82024-08-26
In the Linux kernel, the following vulnerability has been resolved: net: bridge: mcast: wait for previous gc cycles when removing port syzbot hit a use-after-free[1] which is caused because the bridge doesn't make sure that all previous …
- CVE-2024-44941HIGHCVSS 7.8EG 7.82024-08-26
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to cover read extent cache access with lock syzbot reports a f2fs bug as below: BUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 fs/f2…
- CVE-2024-44946MEDIUMCVSS 5.5EG 5.52024-08-31
In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcm_sendmsg() for the same socket. syzkaller reported UAF in kcm_release(). [0] The scenario is 1. Thread A builds a skb with MSG_MORE and sets kcm->s…
- CVE-2024-44964HIGHCVSS 7.8EG 7.82024-09-04
In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leaks and crashes while performing a soft reset The second tagged commit introduced a UAF, as it removed restoring q_vector->vport pointers after reinit…
- CVE-2024-44974HIGHCVSS 7.8EG 7.82024-09-04
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: avoid possible UaF when selecting endp select_local_address() and select_signal_address() both select an endpoint entry from the list inside an RCU protected …
- CVE-2024-44978HIGHCVSS 7.8EG 7.82024-09-04
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Free job before xe_exec_queue_put Free job depends on job->vm being valid, the last xe_exec_queue_put can destroy the VM. Prevent UAF by freeing job before xe_ex…
- CVE-2024-44985HIGHCVSS 7.8EG 7.82024-09-04
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UAF in ip6_xmit() If skb_expand_head() returns NULL, skb has been freed and the associated dst/idev could also have been freed. We must use rcu_r…
- CVE-2024-44986HIGHCVSS 7.8EG 7.82024-09-04
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6_finish_output2() If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could also have been freed. We need to hold…
- CVE-2024-44987HIGHCVSS 7.8EG 7.82024-09-04
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb() syzbot reported an UAF in ip6_send_skb() [1] After ip6_local_out() has returned, we no longer can safely dereference rt, unless we h…
- CVE-2024-44997HIGHCVSS 7.8EG 7.82024-09-04
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() When there are multiple ap interfaces on one band and with WED on, turning the interface …
- CVE-2024-44998HIGHCVSS 7.8EG 7.82024-09-04
In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in dequeue_rx() We can't dereference "skb" after calling vcc->push() because the skb is released.
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →