Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,549)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-37573 1Tonybybell 1Gtkwave Jun 17, 2026 Jan 8, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious...Show more Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI's recoder (default) VCD parsing code.Show less
CVE-2023-5091 1Arm 1Valhall Gpu Kernel Driver Jun 17, 2026 Jan 8, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kerne...Show more Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through r40p0. Show less
CVE-2024-22088 1Chendotjs 1Lotos Webserver Jun 17, 2026 Jan 5, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.
CVE-2023-6270 3Debian FedoraprojectLinux 3Debian Linux FedoraLinux Kernel Jun 17, 2026 Jan 4, 2024 N/A· v4 7.0 HIGH· v3 N/A· v2 A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the...Show more A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.Show less
CVE-2024-0225 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Jan 4, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-0224 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Jan 4, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-0222 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Jan 4, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security sever...Show more Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)Show less
CVE-2024-0217 3Fedoraproject Packagekit ProjectRedhat 3Enterprise Linux FedoraPackagekit Jun 17, 2026 Jan 3, 2024 N/A· v4 3.3 LOW· v3 N/A· v2 A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously f...Show more A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.Show less
CVE-2023-49554 1Yasm Project 1Yasm Jun 17, 2026 Jan 3, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.
CVE-2024-0193 2Linux Redhat 35Codeready Linux Builder Codeready Linux Builder For Arm64Codeready Linux Builder For Arm64 Eus+32 more Jun 17, 2026 Jan 2, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-afte...Show more A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.Show less
CVE-2023-49142 1Openatom 1Openharmony Jun 17, 2026 Jan 2, 2024 N/A· v4 3.3 LOW· v3 N/A· v2 in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer.
CVE-2023-49135 1Openatom 1Openharmony Jun 17, 2026 Jan 2, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.
CVE-2023-48360 1Openatom 1Openharmony Jun 17, 2026 Jan 2, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.
CVE-2023-47857 1Openatom 1Openharmony Jun 17, 2026 Jan 2, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer.
CVE-2023-43514 1Qualcomm 81Ar8035 Firmware Fastconnect 6200 FirmwareFastconnect 6700 Firmware+78 more Jun 17, 2026 Jan 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.
CVE-2023-33120 1Qualcomm 227315 5g Iot Modem Firmware 9206 Lte Modem FirmwareApq8017 Firmware+224 more Jun 17, 2026 Jan 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Audio when memory map command is executed consecutively in ADSP.
CVE-2023-33118 1Qualcomm 130Ar8035 Firmware Csra6620 FirmwareCsra6640 Firmware+127 more Jun 17, 2026 Jan 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.
CVE-2023-33117 1Qualcomm 136Ar8035 Firmware Csra6620 FirmwareCsra6640 Firmware+133 more Jun 17, 2026 Jan 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.
CVE-2023-33114 1Qualcomm 111315 5g Iot Modem Firmware Aqt1000 FirmwareAr8031 Firmware+108 more Jun 17, 2026 Jan 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.
CVE-2023-33108 1Qualcomm 26Qam8255p Firmware Qam8295p FirmwareQam8650p Firmware+23 more Jun 17, 2026 Jan 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued.

Previous 1...173174175...378 Next