Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,457)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-42720 3Debian FedoraprojectLinux 3Debian Linux FedoraLinux Kernel Jun 17, 2026 Oct 14, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free condi...Show more Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.Show less
CVE-2022-42719 3Debian FedoraprojectLinux 3Debian Linux FedoraLinux Kernel Jun 17, 2026 Oct 13, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially...Show more A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.Show less
CVE-2022-20421 2Debian Google 2Android Debian Linux Jun 17, 2026 Oct 11, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...Show more In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernelShow less
CVE-2022-20409 1Google 1Android Jun 17, 2026 Oct 11, 2022 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not neede...Show more In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238177383References: Upstream kernelShow less
CVE-2021-0696 1Google 1Android Jun 17, 2026 Oct 11, 2022 N/A· v4 7.0 HIGH· v3 N/A· v2 In dllist_remove_node of TBD, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not neede...Show more In dllist_remove_node of TBD, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242344778Show less
CVE-2022-42703 1Linux 1Linux Kernel Jun 17, 2026 Oct 9, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
CVE-2021-40166 1Autodesk 19Autocad Autocad Advance SteelAutocad Architecture+16 more Jun 17, 2026 Oct 7, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute a...Show more A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.Show less
CVE-2022-39853 1Google 1Android Jun 17, 2026 Oct 7, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault.
CVE-2022-39847 1Google 1Android Jun 17, 2026 Oct 7, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions.
CVE-2022-41850 2Debian Linux 2Debian Linux Linux Kernel Jun 17, 2026 Sep 30, 2022 N/A· v4 4.7 MEDIUM· v3 N/A· v2 roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in p...Show more roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.Show less
CVE-2022-41849 2Debian Linux 2Debian Linux Linux Kernel Jun 17, 2026 Sep 30, 2022 N/A· v4 4.2 MEDIUM· v3 N/A· v2 drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition betwe...Show more drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.Show less
CVE-2022-41848 1Linux 1Linux Kernel Jun 17, 2026 Sep 30, 2022 N/A· v4 4.2 MEDIUM· v3 N/A· v2 drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition...Show more drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.Show less
CVE-2022-3352 3Debian FedoraprojectVim 3Debian Linux FedoraVim Jun 17, 2026 Sep 29, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Use After Free in GitHub repository vim/vim prior to 9.0.0614.
CVE-2022-40278 1Samsung 1Tizenrt Jun 17, 2026 Sep 29, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service.
CVE-2022-38222 1Xpdfreader 1Xpdf Jun 17, 2026 Sep 29, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Deni...Show more There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.Show less
CVE-2022-22058 1Qualcomm 79Apq8009 Firmware Apq8009w FirmwareApq8017 Firmware+76 more Jun 17, 2026 Sep 26, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,...Show more Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesShow less
CVE-2022-3199 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Sep 26, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-3198 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Sep 26, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
CVE-2022-3197 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Sep 26, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
CVE-2022-3196 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Sep 26, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Previous 1...209210211...373 Next