Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,456)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-22090 1Qualcomm 23Sd865 5g Firmware Sd888 5g FirmwareSd 8 Gen1 5g Firmware+20 more Jun 17, 2026 Jun 14, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
CVE-2022-22071 1Qualcomm 90Apq8053 Firmware Ar8031 FirmwareAr8035 Firmware+87 more Jun 17, 2026 Jun 14, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapd...Show more Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & MusicShow less
CVE-2022-22068 1Qualcomm 116Apq8053 Firmware Aqt1000 FirmwareAr8031 Firmware+113 more Jun 17, 2026 Jun 14, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Indus...Show more kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesShow less
CVE-2021-35130 1Qualcomm 57Ar8035 Firmware Qam8295p FirmwareQca6174a Firmware+54 more Jun 17, 2026 Jun 14, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Memory corruption in graphics support layer due to use after free condition in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVE-2021-35120 1Qualcomm 100Apq8053 Firmware Aqt1000 FirmwareAr8031 Firmware+97 more Jun 17, 2026 Jun 14, 2022 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 Improper handling between export and release functions on the same handle from client can lead to use after free in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2021-30334 1Qualcomm 131Apq8009w Firmware Aqt1000 FirmwareAr8031 Firmware+128 more Jun 17, 2026 Jun 14, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snap...Show more Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon WearablesShow less
CVE-2022-29522 1Fujielectric 2V Server V Sft Jun 17, 2026 Jun 14, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a...Show more Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.Show less
CVE-2022-2042 2Apple Vim 2Macos Vim Jun 17, 2026 Jun 10, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-29228 1Envoyproxy 1Envoy Jun 17, 2026 Jun 9, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer ver...Show more Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn’t ever be called from filters after a local reply has been sent. Users are advised to upgrade. There are no known workarounds for this issue.Show less
CVE-2022-29227 1Envoyproxy 1Envoy Jun 17, 2026 Jun 9, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime b...Show more Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local reply when the redirect headers are processed, the downstream state indicates that the downstream stream is not complete. On sending the local reply, Envoy will attempt to reset the upstream stream, but as it is actually complete, and deleted, this result in a use-after-free. Users are advised to upgrade. Users unable to upgrade are advised to disable internal redirects if crashes are observed.Show less
CVE-2022-1998 4Fedoraproject LinuxNetapp+1 more 8Enterprise Linux FedoraH300s Firmware+5 more Jun 17, 2026 Jun 9, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the sys...Show more A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.Show less
CVE-2022-21745 1Google 1Android Jun 17, 2026 Jun 6, 2022 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no addition...Show more In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468872; Issue ID: ALPS06468872.Show less
CVE-2022-32250 4Debian FedoraprojectLinux+1 more 8Debian Linux FedoraH300s Firmware+5 more Jun 17, 2026 Jun 2, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-f...Show more net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.Show less
CVE-2022-29692 1Unicorn Engine 1Unicorn Engine Jun 17, 2026 Jun 2, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function.
CVE-2022-1968 3Apple DebianVim 3Debian Linux MacosVim Jun 17, 2026 Jun 2, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-1786 2Linux Netapp 6H300s Firmware H410c FirmwareH410s Firmware+3 more Jun 17, 2026 Jun 2, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local use...Show more A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.Show less
CVE-2022-1652 4Debian LinuxNetapp+1 more 8Debian Linux Enterprise LinuxH300s Firmware+5 more Jun 17, 2026 Jun 2, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exp...Show more Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.Show less
CVE-2022-1419 2Debian Linux 2Debian Linux Linux Kernel Jun 17, 2026 Jun 2, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of drm_vgem_gem_object (created in vgem_gem_dumb_create) concurrently, and vgem_gem_dumb_create will access t...Show more The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of drm_vgem_gem_object (created in vgem_gem_dumb_create) concurrently, and vgem_gem_dumb_create will access the freed drm_vgem_gem_object.Show less
CVE-2021-42203 1Swftools 1Swftools Jun 17, 2026 Jun 2, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in swftools through 20201222. A heap-use-after-free exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution.
CVE-2022-1934 1Mruby 1Mruby Jun 17, 2026 May 31, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Use After Free in GitHub repository mruby/mruby prior to 3.2.

Previous 1...222223224...373 Next