CWE-416
7,675 CVEs • Abstraction: Variant • Likelihood of Exploit: High
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CVEs (7,675)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Microsoft 12Windows 10 1607 Windows 10 1809Windows 10 21h2+9 moreJun 17, 2026 Jan 13, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting on an internal reso...Show more |
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario. Improper resource management...Show more |
In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() In xe_oa_add_config_ioctl(), we accessed oa_config->id after dropping metrics_lock. Since thi...Show more |
In the Linux kernel, the following vulnerability has been resolved: scsi: aic94xx: fix use-after-free in device removal path The asd_pci_remove() function fails to synchronize with pending tasklets before freeing the a...Show more |
In the Linux kernel, the following vulnerability has been resolved: Input: lkkbd - disable pending work before freeing device lkkbd_interrupt() schedules lk->tq via schedule_work(), and the work handler lkkbd_reinit()...Show more |
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: fix use-after-free on probe deferral The driver is dropping the references taken to the larb devices during probe after successful loo...Show more |
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency Under high concurrency, A tree-connection object (tcon) is freed on a disconnect...Show more |
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. |
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. |
Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. |
Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, usb_class_request_get_descriptor() frees and reallocates hid_device->ctrl_xfer when an oversized descriptor is...Show more |
Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code. |
Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code. |
1Qualcomm 185Ar8035 Firmware Ar9380 FirmwareCsr8811 Firmware+182 moreJun 17, 2026 Jan 7, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption while deinitializing a HDCP session. |
1Qualcomm 63Fastconnect 6700 Firmware Fastconnect 6900 FirmwareFastconnect 7800 Firmware+60 moreJun 17, 2026 Jan 7, 2026 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Memory corruption while accessing a synchronization object during concurrent operations. |
1Qualcomm 18Fastconnect 7800 Firmware Qmp1000 FirmwareSm8735 Firmware+15 moreJun 17, 2026 Jan 7, 2026 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Memory corruption while performing sensor register read operations. |
1Qualcomm 237Aqt1000 Firmware Ar8031 FirmwareAr8035 Firmware+234 moreJun 17, 2026 Jan 7, 2026 N/A· v4 6.6 MEDIUM· v3 N/A· v2 Memory corruption while handling buffer mapping operations in the cryptographic driver. |
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-based Buffer Overflow and Integer Overflow or Wraparound and Out-of-bou...Show more |
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a Use After Free vulnerability in the CIccXform::Create() function, where it deletes the hint....Show more |