Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-49470

Summary
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At-26 Feb, 2025 | 02:13
Updated At-04 May, 2025 | 08:38
Rejected At-
Credits

Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event We should not access skb buffer data anymore after hci_recv_frame was called. [ 39.634809] BUG: KASAN: use-after-free in btmtksdio_recv_event+0x1b0 [ 39.634855] Read of size 1 at addr ffffff80cf28a60d by task kworker [ 39.634962] Call trace: [ 39.634974] dump_backtrace+0x0/0x3b8 [ 39.634999] show_stack+0x20/0x2c [ 39.635016] dump_stack_lvl+0x60/0x78 [ 39.635040] print_address_description+0x70/0x2f0 [ 39.635062] kasan_report+0x154/0x194 [ 39.635079] __asan_report_load1_noabort+0x44/0x50 [ 39.635099] btmtksdio_recv_event+0x1b0/0x1c4 [ 39.635129] btmtksdio_txrx_work+0x6cc/0xac4 [ 39.635157] process_one_work+0x560/0xc5c [ 39.635177] worker_thread+0x7ec/0xcc0 [ 39.635195] kthread+0x2d0/0x3d0 [ 39.635215] ret_from_fork+0x10/0x20 [ 39.635247] Allocated by task 0: [ 39.635260] (stack is not available) [ 39.635281] Freed by task 2392: [ 39.635295] kasan_save_stack+0x38/0x68 [ 39.635319] kasan_set_track+0x28/0x3c [ 39.635338] kasan_set_free_info+0x28/0x4c [ 39.635357] ____kasan_slab_free+0x104/0x150 [ 39.635374] __kasan_slab_free+0x18/0x28 [ 39.635391] slab_free_freelist_hook+0x114/0x248 [ 39.635410] kfree+0xf8/0x2b4 [ 39.635427] skb_free_head+0x58/0x98 [ 39.635447] skb_release_data+0x2f4/0x410 [ 39.635464] skb_release_all+0x50/0x60 [ 39.635481] kfree_skb+0xc8/0x25c [ 39.635498] hci_event_packet+0x894/0xca4 [bluetooth] [ 39.635721] hci_rx_work+0x1c8/0x68c [bluetooth] [ 39.635925] process_one_work+0x560/0xc5c [ 39.635951] worker_thread+0x7ec/0xcc0 [ 39.635970] kthread+0x2d0/0x3d0 [ 39.635990] ret_from_fork+0x10/0x20 [ 39.636021] The buggy address belongs to the object at ffffff80cf28a600 which belongs to the cache kmalloc-512 of size 512 [ 39.636039] The buggy address is located 13 bytes inside of 512-byte region [ffffff80cf28a600, ffffff80cf28a800)

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Linux
Assigner Org ID:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:26 Feb, 2025 | 02:13
Updated At:04 May, 2025 | 08:38
Rejected At:
▼CVE Numbering Authority (CNA)
Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event We should not access skb buffer data anymore after hci_recv_frame was called. [ 39.634809] BUG: KASAN: use-after-free in btmtksdio_recv_event+0x1b0 [ 39.634855] Read of size 1 at addr ffffff80cf28a60d by task kworker [ 39.634962] Call trace: [ 39.634974] dump_backtrace+0x0/0x3b8 [ 39.634999] show_stack+0x20/0x2c [ 39.635016] dump_stack_lvl+0x60/0x78 [ 39.635040] print_address_description+0x70/0x2f0 [ 39.635062] kasan_report+0x154/0x194 [ 39.635079] __asan_report_load1_noabort+0x44/0x50 [ 39.635099] btmtksdio_recv_event+0x1b0/0x1c4 [ 39.635129] btmtksdio_txrx_work+0x6cc/0xac4 [ 39.635157] process_one_work+0x560/0xc5c [ 39.635177] worker_thread+0x7ec/0xcc0 [ 39.635195] kthread+0x2d0/0x3d0 [ 39.635215] ret_from_fork+0x10/0x20 [ 39.635247] Allocated by task 0: [ 39.635260] (stack is not available) [ 39.635281] Freed by task 2392: [ 39.635295] kasan_save_stack+0x38/0x68 [ 39.635319] kasan_set_track+0x28/0x3c [ 39.635338] kasan_set_free_info+0x28/0x4c [ 39.635357] ____kasan_slab_free+0x104/0x150 [ 39.635374] __kasan_slab_free+0x18/0x28 [ 39.635391] slab_free_freelist_hook+0x114/0x248 [ 39.635410] kfree+0xf8/0x2b4 [ 39.635427] skb_free_head+0x58/0x98 [ 39.635447] skb_release_data+0x2f4/0x410 [ 39.635464] skb_release_all+0x50/0x60 [ 39.635481] kfree_skb+0xc8/0x25c [ 39.635498] hci_event_packet+0x894/0xca4 [bluetooth] [ 39.635721] hci_rx_work+0x1c8/0x68c [bluetooth] [ 39.635925] process_one_work+0x560/0xc5c [ 39.635951] worker_thread+0x7ec/0xcc0 [ 39.635970] kthread+0x2d0/0x3d0 [ 39.635990] ret_from_fork+0x10/0x20 [ 39.636021] The buggy address belongs to the object at ffffff80cf28a600 which belongs to the cache kmalloc-512 of size 512 [ 39.636039] The buggy address is located 13 bytes inside of 512-byte region [ffffff80cf28a600, ffffff80cf28a800)

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/bluetooth/btmtksdio.c
Default Status
unaffected
Versions
Affected
  • From 9aebfd4a2200ab8075e44379c758bccefdc589bb before b3cec8a42fcd11d05313c724f27e01b1db77522c (git)
  • From 9aebfd4a2200ab8075e44379c758bccefdc589bb before 02ba31e09a26e8cd4582ac8e6163d80284997727 (git)
  • From 9aebfd4a2200ab8075e44379c758bccefdc589bb before 01c6a899fa6be4f4cbf60c4f44f0f6691155415f (git)
  • From 9aebfd4a2200ab8075e44379c758bccefdc589bb before 0fab6361c4ba17d1b43a991bef4238a3c1754d35 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/bluetooth/btmtksdio.c
Default Status
affected
Versions
Affected
  • 5.2
Unaffected
  • From 0 before 5.2 (semver)
  • From 5.15.54 through 5.15.* (semver)
  • From 5.17.14 through 5.17.* (semver)
  • From 5.18.3 through 5.18.* (semver)
  • From 5.19 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/b3cec8a42fcd11d05313c724f27e01b1db77522c
N/A
https://git.kernel.org/stable/c/02ba31e09a26e8cd4582ac8e6163d80284997727
N/A
https://git.kernel.org/stable/c/01c6a899fa6be4f4cbf60c4f44f0f6691155415f
N/A
https://git.kernel.org/stable/c/0fab6361c4ba17d1b43a991bef4238a3c1754d35
N/A
Hyperlink: https://git.kernel.org/stable/c/b3cec8a42fcd11d05313c724f27e01b1db77522c
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/02ba31e09a26e8cd4582ac8e6163d80284997727
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/01c6a899fa6be4f4cbf60c4f44f0f6691155415f
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/0fab6361c4ba17d1b43a991bef4238a3c1754d35
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:26 Feb, 2025 | 07:01
Updated At:24 Mar, 2025 | 19:58

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event We should not access skb buffer data anymore after hci_recv_frame was called. [ 39.634809] BUG: KASAN: use-after-free in btmtksdio_recv_event+0x1b0 [ 39.634855] Read of size 1 at addr ffffff80cf28a60d by task kworker [ 39.634962] Call trace: [ 39.634974] dump_backtrace+0x0/0x3b8 [ 39.634999] show_stack+0x20/0x2c [ 39.635016] dump_stack_lvl+0x60/0x78 [ 39.635040] print_address_description+0x70/0x2f0 [ 39.635062] kasan_report+0x154/0x194 [ 39.635079] __asan_report_load1_noabort+0x44/0x50 [ 39.635099] btmtksdio_recv_event+0x1b0/0x1c4 [ 39.635129] btmtksdio_txrx_work+0x6cc/0xac4 [ 39.635157] process_one_work+0x560/0xc5c [ 39.635177] worker_thread+0x7ec/0xcc0 [ 39.635195] kthread+0x2d0/0x3d0 [ 39.635215] ret_from_fork+0x10/0x20 [ 39.635247] Allocated by task 0: [ 39.635260] (stack is not available) [ 39.635281] Freed by task 2392: [ 39.635295] kasan_save_stack+0x38/0x68 [ 39.635319] kasan_set_track+0x28/0x3c [ 39.635338] kasan_set_free_info+0x28/0x4c [ 39.635357] ____kasan_slab_free+0x104/0x150 [ 39.635374] __kasan_slab_free+0x18/0x28 [ 39.635391] slab_free_freelist_hook+0x114/0x248 [ 39.635410] kfree+0xf8/0x2b4 [ 39.635427] skb_free_head+0x58/0x98 [ 39.635447] skb_release_data+0x2f4/0x410 [ 39.635464] skb_release_all+0x50/0x60 [ 39.635481] kfree_skb+0xc8/0x25c [ 39.635498] hci_event_packet+0x894/0xca4 [bluetooth] [ 39.635721] hci_rx_work+0x1c8/0x68c [bluetooth] [ 39.635925] process_one_work+0x560/0xc5c [ 39.635951] worker_thread+0x7ec/0xcc0 [ 39.635970] kthread+0x2d0/0x3d0 [ 39.635990] ret_from_fork+0x10/0x20 [ 39.636021] The buggy address belongs to the object at ffffff80cf28a600 which belongs to the cache kmalloc-512 of size 512 [ 39.636039] The buggy address is located 13 bytes inside of 512-byte region [ffffff80cf28a600, ffffff80cf28a800)

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.2(inclusive) to 5.15.54(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.16(inclusive) to 5.17.14(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.18(inclusive) to 5.18.3(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-416
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://git.kernel.org/stable/c/01c6a899fa6be4f4cbf60c4f44f0f6691155415f416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/02ba31e09a26e8cd4582ac8e6163d80284997727416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/0fab6361c4ba17d1b43a991bef4238a3c1754d35416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/b3cec8a42fcd11d05313c724f27e01b1db77522c416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Hyperlink: https://git.kernel.org/stable/c/01c6a899fa6be4f4cbf60c4f44f0f6691155415f
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/02ba31e09a26e8cd4582ac8e6163d80284997727
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/0fab6361c4ba17d1b43a991bef4238a3c1754d35
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/b3cec8a42fcd11d05313c724f27e01b1db77522c
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch

Change History

0
Information is not available yet

Similar CVEs

3188Records found
CVE-2021-0330
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.02%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 16:49
Updated-03 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-170732441

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2021-0332
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.80%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 16:49
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-169256435

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2020-9606
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.60% / 69.16%
||
7 Day CHG~0.00%
Published-25 Jun, 2020 | 21:22
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2023-21147
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.84%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-03 Dec, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In lwis_i2c_device_disable of lwis_device_i2c.c, there is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-269661912References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2021-0310
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.80%
||
7 Day CHG~0.00%
Published-11 Jan, 2021 | 21:48
Updated-03 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-170212632.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2021-0318
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.80%
||
7 Day CHG~0.00%
Published-11 Jan, 2021 | 21:47
Updated-03 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-8.1, Android-10, Android-11; Android ID: A-168211968.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-38401
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.66%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 10:22
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Qualcomm IPC

Memory corruption while processing concurrent IOCTL calls.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sw5100pqcs410_firmwarec-v2x_9150_firmwareqcs610_firmwarewcd9370qca8081_firmwarear8035_firmwareqca6696wsa8830_firmwarewcd9340_firmwareqfw7124_firmwareqca6698aq_firmwarewcd9341_firmwareqcc710_firmwarewsa8815_firmwarewcd9370_firmwareqca8337_firmwaresdx55_firmwareqca8337snapdragon_auto_5g_modem-rfwcn3660bqca6574aqca6595auwcd9340wcd9341snapdragon_x72_5g_modem-rf_system_firmwaresnapdragon_auto_5g_modem-rf_gen_2wcn3950wsa8810_firmwarewcn3988wcn3980_firmwareqca6584au_firmwareqcn6274snapdragon_auto_5g_modem-rf_gen_2_firmwarewcn3660b_firmwareqfw7124snapdragon_x75_5g_modem-rf_systemwsa8835qca6595au_firmwaresnapdragon_w5\+_gen_1_wearablesw5100p_firmwareqca6696_firmwareqcs410wcn3680b_firmwareqca8081wsa8815video_collaboration_vc1_platform_firmwarewsa8830c-v2x_9150qca6584auqcn6274_firmwareqcc710sw5100_firmwarear8035qca6574a_firmwaresnapdragon_x72_5g_modem-rf_systemsdx55qfw7114_firmwarefastconnect_7800_firmwaresnapdragon_w5\+_gen_1_wearable_firmwarevideo_collaboration_vc1_platformqcn6224qfw7114qca6698aqwcn3950_firmwarefastconnect_7800wcn3680bwcd9360wcd9360_firmwarewcn3988_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_auto_5g_modem-rf_firmwarewsa8835_firmwarewsa8810snapdragon_x75_5g_modem-rf_system_firmwarewcn3980sw5100video_collaboration_vc3_platformqcn6224_firmwareqcs610Snapdragonqualcomm_video_collaboration_vc1_platform_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca8337_firmwareqcn6274_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcd9360_firmwarewcn3988_firmwareqcn6224_firmwarewcn3950_firmwarewsa8810_firmwarewcd9341_firmwarefastconnect_7800_firmwareqca6595au_firmwaresnapdragon_x72_5g_modem-rf_system_firmwaresw5100p_firmwareqcs610_firmwareqca6698aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqca6584au_firmwarec-v2x_9150_firmwareqca6696_firmwareqfw7114_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9370_firmwarewcd9340_firmwareqcc710_firmwarewsa8830_firmwarewsa8815_firmwarewcn3660b_firmwarewsa8835_firmwareqca6574a_firmwarewcn3680b_firmwaresdx55_firmwaresw5100_firmwareqca8081_firmwareqcs410_firmwareqfw7124_firmwarewcn3980_firmwarear8035_firmware
CWE ID-CWE-416
Use After Free
CVE-2020-8750
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.41%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:07
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-trusted_execution_engineIntel(R) TXE
CWE ID-CWE-416
Use After Free
CVE-2025-8176
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 4.33%
||
7 Day CHG~0.00%
Published-26 Jul, 2025 | 03:32
Updated-11 Sep, 2025 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LibTIFF tiffmedian.c get_histogram use after free

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffLibTIFF
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-416
Use After Free
CVE-2025-8837
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.05% / 14.26%
||
7 Day CHG~0.00%
Published-11 Aug, 2025 | 08:02
Updated-16 Sep, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JasPer JPEG2000 File jpc_dec.c jpc_dec_dump use after free

A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-n/aJasPer
Product-jasperJasPer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-416
Use After Free
CVE-2020-5984
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.03%
||
7 Day CHG~0.00%
Published-02 Oct, 2020 | 21:10
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which it may have the use-after-free vulnerability while freeing some resources, which may lead to denial of service, code execution, and information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpu_managerNVIDIA vGPU Software
CWE ID-CWE-416
Use After Free
CVE-2025-8842
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 8.90%
||
7 Day CHG~0.00%
Published-11 Aug, 2025 | 10:32
Updated-15 Sep, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NASM Netwide Assember preproc.c do_directive use after free

A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-nasmNASM
Product-netwide_assemblerNetwide Assember
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-416
Use After Free
CVE-2020-5348
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 30.30%
||
7 Day CHG~0.00%
Published-03 Apr, 2020 | 23:20
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_7202_firmwarelatitude_7202CPG BIOS
CWE ID-CWE-416
Use After Free
CVE-2024-3857
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.41%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 15:14
Updated-01 Apr, 2025 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/Linux
Product-thunderbirdfirefoxdebian_linuxFirefoxFirefox ESRThunderbirdfirefoxthunderbirdfirefox_esr
CWE ID-CWE-416
Use After Free
CVE-2020-3696
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.37%
||
7 Day CHG~0.00%
Published-02 Nov, 2020 | 06:21
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checking security permission for particular process' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8996AU, QCA4531, QCA6574AU, QCA9531, QCM2150, QCS605, SDM429W, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca4531_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwareapq8098_firmwaresdx20qcm2150sdx24mdm9607_firmwareqca9531ipq8074_firmwareqca6574aumsm8909w_firmwaremdm9607msm8996ausdm429w_firmwareapq8017_firmwareapq8009_firmwaremsm8909wqcs605_firmwareipq4019_firmwaremdm9207c_firmwareipq6018mdm9206mdm9207cmsm8905sdx24_firmwareipq8074apq8096auqca4531apq8098ipq6018_firmwaremdm9206_firmwareqcs605ipq4019apq8053apq8096au_firmwaresdx20_firmwareqca9531_firmwaremsm8905_firmwareipq8064qca6574au_firmwareapq8017apq8009apq8053_firmwareipq8064_firmwareSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-416
Use After Free
CVE-2020-3701
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 26.79%
||
7 Day CHG~0.00%
Published-30 Jul, 2020 | 11:40
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free issue while processing error notification from camx driver due to not properly releasing the sequence data in Snapdragon Mobile in Saipan, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-saipan_firmwaresm8250sxr2130_firmwaresaipansxr2130sm8250_firmwareSnapdragon Mobile
CWE ID-CWE-416
Use After Free
CVE-2024-38424
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.89%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 10:05
Updated-16 Nov, 2024 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in GPS

Memory corruption during GNSS HAL process initialization.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8620pqam8255p_firmwaresnapdragon_8_gen_1_mobile_platformtalynplus_firmwarewsa8830snapdragon_662_mobile_platform_firmwaresxr2230p_firmwareqca8337qam8650pqfw7124sg8275p_firmwareqam8775pqamsrv1mqcn6224_firmwarewsa8840wcn3950_firmwaresrv1l_firmwarewcn6755_firmwareqca6595au_firmwaresnapdragon_480_5g_mobile_platformvideo_collaboration_vc3_platformwcd9370snapdragon_460_mobile_platform_firmwareqcs6125_firmwaresnapdragon_480_5g_mobile_platform_firmwareqep8111_firmwarewcn3990_firmwareqca6584au_firmwaresnapdragon_8_gen_2_mobile_platformqamsrv1hwcd9385_firmwarewcn7881_firmwarewcn3950talynplusfastconnect_6200qamsrv1h_firmwaresd_8_gen1_5g_firmwarewcn3660bsnapdragon_460_mobile_platformqca6688aqsa9000p_firmwaresnapdragon_429_mobile_platform_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwaresnapdragon_4_gen_2_mobile_platformsa7255pwsa8845h_firmwarewcd9375_firmwaresnapdragon_8_gen_3_mobile_platformqfw7114qca8081_firmwareqca6595ausnapdragon_429_mobile_platformsnapdragon_680_4g_mobile_platform_firmwarewcn7860snapdragon_w5\+_gen_1_wearable_platform_firmwaresa8620p_firmwaresa6155p_firmwareqca6584auqcm8550_firmwarewcn7881snapdragon_x72_5g_modem-rf_systemsa8775p_firmwareqcs6490wsa8840_firmwareqca6698aqsm4635qcs6125qcs8550_firmwaresm8635wcn3988_firmwarewcn7880_firmwaresrv1hsa7775p_firmwaresnapdragon_8\+_gen_1_mobile_platformwcd9340sa8195pfastconnect_6700_firmwarewsa8810_firmwareqcn6224vision_intelligence_400_platformsw5100wsa8845hwcn6755wcd9395_firmwarewcd9335snapdragon_x75_5g_modem-rf_systemsm8750p_firmwaresm8750_firmwaresg4150psa8255p_firmwaresnapdragon_x35_5g_modem-rf_systemsa6155psnapdragon_auto_5g_modem-rf_gen_2qcm4490sa7775pqca8081sxr2250pqca6698aq_firmwaresnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)qca6174a_firmwarewcd9385wcd9341snapdragon_auto_5g_modem-rf_gen_2_firmwaresa8770p_firmwaresa8255pqam8775p_firmwareqca6696_firmwareqcs6490_firmwareqca6797aqar8035wcd9375wcd9390vision_intelligence_400_platform_firmwareqcc710_firmwaresnapdragon_662_mobile_platformwsa8830_firmwarewcn3620_firmwarewsa8815_firmwarewcn3988wsa8835_firmwarewcn3620sa8195p_firmwaresxr2250p_firmwaresg4150p_firmwarewcn7880snapdragon_8_gen_2_mobile_platform_firmwaresa8770pqcm6125_firmwareqcm4325qca6688aq_firmwarewcd9380_firmwareqca8337_firmwaresm4635_firmwarewcn3990sw5100pwcd9378_firmwaresdm429wsnapdragon_w5\+_gen_1_wearable_platformqca6595qcm8550wsa8835qca6574sdm429w_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwaresd_8_gen1_5gwcd9380qcn6274snapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmwaresnapdragon_x72_5g_modem-rf_system_firmwarefastconnect_6700snapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresm8635_firmwareqca6574aqca6174asnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)_firmwarevideo_collaboration_vc3_platform_firmwaresg8275pwcn3980wcd9335_firmwareqfw7114_firmwarewsa8845sa8650psa9000pqcm4325_firmwarewcd9340_firmwareqca6574_firmwarewsa8815sxr2230pwsa8845_firmwaresnapdragon_4_gen_1_mobile_platformwcn3660b_firmwaresm8750psa8775pqca6574a_firmwarefastconnect_6200_firmwarewcn3980_firmwarefastconnect_7800wcn6740_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqcm4490_firmwareqcn6274_firmwareqcs4490_firmwarewcn7861_firmwarewsa8832_firmwaresa8650p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900srv1h_firmwarefastconnect_6900_firmwarevideo_collaboration_vc1_platform_firmwareqca6797aq_firmwareqca6574ausa8155p_firmwaresrv1lsa7255p_firmwarewcd9341_firmwaresnapdragon_8\+_gen_2_mobile_platformwsa8810sa8620pwsa8832qcm6125fastconnect_7800_firmwaresw5100p_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_680_4g_mobile_platformsm8550psrv1m_firmwareqamsrv1m_firmwaresm8750qam8650p_firmwareqcc710qcs4490wcn7860_firmwareqca6595_firmwarewcn7861wcn6740wcd9395qca6696qcs8550wcd9370_firmwaresm8550p_firmwarewcd9390_firmwaresnapdragon_8_gen_3_mobile_platform_firmwaresa8155psnapdragon_695_5g_mobile_platformvideo_collaboration_vc1_platformsrv1msnapdragon_8\+_gen_1_mobile_platform_firmwaresw5100_firmwareqam8620p_firmwareqfw7124_firmwarewcd9378qam8255pqep8111snapdragon_685_4g_mobile_platform_\(sm6225-ad\)ar8035_firmwareSnapdragonqam8255p_firmwarequalcomm_video_collaboration_vc1_platform_firmwaretalynplus_firmwaresnapdragon_662_mobile_platform_firmwareqca8337_firmwarewcd9380_firmwaresm4635_firmwaresxr2230p_firmwarewcd9378_firmwaresg8275p_firmwarear8035_firmwareqcn6224_firmwaresdm429w_firmwarewcn3950_firmwaresrv1l_firmwarewcn6755_firmwareqca6595au_firmwaresnapdragon_x72_5g_modem-rf_system_firmwaresnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresm8635_firmwaresnapdragon_460_mobile_platform_firmwareqcs6125_firmwaresnapdragon_480_5g_mobile_platform_firmwareqca6584au_firmwareqep8111_firmwarewcn3990_firmwarewcd9335_firmwareqfw7114_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9385_firmwarewcn7881_firmwareqcm4325_firmwareqamsrv1h_firmwareqca6574_firmwaresd_8_gen1_5g_firmwarewcd9340_firmwarewsa8845_firmwarewcn3660b_firmwaresa9000p_firmwaresnapdragon_429_mobile_platform_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwareqca6574a_firmwarefastconnect_6200_firmwarewcd9375_firmwareqca8081_firmwarewsa8845h_firmwarewcn3980_firmwaresnapdragon_680_4g_mobile_platform_firmwarewcn6740_firmwaresa8620p_firmwaresa6155p_firmwareqcm8550_firmwareqcm4490_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqcn6274_firmwareqcs4490_firmwaresa8775p_firmwarewcn7861_firmwarewsa8840_firmwaresa8650p_firmwarewsa8832_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwaresrv1h_firmwareqcs8550_firmwarewcn3988_firmwareqca6797aq_firmwarewcn7880_firmwaresa8155p_firmwaresa7775p_firmwarefastconnect_6700_firmwaresa7255p_firmwarewsa8810_firmwarewcd9341_firmwarefastconnect_7800_firmwarewcd9395_firmwaresa8255p_firmwaresm8750_firmwaresm8750p_firmwaresw5100p_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqca6698aq_firmwareqamsrv1m_firmwaresrv1m_firmwareqca6174a_firmwareqam8650p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresa8770p_firmwareqam8775p_firmwareqca6696_firmwareqcs6490_firmwarewcn7860_firmwareqca6595_firmwarewcd9370_firmwaresm8550p_firmwareqcc710_firmwarevision_intelligence_400_platform_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewsa8830_firmwarewcd9390_firmwarewcn3620_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresw5100_firmwareqam8620p_firmwareqfw7124_firmwaresxr2250p_firmwaresg4150p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqca6688aq_firmwareqcm6125_firmware
CWE ID-CWE-416
Use After Free
CVE-2024-38066
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.52% / 66.49%
||
7 Day CHG-0.05%
Published-09 Jul, 2024 | 17:03
Updated-10 Feb, 2026 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32k Elevation of Privilege Vulnerability

Windows Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2020-3642
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.50%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy of the object in Snapdragon Consumer IOT, Snapdragon Mobile in Kamorta, QCS605, Rennell, Saipan, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-kamorta_firmwaresdm670_firmwaresm8150_firmwaresxr2130_firmwarerennellsdm845rennell_firmwaresm8250_firmwareqcs605sm7150_firmwaresaipan_firmwaresm6150_firmwaresdm710sm6150sm8250sm8150sdm710_firmwaresxr1130_firmwarekamortasm7150saipansxr1130sdm670sxr2130qcs605_firmwaresdm845_firmwareSnapdragon Consumer IOT, Snapdragon Mobile
CWE ID-CWE-416
Use After Free
CVE-2024-38141
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-6.81% / 91.21%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2Windows 11 Version 24H2Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2019Windows 11 version 22H3Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2012Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-416
Use After Free
CVE-2024-38193
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-74.83% / 98.85%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:29
Updated-28 Oct, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-09-03||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_server_2012windows_server_2008windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2019windows_11_21h2windows_server_2016Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 21H2Windows 11 Version 24H2Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2022Windows Server 2019Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows 10 Version 1809Windows 11 version 22H2Windows 11 version 22H3Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2016Windows
CWE ID-CWE-416
Use After Free
CVE-2024-38412
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.03% / 9.34%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-05 Feb, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Computer Vision

Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwarewsa8840snapdragon_8_gen_3_mobile_firmwarewsa8845_firmwarewsa8845h_firmwarewsa8845snapdragon_8_gen_3_mobilewcd9395_firmwarewcd9390wsa8840_firmwarewsa8845hwcd9395fastconnect_7800wcd9390_firmwareSnapdragon
CWE ID-CWE-416
Use After Free
CVE-2024-3759
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.52%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 06:27
Updated-02 Jan, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hmdfs has a use after free vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-416
Use After Free
CVE-2024-48423
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.04% / 13.74%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 00:00
Updated-05 Nov, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.

Action-Not Available
Vendor-assimpn/aassimp
Product-assimpn/aassimp
CWE ID-CWE-416
Use After Free
CVE-2024-38150
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-6.81% / 91.21%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DWM Core Library Elevation of Privilege Vulnerability

Windows DWM Core Library Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2022_23h2windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_11_23h2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows 11 version 22H2Windows 11 Version 24H2Windows 11 Version 23H2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 21H2
CWE ID-CWE-416
Use After Free
CVE-2022-49043
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.10% / 28.00%
||
7 Day CHG+0.07%
Published-26 Jan, 2025 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.

Action-Not Available
Vendor-libxml2 (XMLSoft)
Product-libxml2libxml2
CWE ID-CWE-416
Use After Free
CVE-2024-47017
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.78%
||
7 Day CHG+0.01%
Published-25 Oct, 2024 | 10:34
Updated-28 Oct, 2024 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-416
Use After Free
CVE-2024-46971
Matching Score-4
Assigner-Imagination Technologies
ShareView Details
Matching Score-4
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.61%
||
7 Day CHG+0.03%
Published-13 Dec, 2024 | 17:32
Updated-16 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - UAF of memory in PMRUnlockSysPhysAddressesLocalMem for on-demand PMRs on PCI (LMA) systems

Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-38252
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.47% / 64.17%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_server_2016windows_server_2022_23h2windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_10_21h1windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H2Windows 11 version 22H3Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2Windows 11 Version 24H2Windows Server 2016
CWE ID-CWE-416
Use After Free
CVE-2020-3618
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.34%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 15:05
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL exception due to accessing bad pointer while posting events on RT FIFO in Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, QCA8081, SC8180X, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-ipq6018ipq8074_firmwaresxr2130_firmwareipq8074qca8081_firmwareipq6018_firmwareqca8081sxr2130sc8180xsc8180x_firmwareSnapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-416
Use After Free
CVE-2024-38402
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.21% / 42.53%
||
7 Day CHG-0.46%
Published-02 Sep, 2024 | 10:22
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in DSP Services

Memory corruption while processing IOCTL call for getting group info.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwareqcm8550_firmwareqcs410_firmwaresa6150p_firmwaresw5100pqca6595qcs610_firmwarewcd9335wcd9370qca8081_firmwareqca6696qam8620p_firmwarewcd9340_firmwarewcd9341_firmwarewcd9395_firmwareqcn6024qcc710_firmwaresnapdragon_8\+_gen_1_mobilewcn6740_firmwarefastconnect_6700snapdragon_780g_5g_mobilesnapdragon_685_4g_mobilesa4150psnapdragon_782g_mobile_firmwarewsa8832_firmwareqca8337qdu1110wcd9395qca6574au_firmwaresnapdragon_x72_5g_modem-rfsm6370qam8295psnapdragon_x12_lte_firmwarewcd9341qca6574auwcd9390snapdragon_888\+_5g_mobile_firmwaresa8620p_firmwarewsa8810_firmwarewsa8845h_firmwarecsra6640snapdragon_778g_5g_mobile_firmwaresa9000p_firmwaresrv1hqcs5430qcn6024_firmwareqcm5430qcm5430_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psa8770pqcm6125_firmwaressg2115pqcc710qsm8350_firmwarefastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwarevideo_collaboration_vc1_platformqru1032_firmwareqep8111sa7255psm8635qfw7114wcd9385_firmwareqam8255p_firmwaresdx61snapdragon_x65_5g_modem-rfqcs4490snapdragon_680_4g_mobilewsa8845sa6155pqcm6125qca6564au_firmwarewsa8810qam8650pvideo_collaboration_vc5_platform_firmwaresa9000pqdu1000_firmwaresrv1h_firmwaresnapdragon_888_5g_mobile_firmwareqca6595ausnapdragon_888_5g_mobilesxr2250p_firmwaresm7315_firmwareqdu1010snapdragon_662_mobile_firmwaresa6155p_firmwaresnapdragon_685_4g_mobile_firmwarewsa8840srv1m_firmwareqcs8550_firmwaresnapdragon_782g_mobilesnapdragon_x35_5g_modem-rf_firmwareqdu1210_firmwaresnapdragon_8_gen_2_mobile_firmwareqfw7124_firmwaresnapdragon_4_gen_2_mobile_firmwareqcn9012snapdragon_695_5g_mobile_firmwareqcs4490_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresnapdragon_x62_5g_modem-rf_firmwaresnapdragon_460_mobilesnapdragon_8_gen_2_mobilewcd9370_firmwareqdu1110_firmwareqdu1000sa7255p_firmwareqca6574asnapdragon_x72_5g_modem-rf_firmwaresnapdragon_8\+_gen_2_mobileqca6174asa8195pwcd9340qcs8250_firmwareqdu1210talynplussnapdragon_auto_5g_modem-rf_gen_2qcm6490sm8550p_firmwaresxr2250pqcm8550wcn3988sm6370_firmwaresnapdragon_662_mobileqcn9024sa8775pqca6574sxr2230p_firmwareqcn9011sa8775p_firmwareqamsrv1hsmart_audio_400qcn9024_firmwarewsa8845hsa6150pqcs410sa8155p_firmwareqca6564asa8155pwsa8830sm8550psa6145psa8255p_firmwarear8035qamsrv1m_firmwaresnapdragon_4_gen_2_mobileqrb5165m_firmwaresa8650p_firmwareqcm4325srv1l_firmwareqcn6224qca6698aqwcn3950_firmwaresa7775p_firmwaressg2125p_firmwareqrb5165nsnapdragon_480\+_5g_mobilefastconnect_6200sm7325p_firmwaresa8145p_firmwaresnapdragon_480_5g_mobile_firmwareqdx1011sa8150p_firmwarefastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_x75_5g_modem-rf_firmwaresnapdragon_8_gen_3_mobileqcs6490qcs8250snapdragon_695_5g_mobilesnapdragon_778g_5g_mobilefastconnect_6200_firmwarewsa8830_firmwaresnapdragon_460_mobile_firmwareqcn6224_firmwareqca6678aq_firmwarewsa8845_firmwarewsa8832sdx61_firmwaresnapdragon_480_5g_mobilesrv1lsrv1mqca6678aqsnapdragon_x35_5g_modem-rfar8035_firmwaresnapdragon_778g\+_5g_mobileqrb5165msa4150p_firmwaresd888_firmwaresnapdragon_x62_5g_modem-rfqca6564auqcs6125_firmwarewsa8815_firmwaresa8195p_firmwareqca8337_firmwaresnapdragon_x12_ltesg8275p_firmwareqca9377_firmwareqcm6490_firmwareqcm4490_firmwareqru1032wcn3950qcs6125flight_rb5_5gqca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_7c\+_gen_3_computetalynplus_firmwaresnapdragon_778g\+_5g_mobile_firmwaresa8295p_firmwaresmart_audio_400_firmwaresa4155p_firmwareqca6584ausd888qcn6274_firmwarewcn6755_firmwareqcn9011_firmwareqru1062_firmwaresw5100_firmwarewcn6740snapdragon_780g_5g_mobile_firmwareqru1062snapdragon_8_gen_3_mobile_firmwareqfw7114_firmwareqcs7230qca6595_firmwarefastconnect_7800_firmwaresm8635_firmwarefastconnect_6900_firmwarerobotics_rb5_firmwarewcd9380sa6145p_firmwareqam8255psxr2230psa8150pwcn6755snapdragon_auto_5g_modem-rf_firmwaresxr1230psw5100video_collaboration_vc3_platformsnapdragon_4_gen_1_mobile_firmwareqca6688aqqam8295p_firmwaresm7315qca6698aq_firmwareqca6564a_firmwarewcd9385snapdragon_888\+_5g_mobileqsm8350snapdragon_8_gen_1_mobilesnapdragon_680_4g_mobile_firmwaresa8255pqcs7230_firmwaresxr1230p_firmwarewcd9390_firmwareqep8111_firmwaresg8275pqdx1011_firmwaresnapdragon_auto_5g_modem-rfflight_rb5_5g_firmwaressg2125pqru1052qcm4490snapdragon_x65_5g_modem-rf_firmwarecsra6640_firmwaresnapdragon_480\+_5g_mobile_firmwareqamsrv1mrobotics_rb5qca6174a_firmwaresm7325pqam8650p_firmwarevideo_collaboration_vc5_platformqcs6490_firmwarewcd9335_firmwareqam8620pqrb5165n_firmwarewcn3980_firmwareqca6584au_firmwareqcn6274wsa8835wsa8840_firmwareqca6391_firmwareqfw7124qca6595au_firmwareqcs610qdu1010_firmwaresw5100p_firmwareqca6696_firmwarewcd9380_firmwareqca6574_firmwarecsra6620qca8081wsa8815mdm9628sg4150psd_8_gen1_5gqam8775pqca9377snapdragon_ar2_gen_1_firmwareqca6797aqmdm9628_firmwaresnapdragon_x75_5g_modem-rfqcm4325_firmwaresa8620pqca6574a_firmwaresnapdragon_4_gen_1_mobilesd_8_gen1_5g_firmwarewcd9375_firmwaresa7775pqca6391qcn9012_firmwareqcs5430_firmwaresg4150p_firmwareqru1052_firmwaresa8770p_firmwarecsra6620_firmwaresa8295pqcs8550fastconnect_7800sa8650pqam8775p_firmwaresnapdragon_8\+_gen_2_mobile_firmwarewcd9375qca6688aq_firmwaresnapdragon_ar2_gen_1wcn3988_firmwareqamsrv1h_firmwaresa8145psnapdragon_8\+_gen_1_mobile_firmwarewsa8835_firmwaressg2115p_firmwarewcn3980qdx1010snapdragon_w5\+_gen_1_wearablesnapdragon_8_gen_1_mobile_firmwareSnapdragonqam8255p_firmwareqca9377_firmwaretalynplus_firmwaresnapdragon_662_mobile_platform_firmwaresa6150p_firmwaresa8145p_firmwaresxr2230p_firmwaresg8275p_firmwaremdm9628_firmwareflight_rb5_5g_platform_firmwareqcn6224_firmwarewcn3950_firmwaresrv1l_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa8150p_firmwarewcn6755_firmwareqca6595au_firmwarecsra6620_firmwarecsra6640_firmwareqcm5430_firmwareqcs6125_firmwaresnapdragon_460_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwareqca6584au_firmwareqep8111_firmwareqrb5165n_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9385_firmwareqcn6024_firmwareqamsrv1h_firmwaresd_8_gen1_5g_firmwareqsm8350_firmwareqam8295p_firmwareqcn9011_firmwaresa9000p_firmwaresm7315_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwarewcd9375_firmwareqca8081_firmwarewsa8845h_firmwaresnapdragon_680_4g_mobile_platform_firmwareqca6564au_firmwaresa8620p_firmwaresa6155p_firmwaresnapdragon_auto_5g_modem-rf_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqca6678aq_firmwaresmart_audio_400_platform_firmwaresa8775p_firmwareqrb5165m_firmwarewsa8840_firmwaresa4155p_firmwareqcs8550_firmwarewcn3988_firmwareqru1062_firmwaresa6145p_firmwaresa7775p_firmwarefastconnect_6700_firmwarewsa8810_firmwaresnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwarewcd9395_firmwareqdu1000_firmwareqca6698aq_firmwareqca6174a_firmwaresa8770p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqam8775p_firmwareqca6696_firmwareqcs6490_firmwaresnapdragon_x12_lte_modem_firmwareqru1052_firmwareqcc710_firmwarewsa8830_firmwarewsa8815_firmwarewsa8835_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresa8195p_firmwaresa8295p_firmwaresxr2250p_firmwaresg4150p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqca6688aq_firmwareqcm6125_firmwarequalcomm_video_collaboration_vc1_platform_firmwarerobotics_rb5_platform_firmwareqca8337_firmwarewcd9380_firmwaresnapdragon_778g_5g_mobile_platform_firmwareqcs7230_firmwareqdu1010_firmwaresxr1230p_firmwareqdu1110_firmwaresnapdragon_x72_5g_modem-rf_system_firmwaresnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaressg2125p_firmwaresm8635_firmwareqcn9012_firmwaresm6370_firmwareqfw7114_firmwarewcd9335_firmwareqcm4325_firmwareqca6574_firmwarewcd9340_firmwaresm7325p_firmwareqru1032_firmwarewsa8845_firmwareqca6574a_firmwarefastconnect_6200_firmwaresnapdragon_x62_5g_modem-rf_system_firmwarewcn3980_firmwarewcn6740_firmwareqcm4490_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqcn6274_firmwareqcs4490_firmwareqcm6490_firmwaresa8650p_firmwarewsa8832_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwaresrv1h_firmwareqca6797aq_firmwaresa8155p_firmwareqdx1011_firmwareqca6564a_firmwareqcn9024_firmwaresa7255p_firmwareqcs8250_firmwarewcd9341_firmwarefastconnect_7800_firmwareqdx1010_firmwaresw5100p_firmwareqcs610_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqamsrv1m_firmwaresrv1m_firmwareqam8650p_firmwareqca6595_firmwareqcs5430_firmwareqca6391_firmwaresa4150p_firmwarewcd9370_firmwaresm8550p_firmwarequalcomm_video_collaboration_vc5_platform_firmwaresd888_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewcd9390_firmwaresdx61_firmwaressg2115p_firmwaresw5100_firmwareqam8620p_firmwareqcs410_firmwareqfw7124_firmwareqdu1210_firmwarear8035_firmware
CWE ID-CWE-416
Use After Free
CVE-2024-38419
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.89%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 10:04
Updated-07 Nov, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Automotive GPU

Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresnapdragon_8_gen_1_mobile_platformqam8255p_firmwaresa6150p_firmwareqcs610qca8337qfw7124sg8275p_firmwareqam8775pqamsrv1mqru1052wsa8840wcn3950_firmwaresa8150p_firmwarewcn6755_firmwareqca6595au_firmwaresnapdragon_480_5g_mobile_platformvideo_collaboration_vc3_platformcsra6620_firmwarecsra6640_firmwaresnapdragon_460_mobile_platform_firmwareqcs6125_firmwareqcm5430_firmwaresnapdragon_480_5g_mobile_platform_firmwareqep8111_firmwareqam8295pwcn3950mdm9628snapdragon_460_mobile_platformqca6688aqsnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwarewcd9375_firmwareqca8081_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca9367_firmwareqca6678aq_firmwaresmart_audio_400_platform_firmwareqrb5165m_firmwarewsa8840_firmwaresa4155p_firmwareqcs6125qca6698aqsm8635qru1062_firmwaresa7775p_firmwarewcd9340sw5100wcn6755sa6155pqdu1000_firmwareqca6698aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwarewcd9341sa8255pqam8775p_firmwareqca6696_firmwareqca6797aqqru1052_firmwaresa8150probotics_rb5_platformqcc710_firmwarewsa8830_firmwarewcn3988snapdragon_685_4g_mobile_platform_firmwaresa8195p_firmwaresa8295p_firmwaresa8770pwcd9380_firmwareqca8337_firmwaresw5100psnapdragon_w5\+_gen_1_wearable_platformqcm8550qca6564ausnapdragon_670_mobile_platform_firmwaresd670_firmwareqca6574qdu1110_firmwarewcd9380snapdragon_x72_5g_modem-rf_system_firmwarefastconnect_6700qcs410sm8635_firmwarevideo_collaboration_vc3_platform_firmwaresg8275pwcn3980wcd9335_firmwareqfw7114_firmwareqcn9012_firmwarewsa8845qcm4325_firmwarewcd9340_firmwarewsa8815snapdragon_4_gen_1_mobile_platformqcs8250snapdragon_670_mobile_platformwcn3980_firmwaresa8295pqca6678aqsa8650p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900fastconnect_6900_firmwareqdu1010qca6797aq_firmwaresrv1lsd670qdx1011_firmwareqca6564a_firmwaresa7255p_firmwaresnapdragon_8\+_gen_2_mobile_platformsa8620pwsa8832qdx1010_firmwaresw5100p_firmwareqcs610_firmwareqamsrv1m_firmwaresa6145pqcm5430qcc710qca6595_firmwarewcd9395sa8145pqcs5430_firmwaresnapdragon_710_mobile_platform_firmwareqca6391_firmwaresa4150p_firmwarewcd9370_firmwaresm8550p_firmwareqdx1010sa8155pcsra6640snapdragon_695_5g_mobile_platformvideo_collaboration_vc1_platformsrv1mqam8620p_firmwareqfw7124_firmwareqam8255pqdu1210_firmwareqep8111sa4155par8035_firmwaresnapdragon_480\+_5g_mobile_platformwsa8830snapdragon_662_mobile_platform_firmwaresa8145p_firmwareqam8650pmdm9628_firmwareflight_rb5_5g_platformcsra6620flight_rb5_5g_platform_firmwareqcn6224_firmwaresrv1l_firmwarewcd9370snapdragon_480\+_5g_mobile_platform_firmwareqdu1110wcn3990_firmwareqrb5165n_firmwaresnapdragon_8_gen_2_mobile_platformqca6584au_firmwareqca9377qamsrv1hwcd9385_firmwarewcd9326_firmwarefastconnect_6200qamsrv1h_firmwareqam8295p_firmwareqcn9011_firmwaresa9000p_firmwaresa7255pwsa8845h_firmwaresnapdragon_8_gen_3_mobile_platformqca6595auqfw7114snapdragon_680_4g_mobile_platform_firmwareqrb5165nsnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6564au_firmwaresa8620p_firmwaresa6155p_firmwareqca6584auqcm8550_firmwaresnapdragon_x72_5g_modem-rf_systemsa8775p_firmwareqcs6490sm4635qca9367video_collaboration_vc5_platformqcs8550_firmwarewcn3988_firmwaresrv1hsa6145p_firmwarefastconnect_6700_firmwaresa8195psxr1120wsa8810_firmwareqcn6224vision_intelligence_400_platformwsa8845hwcd9395_firmwarewcd9335wcd9326snapdragon_x75_5g_modem-rf_systemsg4150psa8255p_firmwareqcs7230snapdragon_x35_5g_modem-rf_systemqca8081snapdragon_auto_5g_modem-rf_gen_2sa7775pqcs5430qca6174a_firmwareqam8620pwcd9385sa8770p_firmwareqcs6490_firmwarear8035wcd9375wcd9390vision_intelligence_400_platform_firmwaresnapdragon_662_mobile_platformsnapdragon_685_4g_mobile_platformwsa8815_firmwareqcm6490wsa8835_firmwarevideo_collaboration_vc5_platform_firmwaresxr1120_firmwareqca6564asg4150p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresa4150pqcm6125_firmwareqcm4325qca6688aq_firmwarerobotics_rb5_platform_firmwaresm4635_firmwarewcn3990wcd9378_firmwareqca6595qru1032qcs7230_firmwareqdu1010_firmwareqcn9012qdx1011qdu1000wsa8835snapdragon_8\+_gen_2_mobile_platform_firmwaresnapdragon_auto_5g_modem-rfqcn6274snapdragon_4_gen_1_mobile_platform_firmwareqca6574asmart_audio_400_platformqca6174aqru1062sa8650psa9000pqca6574_firmwarewsa8845_firmwareqru1032_firmwaresa8775pqca6574a_firmwarefastconnect_6200_firmwareqrb5165mqca6391snapdragon_710_mobile_platformfastconnect_7800snapdragon_x35_5g_modem-rf_system_firmwareqcn6274_firmwareqcm6490_firmwarewsa8832_firmwaresnapdragon_xr1_platformsrv1h_firmwareqcn9011video_collaboration_vc1_platform_firmwareqca6574ausa8155p_firmwareqcs8250_firmwarewcd9341_firmwareqcm6125wsa8810fastconnect_7800_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_680_4g_mobile_platformsm8550psrv1m_firmwareqam8650p_firmwareqca6696qcs8550sa6150pwcd9390_firmwaresnapdragon_8_gen_3_mobile_platform_firmwareqdu1210sw5100_firmwareqcs410_firmwarewcd9378snapdragon_xr1_platform_firmwareSnapdragonqam8255p_firmwareqca9377_firmwaresnapdragon_662_mobile_platform_firmwaresa6150p_firmwaresa8145p_firmwaresg8275p_firmwaremdm9628_firmwareflight_rb5_5g_platform_firmwareqcn6224_firmwarewcn3950_firmwaresrv1l_firmwaresa8150p_firmwarewcn6755_firmwareqca6595au_firmwarecsra6620_firmwarecsra6640_firmwareqcm5430_firmwareqcs6125_firmwaresnapdragon_460_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwareqca6584au_firmwareqep8111_firmwareqrb5165n_firmwarewcn3990_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9385_firmwarewcd9326_firmwareqamsrv1h_firmwareqam8295p_firmwareqcn9011_firmwaresa9000p_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwarewcd9375_firmwareqca8081_firmwarewsa8845h_firmwaresnapdragon_680_4g_mobile_platform_firmwareqca6564au_firmwaresa8620p_firmwaresa6155p_firmwareqca9367_firmwaresnapdragon_auto_5g_modem-rf_firmwareqcm8550_firmwareqca6678aq_firmwaresmart_audio_400_platform_firmwaresa8775p_firmwareqrb5165m_firmwarewsa8840_firmwaresa4155p_firmwareqcs8550_firmwarewcn3988_firmwareqru1062_firmwaresa6145p_firmwaresa7775p_firmwarefastconnect_6700_firmwarewsa8810_firmwarewcd9395_firmwaresa8255p_firmwareqdu1000_firmwareqca6698aq_firmwareqca6174a_firmwaresa8770p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqam8775p_firmwareqca6696_firmwareqcs6490_firmwareqru1052_firmwareqcc710_firmwarevision_intelligence_400_platform_firmwarewsa8830_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresxr1120_firmwaresa8295p_firmwaresg4150p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqca6688aq_firmwareqcm6125_firmwarequalcomm_video_collaboration_vc1_platform_firmwarerobotics_rb5_platform_firmwareqca8337_firmwarewcd9380_firmwaresm4635_firmwarewcd9378_firmwareqcs7230_firmwareqdu1010_firmwaresnapdragon_670_mobile_platform_firmwaresd670_firmwareqdu1110_firmwaresnapdragon_x72_5g_modem-rf_system_firmwaresnapdragon_4_gen_1_mobile_platform_firmwaresm8635_firmwareqcn9012_firmwarewcd9335_firmwareqfw7114_firmwareqcm4325_firmwareqca6574_firmwarewcd9340_firmwareqru1032_firmwarewsa8845_firmwareqca6574a_firmwarefastconnect_6200_firmwarewcn3980_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqcn6274_firmwareqcm6490_firmwaresa8650p_firmwarewsa8832_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwaresrv1h_firmwareqca6797aq_firmwaresa8155p_firmwareqdx1011_firmwareqca6564a_firmwaresa7255p_firmwareqcs8250_firmwarewcd9341_firmwarefastconnect_7800_firmwareqdx1010_firmwaresw5100p_firmwareqcs610_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqamsrv1m_firmwaresrv1m_firmwareqam8650p_firmwareqca6595_firmwareqcs5430_firmwareqca6391_firmwaresnapdragon_710_mobile_platform_firmwaresa4150p_firmwarewcd9370_firmwaresm8550p_firmwarequalcomm_video_collaboration_vc5_platform_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewcd9390_firmwaresw5100_firmwareqam8620p_firmwareqcs410_firmwareqfw7124_firmwareqdu1210_firmwarear8035_firmwaresnapdragon_xr1_platform_firmware
CWE ID-CWE-416
Use After Free
CVE-2024-38253
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.47% / 64.17%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_24h2windows_11_21h2windows_11_22h2windows_11_23h2Windows 11 version 22H3Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 21H2Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2024-38107
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-3.35% / 87.16%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-28 Oct, 2025 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-09-03||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Windows Power Dependency Coordinator Elevation of Privilege Vulnerability

Windows Power Dependency Coordinator Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_server_2012windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2019windows_11_21h2windows_server_2016Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 21H2Windows 11 Version 24H2Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2012Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows Server 2012 (Server Core installation)Windows Server 2022Windows Server 2019Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2012 R2Windows 10 Version 1809Windows 11 version 22H2Windows 11 version 22H3Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows
CWE ID-CWE-416
Use After Free
CVE-2024-38421
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.89%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 10:04
Updated-07 Nov, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Graphics Linux

Memory corruption while processing GPU commands.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwarewsa8830qam8650pqam8775pqamsrv1mwsa8840wcn3950_firmwaresrv1l_firmwarewcn6755_firmwareqca6595au_firmwaresnapdragon_480_5g_mobile_platformvideo_collaboration_vc3_platformwcd9370qcs6125_firmwaresnapdragon_480\+_5g_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwareqamsrv1hwcd9385_firmwareqam8295pwcn7881_firmwarewcn3950fastconnect_6200qamsrv1h_firmwareqca6688aqqam8295p_firmwaresa9000p_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwaresa7255pwsa8845h_firmwarewcd9375_firmwaresnapdragon_8_gen_3_mobile_platformqca6595auwcn7860snapdragon_w5\+_gen_1_wearable_platform_firmwaresa8620p_firmwaresa6155p_firmwarewcn7881qca6678aq_firmwaresa8775p_firmwareqcs6490wsa8840_firmwareqca6698aqsm4635qcs6125video_collaboration_vc5_platformsm8635wcn3988_firmwarewcn7880_firmwaresrv1hsa7775p_firmwaresa8195pwsa8810_firmwaresw5100wsa8845hwcn6755wcd9395_firmwaresa8255p_firmwaresm8750p_firmwaresm8750_firmwaresa6155pqcs7230qca6698aq_firmwaresa7775pqam8620pwcd9385sa8770p_firmwaresa8255pqam8775p_firmwareqca6696_firmwareqcs6490_firmwareqca6797aqwcd9375wcd9390wsa8830_firmwarewsa8815_firmwarewcn3988wsa8835_firmwaresa8195p_firmwarevideo_collaboration_vc5_platform_firmwaresa8295p_firmwarewcn7880sa8770pqcm6125_firmwareqca6688aq_firmwaresm4635_firmwaresw5100pwcd9378_firmwaresnapdragon_w5\+_gen_1_wearable_platformqca6595qcs7230_firmwarewsa8835qca6574snapdragon_4_gen_1_mobile_platform_firmwaresm8635_firmwareqca6574avideo_collaboration_vc3_platform_firmwarewcn3980wsa8845sa8650psa9000pqca6574_firmwarewsa8815wsa8845_firmwaresnapdragon_4_gen_1_mobile_platformqcs8250sm8750psa8775pqca6574a_firmwarefastconnect_6200_firmwarewcn3980_firmwareqca6391sa8295pfastconnect_7800qca6678aqwcn7861_firmwarewsa8832_firmwaresa8650p_firmwaresrv1h_firmwarevideo_collaboration_vc1_platform_firmwareqca6797aq_firmwareqca6574ausa8155p_firmwaresrv1lsa7255p_firmwareqcs8250_firmwareqcm6125wsa8810sa8620pwsa8832fastconnect_7800_firmwaresw5100p_firmwaresrv1m_firmwareqamsrv1m_firmwaresm8750qam8650p_firmwarewcn7860_firmwareqca6595_firmwarewcn7861wcd9395qca6696qca6391_firmwarewcd9370_firmwarewcd9390_firmwaresnapdragon_8_gen_3_mobile_platform_firmwaresa8155psnapdragon_695_5g_mobile_platformvideo_collaboration_vc1_platformsrv1msw5100_firmwareqam8620p_firmwarewcd9378qam8255psnapdragon_480\+_5g_mobile_platformSnapdragonqam8255p_firmwarequalcomm_video_collaboration_vc1_platform_firmwaresm4635_firmwarewcd9378_firmwareqcs7230_firmwarewcn3950_firmwaresrv1l_firmwarewcn6755_firmwareqca6595au_firmwaresnapdragon_4_gen_1_mobile_platform_firmwaresm8635_firmwareqcs6125_firmwaresnapdragon_480_5g_mobile_platform_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9385_firmwarewcn7881_firmwareqamsrv1h_firmwareqca6574_firmwarewsa8845_firmwareqam8295p_firmwaresa9000p_firmwareqca6574a_firmwarefastconnect_6200_firmwareqca6574au_firmwaresnapdragon_695_5g_mobile_platform_firmwarewcd9375_firmwarewsa8845h_firmwarewcn3980_firmwaresa8620p_firmwaresa6155p_firmwareqca6678aq_firmwaresa8775p_firmwarewcn7861_firmwaresa8650p_firmwarewsa8832_firmwarewsa8840_firmwaresrv1h_firmwareqca6797aq_firmwarewcn3988_firmwarewcn7880_firmwaresa8155p_firmwaresa7775p_firmwaresa7255p_firmwarewsa8810_firmwareqcs8250_firmwarefastconnect_7800_firmwarewcd9395_firmwaresa8255p_firmwaresm8750_firmwaresm8750p_firmwaresw5100p_firmwareqca6698aq_firmwareqamsrv1m_firmwaresrv1m_firmwareqam8650p_firmwaresa8770p_firmwareqam8775p_firmwareqca6696_firmwareqca6595_firmwareqcs6490_firmwarewcn7860_firmwareqca6391_firmwarewcd9370_firmwarequalcomm_video_collaboration_vc5_platform_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewcd9390_firmwarewsa8830_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresw5100_firmwareqam8620p_firmwaresa8295p_firmwareqca6688aq_firmwareqcm6125_firmware
CWE ID-CWE-416
Use After Free
CVE-2024-38411
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.03% / 9.86%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Computer Vision

Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm8550_firmwarewsa8845_firmwarewsa8840wsa8845hwcd9380_firmwareqcs8550_firmwaresnapdragon_8_gen_2_mobile_firmwaresm8550pwcd9385wcd9395_firmwarewcd9390_firmwaresnapdragon_8_gen_2_mobilesnapdragon_8_gen_3_mobile_firmwarefastconnect_7800_firmwarefastconnect_6900sg8275pwcd9395wcd9385_firmwarefastconnect_6900_firmwareqcs8550sg8275p_firmwaresnapdragon_8\+_gen_2_mobilewcd9380fastconnect_7800snapdragon_8\+_gen_2_mobile_firmwarewcd9390wsa8845wsa8845h_firmwaresm8550p_firmwarevideo_collaboration_vc3_platform_firmwareqcm8550qcs6490_firmwareqcs6490snapdragon_8_gen_3_mobilewsa8840_firmwarevideo_collaboration_vc3_platformSnapdragon
CWE ID-CWE-416
Use After Free
CVE-2025-6856
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 9.78%
||
7 Day CHG~0.00%
Published-29 Jun, 2025 | 09:31
Updated-08 Jul, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HDF5 H5FL.c H5FL__reg_gc_list use after free

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-n/aThe HDF Group
Product-hdf5HDF5
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-416
Use After Free
CVE-2024-43701
Matching Score-4
Assigner-Imagination Technologies
ShareView Details
Matching Score-4
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.51%
||
7 Day CHG~0.00%
Published-14 Oct, 2024 | 08:17
Updated-15 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - PowerVR: TLB invalidate UAF of dma_buf imported into multiple GPU devices

Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDKgraphics_ddk
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-44683
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.79% / 85.91%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Jul, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2012Windows 10 Version 22H2Windows 10 Version 1507Windows 10 Version 1809Windows Server 2022Windows 11 version 22H2Windows Server 2016 (Server Core installation)Windows 10 Version 20H2Windows Server 2016Windows 10 Version 21H2Windows 10 Version 21H1Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2012 R2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-416
Use After Free
CVE-2025-66627
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.4||HIGH
EPSS-0.02% / 5.19%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 02:52
Updated-10 Dec, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wasmi's Linear Memory has a Critical Use After Free Vulnerability

Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0, 0.41.1, 0.42.0 through 0.47.1, 0.50.0 through 0.51.2 and 1.0.0, Wasmi's linear memory implementation leads to a Use After Free vulnerability, triggered by a WebAssembly module under certain memory growth conditions. This issue potentially leads to memory corruption, information disclosure, or code execution. This issue is fixed in versions 0.41.2, 0.47.1, 0.51.3 and 1.0.1. To workaround this issue, consider limiting the maximum linear memory sizes where feasible.

Action-Not Available
Vendor-wasmi-labswasmi-labs
Product-wasmiwasmi
CWE ID-CWE-416
Use After Free
CVE-2024-3655
Matching Score-4
Assigner-Arm Limited
ShareView Details
Matching Score-4
Assigner-Arm Limited
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.31%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 09:32
Updated-27 Mar, 2025 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mali GPU Kernel Driver allows improper GPU memory processing operations

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r43p0 through r49p0; Valhall GPU Kernel Driver: from r43p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r43p0 through r49p0.

Action-Not Available
Vendor-Arm Limited
Product-bifrost_gpu_kernel_drivervalhall_gpu_kernel_driver5th_gen_gpu_architecture_kernel_driverBifrost GPU Kernel DriverArm 5th Gen GPU Architecture Kernel DriverValhall GPU Kernel Driverbifrost_gpu_kernel_drivervalhall_gpu_kernel_driverarm_5th_gen_gpu_architecture_kernel_driver
CWE ID-CWE-416
Use After Free
CVE-2020-35906
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 16.96%
||
7 Day CHG~0.00%
Published-31 Dec, 2020 | 08:21
Updated-30 Oct, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the futures-task crate before 0.3.6 for Rust. futures_task::waker may cause a use-after-free in a non-static type situation.

Action-Not Available
Vendor-rust-langn/a
Product-futures-taskn/a
CWE ID-CWE-416
Use After Free
CVE-2025-62557
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.07% / 20.24%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:55
Updated-26 Feb, 2026 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office365_appsoffice_long_term_servicing_channelMicrosoft Office 2016Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office 2019Microsoft Office LTSC for Mac 2021Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2024Microsoft Office for Android
CWE ID-CWE-416
Use After Free
CVE-2025-62472
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.17%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:55
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_22h2windows_server_2012windows_11_24h2windows_server_2008windows_server_2019windows_11_23h2windows_server_2022windows_10_21h2windows_10_1809windows_server_2016windows_server_2025windows_server_2022_23h2windows_11_25h2Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows Server 2025Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-416
Use After Free
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2025-62221
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.97% / 86.34%
||
7 Day CHG+0.24%
Published-09 Dec, 2025 | 17:56
Updated-26 Feb, 2026 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-12-30||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_11_24h2windows_server_2019windows_11_23h2windows_10_21h2windows_10_1809windows_server_2022windows_server_2025windows_server_2022_23h2windows_11_25h2Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 21H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows
CWE ID-CWE-416
Use After Free
CVE-2025-61662
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 3.08%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 18:20
Updated-21 Jan, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grub2: missing unregister call for gettext command may lead to use-after-free

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.

Action-Not Available
Vendor-GNURed Hat, Inc.
Product-grub2Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7grub2Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9
CWE ID-CWE-416
Use After Free
CVE-2025-60707
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.54%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability

Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2019windows_11_24h2windows_server_2022_23h2windows_server_2025windows_10_21h2windows_11_25h2windows_10_1809windows_11_23h2windows_server_2022windows_10_22h2Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 21H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2024-32503
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.17% / 37.72%
||
7 Day CHG~0.00%
Published-07 Jun, 2024 | 15:51
Updated-13 Feb, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper memory deallocation checking, which can result in a UAF (Use-After-Free) vulnerability.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_w930_firmwareexynos_1280exynos_850exynos_1380exynos_1080exynos_w920exynos_850_firmwareexynos_1330exynos_1080_firmwareexynos_2100_firmwareexynos_1330_firmwareexynos_2100exynos_1280_firmwareexynos_1380_firmwareexynos_w920_firmwareexynos_w930n/aexynos_1330exynos_2100exynos_1280exynos_1380exynos_850exynos_1080exynos_w920exynos_w930
CWE ID-CWE-762
Mismatched Memory Management Routines
CWE ID-CWE-416
Use After Free
CVE-2024-32927
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.68%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 16:47
Updated-20 Aug, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-416
Use After Free
CVE-2024-32900
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.28%
||
7 Day CHG+0.02%
Published-13 Jun, 2024 | 21:01
Updated-19 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking. This could lead to local escalation of privilege from hal_camera_default SELinux label with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-667
Improper Locking
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • ...
  • 56
  • 57
  • 58
  • ...
  • 63
  • 64
  • Next
Details not found