Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,529)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-24947 1Microsoft 7Windows 10 1607 Windows 10 1809Windows 10 20h2+4 more Jun 17, 2026 May 9, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Bluetooth Driver Remote Code Execution Vulnerability
CVE-2023-31974 1Tortall 1Yasm Jun 17, 2026 May 9, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.
CVE-2023-31972 1Tortall 1Yasm Jun 17, 2026 May 9, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.
CVE-2022-48386 1Google 1Android Jun 17, 2026 May 9, 2023 N/A· v4 4.4 MEDIUM· v3 N/A· v2 the apipe driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed.
CVE-2023-2513 2Linux Redhat 2Enterprise Linux Linux Kernel Jun 17, 2026 May 8, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or...Show more A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.Show less
CVE-2023-32233 3Linux NetappRedhat 3Enterprise Linux Hci Baseboard Management ControllerLinux Kernel Jun 17, 2026 May 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain...Show more In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.Show less
CVE-2023-27969 1Apple 5Ipados Iphone OsMacos+2 more Jun 17, 2026 May 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. An app may be able to execu...Show more A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges.Show less
CVE-2023-32269 1Linux 1Linux Kernel Jun 17, 2026 May 5, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attac...Show more An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.Show less
CVE-2020-22429 1Redox Os 1Redox Jun 17, 2026 May 3, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs.
CVE-2023-2461 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Jun 17, 2026 May 3, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI int...Show more Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)Show less
CVE-2022-33292 1Qualcomm 8Sg4150p Firmware Sm6225 Ad FirmwareSm6225 Firmware+5 more Jun 17, 2026 May 2, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Qualcomm IPC due to use after free while receiving the incoming packet and reposting it.
CVE-2023-2236 2Linux Netapp 2Hci Baseboard Management Controller Linux Kernel Jun 17, 2026 May 1, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Both io_install_fixed_file and its callers call fput in a file in case of an error, causing a...Show more A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Both io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability. We recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4.Show less
CVE-2023-2235 1Linux 1Linux Kernel Jun 17, 2026 May 1, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before...Show more A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2. Show less
CVE-2023-30549 3Lfprojects RedhatSylabs 3Apptainer Enterprise LinuxSingularity Jun 17, 2026 Apr 25, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older oper...Show more Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for denial of service and potentially for privilege escalation. Apptainer 1.1.8 includes a patch that by default disables mounting of extfs filesystem types in setuid-root mode, while continuing to allow mounting of extfs filesystems in non-setuid "rootless" mode using fuse2fs. Some workarounds are possible. Either do not install apptainer-suid (for versions 1.1.0 through 1.1.7) or set `allow setuid = no` in apptainer.conf. This requires having unprivileged user namespaces enabled and except for apptainer 1.1.x versions will disallow mounting of sif files, extfs files, and squashfs files in addition to other, less significant impacts. (Encrypted sif files are also not supported unprivileged in apptainer 1.1.x.). Alternatively, use the `limit containers` options in apptainer.conf/singularity.conf to limit sif files to trusted users, groups, and/or paths, and set `allow container extfs = no` to disallow mounting of extfs overlay files. The latter option by itself does not disallow mounting of extfs overlay partitions inside SIF files, so that's why the former options are also needed.Show less
CVE-2023-27352 1Sonos 3One Firmware S1S2 Jun 17, 2026 Apr 20, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw ex...Show more This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19845.Show less
CVE-2023-2162 1Linux 1Linux Kernel Jun 17, 2026 Apr 19, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
CVE-2023-21096 1Google 1Android Jun 17, 2026 Apr 19, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...Show more In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-254774758Show less
CVE-2023-30612 1Cloudhypervisor 1Cloud Hypervisor Jun 17, 2026 Apr 19, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the H...Show more Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily crashed, causing Deny-of-Service (DoS). This can also be a potential Use-After-Free (UAF) vulnerability. Users require to have the write access to the API socket file to trigger this vulnerability. Impacted versions of Cloud Hypervisor include upstream main branch, v31.0, and v30.0. The vulnerability was initially detected by our `http_api_fuzzer` via oss-fuzz. This issue has been addressed in versions 30.1 and 31.1. Users unable to upgrade may mitigate this issue by ensuring the write access to the API socket file is granted to trusted users only.Show less
CVE-2023-2135 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Jun 17, 2026 Apr 19, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromiu...Show more Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)Show less
CVE-2023-28984 1Juniper 1Junos Jun 17, 2026 Apr 17, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to...Show more A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Service (DoS). The PFE may crash when a lot of MAC learning and aging happens, but due to a Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) that is outside the attackers direct control. This issue affects: Juniper Networks Junos OS versions prior to 19.4R3-S10 on QFX Series; 20.2 versions prior to 20.2R3-S7 on QFX Series; 20.3 versions prior to 20.3R3-S6 on QFX Series; 20.4 versions prior to 20.4R3-S5 on QFX Series; 21.1 versions prior to 21.1R3-S4 on QFX Series; 21.2 versions prior to 21.2R3-S3 on QFX Series; 21.3 versions prior to 21.3R3-S3 on QFX Series; 21.4 versions prior to 21.4R3 on QFX Series; 22.1 versions prior to 22.1R3 on QFX Series; 22.2 versions prior to 22.2R2 on QFX Series.Show less

Previous 1...194195196...377 Next