CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,398 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 98 of 148
- CVE-2024-45013MEDIUMCVSS 5.5EG 5.52024-09-11
In the Linux kernel, the following vulnerability has been resolved: nvme: move stopping keep-alive into nvme_uninit_ctrl() Commit 4733b65d82bd ("nvme: start keep-alive after admin queue setup") moves starting keep-alive from nvme_start_c…
- CVE-2024-45016MEDIUMCVSS 5.5EG 5.52024-09-11
In the Linux kernel, the following vulnerability has been resolved: netem: fix return value if duplicate enqueue fails There is a bug in netem_enqueue() introduced by commit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sg…
- CVE-2024-45063HIGHCVSS 8.8EG 8.82024-09-05
The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achiev…
- CVE-2024-45107MEDIUMCVSS 5.5EG 5.52024-09-05
Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to b…
- CVE-2024-45138HIGHCVSS 7.8EG 7.82024-10-09
Substance3D - Stager versions 3.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a…
- CVE-2024-45146HIGHCVSS 7.8EG 7.82024-10-09
Dimension versions 4.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mus…
- CVE-2024-45434CRITICALCVSS 9.8EG 9.82025-09-12
OpenSynergy BlueSDK (aka Blue SDK) through 6.x has a Use-After-Free. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of validating the existence of an object before performing operations on the …
- CVE-2024-45540MEDIUMCVSS 6.6EG 6.62025-04-07
Memory corruption while invoking IOCTL map buffer request from userspace.
- CVE-2024-45544MEDIUMCVSS 6.6EG 6.62025-04-07
Memory corruption while processing IOCTL calls to add route entry in the HW.
- CVE-2024-45553HIGHCVSS 7.8EG 7.82025-01-06
Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.
- CVE-2024-45554HIGHCVSS 7.8EG 7.82025-05-06
Memory corruption during concurrent SSR execution due to race condition on the global maps list.
- CVE-2024-45561HIGHCVSS 7.8EG 7.82025-02-03
Memory corruption while handling IOCTL call from user-space to set latency level.
- CVE-2024-45562MEDIUMCVSS 6.6EG 6.62025-05-06
Memory corruption during concurrent access to server info object due to unprotected critical field.
- CVE-2024-45564HIGHCVSS 7.8EG 7.82025-05-06
Memory corruption during concurrent access to server info object due to incorrect reference count update.
- CVE-2024-45566HIGHCVSS 7.8EG 7.82025-05-06
Memory corruption during concurrent buffer access due to modification of the reference count.
- CVE-2024-45567HIGHCVSS 7.8EG 7.82025-05-06
Memory corruption while encoding JPEG format.
- CVE-2024-45571HIGHCVSS 7.8EG 7.82025-02-03
Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
- CVE-2024-4558CRITICALCVSS 9.6EG 7.52024-05-07
Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-45580HIGHCVSS 7.8EG 7.82025-03-03
Memory corruption while handling multuple IOCTL calls from userspace for remote invocation.
- CVE-2024-45583MEDIUMCVSS 6.6EG 6.62025-05-06
Memory corruption while handling multiple IOCTL calls from userspace to operate DMA operations.
- CVE-2024-4607HIGHCVSS 7.8EG 7.82024-08-05
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations t…
- CVE-2024-4610HIGHCVSS 7.8EG 9.0⚠ KEV2024-06-07
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue aff…
- CVE-2024-46674HIGHCVSS 7.8EG 7.82024-09-13
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undo_platform_…
- CVE-2024-46683HIGHCVSS 7.8EG 7.82024-09-13
In the Linux kernel, the following vulnerability has been resolved: drm/xe: prevent UAF around preempt fence The fence lock is part of the queue, therefore in the current design anything locking the fence should then also hold a ref to t…
- CVE-2024-46687HIGHCVSS 7.8EG 7.82024-09-13
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() [BUG] There is an internal report that KASAN is reporting use-after-free, with the following …
- CVE-2024-46696HIGHCVSS 7.8EG 7.82024-09-13
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix potential UAF in nfsd4_cb_getattr_release Once we drop the delegation reference, the fields embedded in it are no longer safe to access. Do that last.
- CVE-2024-4671CRITICALCVSS 9.6EG 9.6⚠ KEV2024-05-14
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-46716MEDIUMCVSS 5.5EG 5.52024-09-18
In the Linux kernel, the following vulnerability has been resolved: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Remove list_del call in msgdma_chan_desc_cleanup, this should be the role of msgdma_free_des…
- CVE-2024-46738HIGHCVSS 7.8EG 7.82024-09-18
In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() When removing a resource from vmci_resource_table in vmci_resource_remove(), the search is perf…
- CVE-2024-46740HIGHCVSS 7.8EG 7.82024-09-18
In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. Any raw data in-between thes…
- CVE-2024-46746HIGHCVSS 7.8EG 7.82024-09-18
In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: free driver_data after destroying hid device HID driver callbacks aren't called anymore once hid_destroy_device() has been called. Hence, hid driver_data s…
- CVE-2024-46762MEDIUMCVSS 5.5EG 5.52024-09-18
In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fix possible access to a freed kirqfd instance Nothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and privcmd_irqfd_deassign(). If that ha…
- CVE-2024-46781MEDIUMCVSS 5.5EG 5.52024-09-18
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix missing cleanup on rollforward recovery error In an error injection test of a routine for mount-time recovery, KASAN found a use-after-free bug. It turned o…
- CVE-2024-46782HIGHCVSS 7.8EG 7.82024-09-18
In the Linux kernel, the following vulnerability has been resolved: ila: call nf_unregister_net_hooks() sooner syzbot found an use-after-free Read in ila_nf_input [1] Issue here is that ila_xlat_exit_net() frees the rhashtable, then cal…
- CVE-2024-46786HIGHCVSS 7.8EG 7.82024-09-18
In the Linux kernel, the following vulnerability has been resolved: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF The fscache_cookie_lru_timer is initialized when the fscache module is inserted, but is not dele…
- CVE-2024-46796HIGHCVSS 7.8EG 7.82024-09-18
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2_set_path_size() If smb2_compound_op() is called with a valid @cfile and returned -EINVAL, we need to call cifs_get_writable…
- CVE-2024-46798HIGHCVSS 7.8EG 7.82024-09-18
In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object When using kernel with the following extra config, - CONFIG_KASAN=y - CONFIG_KASAN_GENERIC=y - CONFIG_KASAN_INL…
- CVE-2024-46800HIGHCVSS 7.8EG 7.82024-09-18
In the Linux kernel, the following vulnerability has been resolved: sch/netem: fix use after free in netem_dequeue If netem_dequeue() enqueues packet to inner qdisc and that qdisc returns __NET_XMIT_STOLEN. The packet is dropped but qdis…
- CVE-2024-46831HIGHCVSS 7.8EG 7.82024-09-27
In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap: Fix use-after-free error in kunit test This is a clear use-after-free error. We remove it, and rely on checking the return code of vcap_del_rule.
- CVE-2024-46842MEDIUMCVSS 5.5EG 5.52024-09-27
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info The MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the routine unconditionally frees submitted …
- CVE-2024-46845HIGHCVSS 7.8EG 7.82024-09-27
In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Only clear timer if a kthread exists The timerlat tracer can use user space threads to check for osnoise and timer latency. If the program using this i…
- CVE-2024-46849HIGHCVSS 7.8EG 7.82024-09-27
In the Linux kernel, the following vulnerability has been resolved: ASoC: meson: axg-card: fix 'use-after-free' Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()', so move 'pad' pointer initialization after this fu…
- CVE-2024-46858HIGHCVSS 7.0EG 7.02024-09-27
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== …
- CVE-2024-46971HIGHCVSS 7.8EG 7.82024-12-13
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
- CVE-2024-46973HIGHCVSS 7.8EG 7.82024-12-28
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
- CVE-2024-46981HIGHCVSS 7.0EG 7.02025-01-06
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.…
- CVE-2024-47017HIGHCVSS 7.8EG 7.82024-10-25
In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for expl…
- CVE-2024-47033HIGHCVSS 7.8EG 7.42024-10-25
In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for …
- CVE-2024-47040HIGHCVSS 7.8EG 7.82024-12-18
There is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-4741HIGHCVSS 7.5EG 7.52024-11-13
Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corrupti…
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →