Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,522)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-26426 1Adobe 1Illustrator Jun 17, 2026 Mar 22, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issu...Show more Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-4095 1Linux 1Linux Kernel Jun 17, 2026 Mar 22, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escala...Show more A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.Show less
CVE-2023-1281 1Linux 1Linux Kernel Jun 17, 2026 Mar 22, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when...Show more Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.Show less
CVE-2023-1533 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Mar 21, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-1531 3Chromium FedoraprojectGoogle 3Chrome ChromiumFedora Jun 17, 2026 Mar 21, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-1530 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Mar 21, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-1528 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Mar 21, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security s...Show more Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)Show less
CVE-2022-42332 3Debian FedoraprojectXen 3Debian Linux FedoraXen Jun 17, 2026 Mar 21, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow m...Show more x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tables as well as auxiliary data structures. To migrate or snapshot guests, Xen additionally runs them in so called log-dirty mode. The data structures needed by the log-dirty tracking are part of aformentioned auxiliary data. In order to keep error handling efforts within reasonable bounds, for operations which may require memory allocations shadow mode logic ensures up front that enough memory is available for the worst case requirements. Unfortunately, while page table memory is properly accounted for on the code path requiring the potential establishing of new shadows, demands by the log-dirty infrastructure were not taken into consideration. As a result, just established shadow page tables could be freed again immediately, while other code is still accessing them on the assumption that they would remain allocated.Show less
CVE-2023-21459 1Samsung 1Android Jun 17, 2026 Mar 16, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault.
CVE-2023-23421 1Microsoft 13Windows 10 Windows 10 1607Windows 10 1809+10 more Jun 17, 2026 Mar 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-23420 1Microsoft 13Windows 10 Windows 10 1607Windows 10 1809+10 more Jun 17, 2026 Mar 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-23404 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Jun 17, 2026 Mar 14, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2023-23392 1Microsoft 3Windows 11 21h2 Windows 11 22h2Windows Server 2022 Jun 17, 2026 Mar 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 HTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2022-47460 1Google 1Android Jun 17, 2026 Mar 10, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In gpu device, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel.
CVE-2022-33245 1Qualcomm 72Apq8064au Firmware Apq8096au FirmwareAqt1000 Firmware+69 more Jun 17, 2026 Mar 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in WLAN due to use after free
CVE-2023-22436 1Openatom 1Openharmony Jun 17, 2026 Mar 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to roo...Show more The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root. Show less
CVE-2023-0030 1Linux 1Linux Kernel Jun 17, 2026 Mar 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate...Show more A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.Show less
CVE-2022-46394 1Arm 2Avalon Gpu Kernel Driver Valhall Gpu Kernel Driver Jun 17, 2026 Mar 8, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r39p0 through r41p0 before r42p0,...Show more An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r39p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.Show less
CVE-2023-1227 1Google 1Chrome Jun 17, 2026 Mar 7, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interacti...Show more Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)Show less
CVE-2023-1218 1Google 1Chrome Jun 17, 2026 Mar 7, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Previous 1...199200201...377 Next