Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,541)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-46894 1Huawei 2Emui Harmonyos Jun 17, 2026 Jul 6, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.
CVE-2023-31248 4Canonical DebianFedoraproject+1 more 4Debian Linux FedoraLinux Kernel+1 more Jun 17, 2026 Jul 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
CVE-2023-37209 1Mozilla 1Firefox Jun 17, 2026 Jul 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the...Show more A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115.Show less
CVE-2023-37202 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more Jun 17, 2026 Jul 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox...Show more Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.Show less
CVE-2023-37201 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more Jun 17, 2026 Jul 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
CVE-2023-21672 1Qualcomm 56Fastconnect 6700 Firmware Fastconnect 6900 FirmwareFastconnect 7800 Firmware+53 more Jun 17, 2026 Jul 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.
CVE-2023-3439 1Linux 1Linux Kernel Jun 17, 2026 Jun 28, 2023 N/A· v4 4.7 MEDIUM· v3 N/A· v2 A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the u...Show more A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service.Show less
CVE-2023-3390 2Linux Netapp 6H300s H410cH410s+3 more Jun 17, 2026 Jun 28, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same...Show more A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.Show less
CVE-2023-3389 3Canonical DebianLinux 3Debian Linux Linux KernelUbuntu Linux Jun 17, 2026 Jun 28, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We...Show more A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).Show less
CVE-2023-21147 1Google 1Android Jun 17, 2026 Jun 28, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In lwis_i2c_device_disable of lwis_device_i2c.c, there is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...Show more In lwis_i2c_device_disable of lwis_device_i2c.c, there is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-269661912References: N/AShow less
CVE-2023-21146 1Google 1Android Jun 17, 2026 Jun 28, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: Androi...Show more there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239867994References: N/AShow less
CVE-2023-25002 1Autodesk 43ds Max NavisworksRevit+1 more Jun 17, 2026 Jun 27, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
CVE-2023-25001 1Autodesk 1Navisworks Jun 17, 2026 Jun 27, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
CVE-2023-3422 2Debian Google 2Chrome Debian Linux Jun 17, 2026 Jun 26, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium se...Show more Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)Show less
CVE-2023-3421 2Debian Google 2Chrome Debian Linux Jun 17, 2026 Jun 26, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-3317 1Linux 1Linux Kernel Jun 17, 2026 Jun 23, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel. This flaw could allow an attacker to crash the...Show more A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel. This flaw could allow an attacker to crash the system after 'features' memory release. This vulnerability could even lead to a kernel information leak problem.Show less
CVE-2023-32412 1Apple 5Ipados Iphone OsMacos+2 more Jun 17, 2026 Jun 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5...Show more A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.Show less
CVE-2023-32398 1Apple 5Ipados Iphone OsMacos+2 more Jun 17, 2026 Jun 23, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5...Show more A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to execute arbitrary code with kernel privileges.Show less
CVE-2023-32387 1Apple 1Macos Jun 17, 2026 Jun 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. A remote attacker may be able to cause unexpected app terminat...Show more A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.Show less
CVE-2023-32373 3Apple RedhatWebkitgtk 8Enterprise Linux IpadosIphone Os+5 more Jun 17, 2026 Jun 23, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing mal...Show more A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.Show less

Previous 1...190191192...378 Next