Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,455)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-29483 3Debian FedoraprojectXen 3Debian Linux FedoraXen Nov 21, 2024 Dec 15, 2020 N/A· v4 6.5 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. U...Show more An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from xenstored's internal management, resulting in the same actions as if the guest had been destroyed, including sending an @releaseDomain event. @releaseDomain events do not say that the guest has been removed. All watchers of this event must look at the states of all guests to find the guest that has been removed. When an @releaseDomain is generated due to a domain xenstored protocol violation, because the guest is still running, the watchers will not react. Later, when the guest is actually destroyed, xenstored will no longer have it stored in its internal data base, so no further @releaseDomain event will be sent. This can lead to a zombie domain; memory mappings of that guest's memory will not be removed, due to the missing event. This zombie domain will be cleaned up only after another domain is destroyed, as that will trigger another @releaseDomain event. If the device model of the guest that violated the Xenstore protocol is running in a stub-domain, a use-after-free case could happen in xenstored, after having removed the guest from its internal data base, possibly resulting in a crash of xenstored. A malicious guest can block resources of the host for a period after its own death. Guests with a stub domain device model can eventually crash xenstored, resulting in a more serious denial of service (the prevention of any further domain management operations). Only the C variant of Xenstore is affected; the Ocaml variant is not affected. Only HVM guests with a stubdom device model can cause a serious DoS.Show less
CVE-2020-29569 4Debian LinuxNetapp+1 more 6Debian Linux Hci Compute Node BiosLinux Kernel+3 more Nov 21, 2024 Dec 15, 2020 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the h...Show more An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.Show less
CVE-2020-27067 1Google 1Android Nov 21, 2024 Dec 15, 2020 N/A· v4 6.4 MEDIUM· v3 4.4 MEDIUM· v2 In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...Show more In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152409173Show less
CVE-2020-27066 1Google 1Android Nov 21, 2024 Dec 15, 2020 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction...Show more In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168043318Show less
CVE-2020-27044 1Google 1Android Nov 21, 2024 Dec 15, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In restartWrite of Parcel.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not neede...Show more In restartWrite of Parcel.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157066561Show less
CVE-2020-27035 1Google 1Android Nov 21, 2024 Dec 15, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In priorLinearAllocation of C2AllocatorIon.cpp, there is a possible use-after-free due to improper locking. This could lead to local information disclosure in the media codec with no additional execution privileges neede...Show more In priorLinearAllocation of C2AllocatorIon.cpp, there is a possible use-after-free due to improper locking. This could lead to local information disclosure in the media codec with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-152239213Show less
CVE-2020-0496 1Google 1Android Nov 21, 2024 Dec 15, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In CPDF_RenderStatus::LoadSMask of cpdf_renderstatus.cpp, there is a possible memory corruption due to a use-after free. This could lead to local information disclosure with no additional execution privileges needed. Use...Show more In CPDF_RenderStatus::LoadSMask of cpdf_renderstatus.cpp, there is a possible memory corruption due to a use-after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-149481220Show less
CVE-2020-0484 1Google 1Android Nov 21, 2024 Dec 15, 2020 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In destroyResources of ComposerClient.h, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not need...Show more In destroyResources of ComposerClient.h, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155769496Show less
CVE-2020-0483 1Google 1Android Nov 21, 2024 Dec 15, 2020 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In DrmManagerService::~DrmManagerService() of DrmManagerService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed...Show more In DrmManagerService::~DrmManagerService() of DrmManagerService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155647761Show less
CVE-2020-0474 1Google 1Android Nov 21, 2024 Dec 15, 2020 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio...Show more In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169282240Show less
CVE-2020-0466 1Google 1Android Nov 21, 2024 Dec 14, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User intera...Show more In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernelShow less
CVE-2020-8231 5Debian HaxxOracle+2 more 5Communications Cloud Native Core Policy Debian LinuxLibcurl+2 more Nov 21, 2024 Dec 14, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
CVE-2020-27786 3Linux NetappRedhat 6Cloud Backup Enterprise LinuxEnterprise Mrg+3 more Nov 21, 2024 Dec 11, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this spec...Show more A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.Show less
CVE-2020-16600 1Artifex 1Mupdf Nov 21, 2024 Dec 9, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previo...Show more A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.Show less
CVE-2020-16592 3Fedoraproject GnuNetapp 3Binutils FedoraOntap Select Deploy Administration Utility Nov 21, 2024 Dec 9, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
CVE-2020-29661 6Broadcom DebianFedoraproject+3 more 128300 Firmware 8700 FirmwareA400 Firmware+9 more Nov 21, 2024 Dec 9, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
CVE-2020-29660 5Broadcom DebianFedoraproject+2 more 118300 Firmware 8700 FirmwareA400 Firmware+8 more Nov 21, 2024 Dec 9, 2020 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9...Show more A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.Show less
CVE-2020-26960 1Mozilla 3Firefox Firefox EsrThunderbird Nov 21, 2024 Dec 9, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox <...Show more If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.Show less
CVE-2020-26959 1Mozilla 3Firefox Firefox EsrThunderbird Nov 21, 2024 Dec 9, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox <...Show more During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.Show less
CVE-2020-26950 1Mozilla 3Firefox Firefox EsrThunderbird Nov 21, 2024 Dec 9, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thu...Show more In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.Show less

Previous 1...267268269...373 Next