Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,456)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-35704 1Adobe 1Bridge Jun 17, 2026 Sep 19, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss...Show more Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-3235 3Debian FedoraprojectVim 3Debian Linux FedoraVim Jun 17, 2026 Sep 18, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Use After Free in GitHub repository vim/vim prior to 9.0.0490.
CVE-2022-38434 1Adobe 1Photoshop Jun 17, 2026 Sep 16, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this...Show more Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-38428 1Adobe 1Photoshop Jun 17, 2026 Sep 16, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to by...Show more Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-3176 2Debian Linux 2Debian Linux Linux Kernel Jun 17, 2026 Sep 16, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is...Show more There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659Show less
CVE-2022-25693 1Qualcomm 15Sd 8 Gen1 5g Firmware Sm7450 FirmwareSm8475 Firmware+12 more Jun 17, 2026 Sep 16, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in graphics due to use-after-free while graphics profiling in Snapdragon Connectivity, Snapdragon Mobile
CVE-2022-22095 1Qualcomm 49Apq8053 Firmware Msm8953 FirmwareQca6390 Firmware+46 more Jun 17, 2026 Sep 16, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in synx driver due to use-after-free condition in the synx driver due to accessing object handles without acquiring lock in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdr...Show more Memory corruption in synx driver due to use-after-free condition in the synx driver due to accessing object handles without acquiring lock in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon MobileShow less
CVE-2022-22092 1Qualcomm 53Ar8035 Firmware Qca6390 FirmwareQca6391 Firmware+50 more Jun 17, 2026 Sep 16, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in kernel due to use after free issue in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2022-40639 1Ansys 1Spaceclaim Jun 17, 2026 Sep 15, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malic...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17207.Show less
CVE-2022-40638 1Ansys 1Spaceclaim Jun 17, 2026 Sep 15, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malic...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17102.Show less
CVE-2022-40637 1Ansys 1Spaceclaim Jun 17, 2026 Sep 15, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malic...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17045.Show less
CVE-2022-2977 1Linux 1Linux Kernel Jun 17, 2026 Sep 14, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and...Show more A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.Show less
CVE-2022-40674 3Debian FedoraprojectLibexpat Project 3Debian Linux FedoraLibexpat Jun 17, 2026 Sep 14, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
CVE-2021-0697 1Google 1Android Jun 17, 2026 Sep 13, 2022 N/A· v4 7.0 HIGH· v3 N/A· v2 In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible user after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio...Show more In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible user after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238918403Show less
CVE-2022-2979 1Omron 1Cx Programmer Jun 17, 2026 Sep 12, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution.
CVE-2022-40133 1Linux 1Linux Kernel Jun 17, 2026 Sep 9, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allow...Show more A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).Show less
CVE-2022-38457 1Linux 1Linux Kernel Jun 17, 2026 Sep 9, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a lo...Show more A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).Show less
CVE-2022-36855 1Google 1Android Jun 17, 2026 Sep 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
CVE-2022-36849 1Google 1Android Jun 17, 2026 Sep 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions.
CVE-2022-36847 1Google 1Android Jun 17, 2026 Sep 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions.

Previous 1...211212213...373 Next