Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,456)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-0893 1Google 1Android Nov 21, 2024 Dec 17, 2021 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch I...Show more In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687474.Show less
CVE-2021-39656 1Google 1Android Nov 21, 2024 Dec 15, 2021 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is n...Show more In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049066References: Upstream kernelShow less
CVE-2021-39638 1Google 1Android Nov 21, 2024 Dec 15, 2021 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In periodic_io_work_func of lwis_periodic_io.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction...Show more In periodic_io_work_func of lwis_periodic_io.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195607566References: N/AShow less
CVE-2021-1048 1Google 1Android Oct 23, 2025 Dec 15, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction i...Show more In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernelShow less
CVE-2021-1042 1Google 1Android Nov 21, 2024 Dec 15, 2021 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 In dsi_panel_debugfs_read_cmdset of dsi_panel.c, there is a possible disclosure of freed kernel heap memory due to a use after free. This could lead to local information disclosure with System execution privileges needed...Show more In dsi_panel_debugfs_read_cmdset of dsi_panel.c, there is a possible disclosure of freed kernel heap memory due to a use after free. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-187851056References: N/AShow less
CVE-2021-1029 1Google 1Android Nov 21, 2024 Dec 15, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User intera...Show more In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034677Show less
CVE-2021-1028 1Google 1Android Nov 21, 2024 Dec 15, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User intera...Show more In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034683Show less
CVE-2021-0929 1Google 1Android Nov 21, 2024 Dec 15, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges ne...Show more In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-187527909References: Upstream kernelShow less
CVE-2021-0920 3Debian GoogleLinux 3Android Debian LinuxLinux Kernel Oct 23, 2025 Dec 15, 2021 N/A· v4 6.4 MEDIUM· v3 6.9 MEDIUM· v2 In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed fo...Show more In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernelShow less
CVE-2021-44447 1Siemens 2Jt Open Toolkit Jt Utilities Nov 21, 2024 Dec 14, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains a use-after-free vulnerability that could be triggered while par...Show more A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14911)Show less
CVE-2021-44433 1Siemens 2Jt Open Toolkit Jt Utilities Nov 21, 2024 Dec 14, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains a use after free vulnerability that could be triggered while par...Show more A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains a use after free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14900)Show less
CVE-2021-44014 1Siemens 5Jt2go Jt Open ToolkitJt Utilities+2 more Nov 21, 2024 Dec 14, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a use-after-free vulnerability that could be...Show more A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057, ZDI-CAN-19081)Show less
CVE-2021-43539 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more Nov 21, 2024 Dec 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potential...Show more Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.Show less
CVE-2021-43535 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more Nov 21, 2024 Dec 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird...Show more A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.Show less
CVE-2021-38504 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more Nov 21, 2024 Dec 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affect...Show more When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.Show less
CVE-2021-37045 1Huawei 3Emui HarmonyosMagic Ui Nov 21, 2024 Dec 8, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 There is an UAF vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart unexpectedly and the kernel-mode code to be executed.
CVE-2021-4069 3Debian FedoraprojectVim 3Debian Linux FedoraVim Nov 21, 2024 Dec 6, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 vim is vulnerable to Use After Free
CVE-2021-44047 1Opendesign 1Drawings Sdk Nov 21, 2024 Dec 5, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack o...Show more A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.Show less
CVE-2021-43790 1Bytecodealliance 1Lucet Nov 21, 2024 Nov 30, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of `lucet-runtime` affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result...Show more Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of `lucet-runtime` affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduced early in the development of Lucet and is present in all releases. As a result of this bug, and dependent on the memory backing for the Instance objects, it is possible to trigger a use-after-free when the Instance is dropped. Users should upgrade to the main branch of the Lucet repository. Lucet no longer provides versioned releases on crates.io. There is no way to remediate this vulnerability without upgrading.Show less
CVE-2021-38002 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Nov 23, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Previous 1...240241242...373 Next