CWE-416
7,455 CVEs • Abstraction: Variant • Likelihood of Exploit: High
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CVEs (7,455)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
4Debian FedoraprojectLinux+1 more14Active Iq Unified Manager Cloud BackupDebian Linux+11 moreNov 21, 2024 May 26, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. |
4Debian FedoraprojectGnu+1 more13Cloud Backup Debian LinuxE Series Santricity Os Controller+10 moreNov 21, 2024 May 25, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been f...Show more |
1Arm 3Bifrost Gpu Kernel Driver Midgard Gpu Kernel DriverValhall Gpu Kernel DriverNov 3, 2025 May 24, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 . The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valha...Show more |
5Apple DebianNetapp+2 more6Debian Linux Enterprise LinuxIpados+3 moreNov 21, 2024 May 21, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as syst...Show more |
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee. |
6Debian FedoraprojectNetapp+3 more18Active Iq Unified Manager Clustered Data OntapClustered Data Ontap Antivirus Connector+15 moreNov 21, 2024 May 18, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this fl...Show more |
3Debian LinuxNetapp11Cloud Backup Debian LinuxH300e Firmware+8 moreNov 21, 2024 May 17, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat fro...Show more |
3Debian FedoraprojectLinux3Debian Linux FedoraLinux KernelNov 21, 2024 May 14, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. |
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writin...Show more |
2Linux Netapp12Cloud Backup H300e FirmwareH300s Firmware+9 moreNov 21, 2024 May 14, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs a...Show more |
2Fedoraproject Radare2Fedora Radare2Nov 21, 2024 May 14, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. |
2C Ares Fedoraproject2C Ares FedoraNov 21, 2024 May 13, 2021 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib....Show more |
3Debian FedoraprojectLinux3Debian Linux FedoraLinux KernelNov 21, 2024 May 12, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with...Show more |
2Fedoraproject Linux2Fedora Linux KernelNov 21, 2024 May 11, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST sup...Show more |
1Microsoft 8Windows 10 Windows 7Windows 8.1+5 moreNov 21, 2024 May 11, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Windows Graphics Component Elevation of Privilege Vulnerability |
1Microsoft 6365 Apps ExcelOffice+3 moreNov 21, 2024 May 11, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Microsoft Office Remote Code Execution Vulnerability |
1Microsoft 4365 Apps OfficeOffice Online Server+1 moreNov 21, 2024 May 11, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Microsoft Office Remote Code Execution Vulnerability |
1Microsoft 5365 Apps ExcelOffice+2 moreNov 21, 2024 May 11, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Microsoft Office Remote Code Execution Vulnerability |
1Microsoft 3Windows 10 Windows Server 2016Windows Server 2019Nov 21, 2024 May 11, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Graphics Component Elevation of Privilege Vulnerability |
1Microsoft 4Windows 10 2004 Windows 10 20h2Windows Server 2004+1 moreOct 30, 2025 May 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 HTTP Protocol Stack Remote Code Execution Vulnerability |