Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-22085

Summary
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At-16 Apr, 2025 | 14:12
Updated At-26 May, 2025 | 05:18
Rejected At-
Credits

RDMA/core: Fix use-after-free when rename device name

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG: KASAN: slab-use-after-free in nla_put+0xd3/0x150 lib/nlattr.c:1099 Read of size 5 at addr ffff888140ea1c60 by task syz.0.988/10025 CPU: 0 UID: 0 PID: 10025 Comm: syz.0.988 Not tainted 6.14.0-rc4-syzkaller-00859-gf77f12010f67 #0 Hardware name: Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0x16e/0x5b0 mm/kasan/report.c:521 kasan_report+0x143/0x180 mm/kasan/report.c:634 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105 nla_put+0xd3/0x150 lib/nlattr.c:1099 nla_put_string include/net/netlink.h:1621 [inline] fill_nldev_handle+0x16e/0x200 drivers/infiniband/core/nldev.c:265 rdma_nl_notify_event+0x561/0xef0 drivers/infiniband/core/nldev.c:2857 ib_device_notify_register+0x22/0x230 drivers/infiniband/core/device.c:1344 ib_register_device+0x1292/0x1460 drivers/infiniband/core/device.c:1460 rxe_register_device+0x233/0x350 drivers/infiniband/sw/rxe/rxe_verbs.c:1540 rxe_net_add+0x74/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:550 rxe_newlink+0xde/0x1a0 drivers/infiniband/sw/rxe/rxe.c:212 nldev_newlink+0x5ea/0x680 drivers/infiniband/core/nldev.c:1795 rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline] rdma_nl_rcv+0x6dd/0x9e0 drivers/infiniband/core/netlink.c:259 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:709 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:724 ____sys_sendmsg+0x53a/0x860 net/socket.c:2564 ___sys_sendmsg net/socket.c:2618 [inline] __sys_sendmsg+0x269/0x350 net/socket.c:2650 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f42d1b8d169 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 ... RSP: 002b:00007f42d2960038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f42d1da6320 RCX: 00007f42d1b8d169 RDX: 0000000000000000 RSI: 00004000000002c0 RDI: 000000000000000c RBP: 00007f42d1c0e2a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f42d1da6320 R15: 00007ffe399344a8 </TASK> Allocated by task 10025: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4294 [inline] __kmalloc_node_track_caller_noprof+0x28b/0x4c0 mm/slub.c:4313 __kmemdup_nul mm/util.c:61 [inline] kstrdup+0x42/0x100 mm/util.c:81 kobject_set_name_vargs+0x61/0x120 lib/kobject.c:274 dev_set_name+0xd5/0x120 drivers/base/core.c:3468 assign_name drivers/infiniband/core/device.c:1202 [inline] ib_register_device+0x178/0x1460 drivers/infiniband/core/device.c:1384 rxe_register_device+0x233/0x350 drivers/infiniband/sw/rxe/rxe_verbs.c:1540 rxe_net_add+0x74/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:550 rxe_newlink+0xde/0x1a0 drivers/infiniband/sw/rxe/rxe.c:212 nldev_newlink+0x5ea/0x680 drivers/infiniband/core/nldev.c:1795 rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline] rdma_nl_rcv+0x6dd/0x9e0 drivers/infiniband/core/netlink.c:259 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x8de/0xcb0 net ---truncated---

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Linux
Assigner Org ID:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:16 Apr, 2025 | 14:12
Updated At:26 May, 2025 | 05:18
Rejected At:
â–¼CVE Numbering Authority (CNA)
RDMA/core: Fix use-after-free when rename device name

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG: KASAN: slab-use-after-free in nla_put+0xd3/0x150 lib/nlattr.c:1099 Read of size 5 at addr ffff888140ea1c60 by task syz.0.988/10025 CPU: 0 UID: 0 PID: 10025 Comm: syz.0.988 Not tainted 6.14.0-rc4-syzkaller-00859-gf77f12010f67 #0 Hardware name: Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0x16e/0x5b0 mm/kasan/report.c:521 kasan_report+0x143/0x180 mm/kasan/report.c:634 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105 nla_put+0xd3/0x150 lib/nlattr.c:1099 nla_put_string include/net/netlink.h:1621 [inline] fill_nldev_handle+0x16e/0x200 drivers/infiniband/core/nldev.c:265 rdma_nl_notify_event+0x561/0xef0 drivers/infiniband/core/nldev.c:2857 ib_device_notify_register+0x22/0x230 drivers/infiniband/core/device.c:1344 ib_register_device+0x1292/0x1460 drivers/infiniband/core/device.c:1460 rxe_register_device+0x233/0x350 drivers/infiniband/sw/rxe/rxe_verbs.c:1540 rxe_net_add+0x74/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:550 rxe_newlink+0xde/0x1a0 drivers/infiniband/sw/rxe/rxe.c:212 nldev_newlink+0x5ea/0x680 drivers/infiniband/core/nldev.c:1795 rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline] rdma_nl_rcv+0x6dd/0x9e0 drivers/infiniband/core/netlink.c:259 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:709 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:724 ____sys_sendmsg+0x53a/0x860 net/socket.c:2564 ___sys_sendmsg net/socket.c:2618 [inline] __sys_sendmsg+0x269/0x350 net/socket.c:2650 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f42d1b8d169 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 ... RSP: 002b:00007f42d2960038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f42d1da6320 RCX: 00007f42d1b8d169 RDX: 0000000000000000 RSI: 00004000000002c0 RDI: 000000000000000c RBP: 00007f42d1c0e2a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f42d1da6320 R15: 00007ffe399344a8 </TASK> Allocated by task 10025: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4294 [inline] __kmalloc_node_track_caller_noprof+0x28b/0x4c0 mm/slub.c:4313 __kmemdup_nul mm/util.c:61 [inline] kstrdup+0x42/0x100 mm/util.c:81 kobject_set_name_vargs+0x61/0x120 lib/kobject.c:274 dev_set_name+0xd5/0x120 drivers/base/core.c:3468 assign_name drivers/infiniband/core/device.c:1202 [inline] ib_register_device+0x178/0x1460 drivers/infiniband/core/device.c:1384 rxe_register_device+0x233/0x350 drivers/infiniband/sw/rxe/rxe_verbs.c:1540 rxe_net_add+0x74/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:550 rxe_newlink+0xde/0x1a0 drivers/infiniband/sw/rxe/rxe.c:212 nldev_newlink+0x5ea/0x680 drivers/infiniband/core/nldev.c:1795 rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline] rdma_nl_rcv+0x6dd/0x9e0 drivers/infiniband/core/netlink.c:259 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x8de/0xcb0 net ---truncated---

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/infiniband/core/device.c
Default Status
unaffected
Versions
Affected
  • From 9cbed5aab5aeea420d0aa945733bf608449d44fb before 0d6460b9d2a3ee380940bdf47680751ef91cb88e (git)
  • From 9cbed5aab5aeea420d0aa945733bf608449d44fb before 56ec8580be5174b2b9774066e60f1aad56d201db (git)
  • From 9cbed5aab5aeea420d0aa945733bf608449d44fb before edf6b543e81ba68c6dbac2499ab362098a5a9716 (git)
  • From 9cbed5aab5aeea420d0aa945733bf608449d44fb before 1d6a9e7449e2a0c1e2934eee7880ba8bd1e464cd (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/infiniband/core/device.c
Default Status
affected
Versions
Affected
  • 6.12
Unaffected
  • From 0 before 6.12 (semver)
  • From 6.12.23 through 6.12.* (semver)
  • From 6.13.11 through 6.13.* (semver)
  • From 6.14.2 through 6.14.* (semver)
  • From 6.15 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/0d6460b9d2a3ee380940bdf47680751ef91cb88e
N/A
https://git.kernel.org/stable/c/56ec8580be5174b2b9774066e60f1aad56d201db
N/A
https://git.kernel.org/stable/c/edf6b543e81ba68c6dbac2499ab362098a5a9716
N/A
https://git.kernel.org/stable/c/1d6a9e7449e2a0c1e2934eee7880ba8bd1e464cd
N/A
Hyperlink: https://git.kernel.org/stable/c/0d6460b9d2a3ee380940bdf47680751ef91cb88e
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/56ec8580be5174b2b9774066e60f1aad56d201db
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/edf6b543e81ba68c6dbac2499ab362098a5a9716
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/1d6a9e7449e2a0c1e2934eee7880ba8bd1e464cd
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:16 Apr, 2025 | 15:16
Updated At:25 Apr, 2025 | 18:41

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG: KASAN: slab-use-after-free in nla_put+0xd3/0x150 lib/nlattr.c:1099 Read of size 5 at addr ffff888140ea1c60 by task syz.0.988/10025 CPU: 0 UID: 0 PID: 10025 Comm: syz.0.988 Not tainted 6.14.0-rc4-syzkaller-00859-gf77f12010f67 #0 Hardware name: Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0x16e/0x5b0 mm/kasan/report.c:521 kasan_report+0x143/0x180 mm/kasan/report.c:634 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105 nla_put+0xd3/0x150 lib/nlattr.c:1099 nla_put_string include/net/netlink.h:1621 [inline] fill_nldev_handle+0x16e/0x200 drivers/infiniband/core/nldev.c:265 rdma_nl_notify_event+0x561/0xef0 drivers/infiniband/core/nldev.c:2857 ib_device_notify_register+0x22/0x230 drivers/infiniband/core/device.c:1344 ib_register_device+0x1292/0x1460 drivers/infiniband/core/device.c:1460 rxe_register_device+0x233/0x350 drivers/infiniband/sw/rxe/rxe_verbs.c:1540 rxe_net_add+0x74/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:550 rxe_newlink+0xde/0x1a0 drivers/infiniband/sw/rxe/rxe.c:212 nldev_newlink+0x5ea/0x680 drivers/infiniband/core/nldev.c:1795 rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline] rdma_nl_rcv+0x6dd/0x9e0 drivers/infiniband/core/netlink.c:259 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:709 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:724 ____sys_sendmsg+0x53a/0x860 net/socket.c:2564 ___sys_sendmsg net/socket.c:2618 [inline] __sys_sendmsg+0x269/0x350 net/socket.c:2650 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f42d1b8d169 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 ... RSP: 002b:00007f42d2960038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f42d1da6320 RCX: 00007f42d1b8d169 RDX: 0000000000000000 RSI: 00004000000002c0 RDI: 000000000000000c RBP: 00007f42d1c0e2a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f42d1da6320 R15: 00007ffe399344a8 </TASK> Allocated by task 10025: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4294 [inline] __kmalloc_node_track_caller_noprof+0x28b/0x4c0 mm/slub.c:4313 __kmemdup_nul mm/util.c:61 [inline] kstrdup+0x42/0x100 mm/util.c:81 kobject_set_name_vargs+0x61/0x120 lib/kobject.c:274 dev_set_name+0xd5/0x120 drivers/base/core.c:3468 assign_name drivers/infiniband/core/device.c:1202 [inline] ib_register_device+0x178/0x1460 drivers/infiniband/core/device.c:1384 rxe_register_device+0x233/0x350 drivers/infiniband/sw/rxe/rxe_verbs.c:1540 rxe_net_add+0x74/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:550 rxe_newlink+0xde/0x1a0 drivers/infiniband/sw/rxe/rxe.c:212 nldev_newlink+0x5ea/0x680 drivers/infiniband/core/nldev.c:1795 rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline] rdma_nl_rcv+0x6dd/0x9e0 drivers/infiniband/core/netlink.c:259 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x8de/0xcb0 net ---truncated---

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.12(inclusive) to 6.12.23(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.13(inclusive) to 6.13.11(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.14(inclusive) to 6.14.2(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-416
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://git.kernel.org/stable/c/0d6460b9d2a3ee380940bdf47680751ef91cb88e416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/1d6a9e7449e2a0c1e2934eee7880ba8bd1e464cd416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/56ec8580be5174b2b9774066e60f1aad56d201db416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/edf6b543e81ba68c6dbac2499ab362098a5a9716416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Hyperlink: https://git.kernel.org/stable/c/0d6460b9d2a3ee380940bdf47680751ef91cb88e
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/1d6a9e7449e2a0c1e2934eee7880ba8bd1e464cd
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/56ec8580be5174b2b9774066e60f1aad56d201db
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/edf6b543e81ba68c6dbac2499ab362098a5a9716
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch

Change History

0
Information is not available yet

Similar CVEs

3188Records found
CVE-2021-0442
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.19%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 18:23
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In updateInfo of android_hardware_input_InputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174768985

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2021-0525
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.19%
||
7 Day CHG-0.00%
Published-21 Jun, 2021 | 16:01
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In memory management driver, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193929

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30315
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.04% / 10.76%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 06:31
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper handling of sensor HAL structure in absence of sensor can lead to use after free in Snapdragon Auto

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6564au_firmwaresa6155p_firmwareqca6564aqca6696_firmwareqca6595_firmwareqca6696qca6595qca6564ausa8155_firmwaremdm9628mdm9628_firmwareqca6574_firmwaresa8150pqca6574ausa8155psa8155p_firmwareqca6574qca6564a_firmwaresa8195psa8155qca6574a_firmwaresa8150p_firmwareqca6574au_firmwaresa8195p_firmwareqca6595au_firmwareqca6595ausa6155sa6155_firmwaresa6155pqca6574aSnapdragon Auto
CWE ID-CWE-416
Use After Free
CVE-2021-0395
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.19%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 15:37
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In StopServicesAndLogViolations of reboot.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170315126

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2021-0707
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.98%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 16:11
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References: Upstream kernel

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2021-0332
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.78%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 16:49
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-169256435

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2021-0929
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.22%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:05
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-187527909References: Upstream kernel

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2021-1028
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.19%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034683

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0318
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.78%
||
7 Day CHG~0.00%
Published-11 Jan, 2021 | 21:47
Updated-03 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-8.1, Android-10, Android-11; Android ID: A-168211968.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1029
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.19%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034677

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0429
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.56%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 18:23
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175074139

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2021-30263
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.95%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 06:15
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible race condition can occur due to lack of synchronization mechanism when On-Device Logging node open twice concurrently in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-aqt1000_firmwareqca8337_firmwarewcn3999ar8031_firmwareqca8337qcs6125sdx55m_firmwarecsra6620qca6430qcs405wcd9340wcn3950_firmwarewsa8810_firmwarewcd9341_firmwareqcm6125qca6420_firmwarewsa8810wcd9335wcd9370csra6620_firmwaresd_8ccsra6640_firmwareqcs6125_firmwarewcd9341ar8031qca6430_firmwareqcs405_firmwarewcd9335_firmwarewcn3980wcn3998sd_8cx_firmwareqca6391_firmwarewcn3950ar8035sd_8cxaqt1000wcd9340_firmwarewcd9370_firmwaresd855sdx55wsa8815csra6640sd855_firmwaresd_8c_firmwarewsa8815_firmwaresdx55_firmwarewcn3999_firmwarewcn3998_firmwarewcn3980_firmwareqca6391sdx55mqca6420ar8035_firmwareqcm6125_firmwareSnapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-416
Use After Free
CVE-2025-66627
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.4||HIGH
EPSS-0.02% / 5.18%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 02:52
Updated-10 Dec, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wasmi's Linear Memory has a Critical Use After Free Vulnerability

Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0, 0.41.1, 0.42.0 through 0.47.1, 0.50.0 through 0.51.2 and 1.0.0, Wasmi's linear memory implementation leads to a Use After Free vulnerability, triggered by a WebAssembly module under certain memory growth conditions. This issue potentially leads to memory corruption, information disclosure, or code execution. This issue is fixed in versions 0.41.2, 0.47.1, 0.51.3 and 1.0.1. To workaround this issue, consider limiting the maximum linear memory sizes where feasible.

Action-Not Available
Vendor-wasmi-labswasmi-labs
Product-wasmiwasmi
CWE ID-CWE-416
Use After Free
CVE-2020-9606
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.60% / 69.15%
||
7 Day CHG~0.00%
Published-25 Jun, 2020 | 21:22
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2025-62221
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.97% / 86.33%
||
7 Day CHG+0.24%
Published-09 Dec, 2025 | 17:56
Updated-26 Feb, 2026 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-12-30||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_11_24h2windows_server_2019windows_11_23h2windows_10_21h2windows_10_1809windows_server_2022windows_server_2025windows_server_2022_23h2windows_11_25h2Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 21H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows
CWE ID-CWE-416
Use After Free
CVE-2025-62472
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.19%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:55
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_22h2windows_server_2012windows_11_24h2windows_server_2008windows_server_2019windows_11_23h2windows_server_2022windows_10_21h2windows_10_1809windows_server_2016windows_server_2025windows_server_2022_23h2windows_11_25h2Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows Server 2025Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-416
Use After Free
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2023-22668
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.12%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 03:03
Updated-25 Feb, 2026 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Audio

Memory Corruption in Audio while invoking IOCTLs calls from the user-space.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_855\+\/860_mobile_platform_firmwareqam8255p_firmwarewsa8830qca8337_firmwarewcd9380_firmwaresw5100pqca8337sd865_5gqfw7124fastconnect_6800snapdragon_w5\+_gen_1_wearable_platformqam8775psnapdragon_870_5g_mobile_platform_firmwarear8035_firmwaresnapdragon_865_5g_mobile_platformqualcomm_215_mobile_platformqualcomm_205_mobile_platformqcn6224_firmwarewsa8835snapdragon_212_mobile_platformqcn6274wcd9380qca6420_firmwaresnapdragon_wear_4100\+_platform_firmwaresnapdragon_210_processorsnapdragon_855\+\/860_mobile_platformsxr2130snapdragon_wear_4100\+_platformqca6426qca6584au_firmwareqca6430_firmwarewcn3980qfw7114_firmwarefastconnect_6200sa9000pwcd9340_firmwaresd855wsa8815snapdragon_865\+_5g_mobile_platformsnapdragon_xr2_5g_platform_firmwareqca6426_firmwaresa9000p_firmwaresnapdragon_x55_5g_modem-rf_systemsa8775pfastconnect_6200_firmwaresnapdragon_212_mobile_platform_firmwareqca8081_firmwarewcn3980_firmwareqfw7114snapdragon_x55_5g_modem-rf_system_firmwareqca6391wcn3610_firmwareqca6420qca6436_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwarefastconnect_7800aqt1000_firmwareqca6584ausnapdragon_865\+_5g_mobile_platform_firmwaresnapdragon_870_5g_mobile_platformqcn6274_firmwaresnapdragon_xr2_5g_platformsa8775p_firmwareqca6698aqfastconnect_6900snapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwarewcn3988_firmwareqca6430wcd9340wsa8810_firmwareqcn6224wcd9341_firmwarefastconnect_7800_firmwaresw5100wsa8810qca6436sa8255p_firmwaresnapdragon_x75_5g_modem-rf_systemsw5100p_firmwareqca8081qca6698aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2qualcomm_215_mobile_platform_firmwarequalcomm_205_mobile_platform_firmwaresa8770p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqam8775p_firmwaresa8255psxr2130_firmwarewcd9341qcc710qca6391_firmwarear8035snapdragon_855_mobile_platform_firmwareaqt1000snapdragon_210_processor_firmwaresnapdragon_855_mobile_platformqcc710_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwarewcn3988wsa8815_firmwarewsa8835_firmwaresnapdragon_865_5g_mobile_platform_firmwaresw5100_firmwarefastconnect_6800_firmwareqfw7124_firmwareqam8255psa8770pwcn3610Snapdragon
CWE ID-CWE-416
Use After Free
CVE-2023-23421
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.30%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-01 Jan, 2025 | 00:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-416
Use After Free
CVE-2025-62557
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.07% / 20.28%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:55
Updated-26 Feb, 2026 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office365_appsoffice_long_term_servicing_channelMicrosoft Office 2016Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office 2019Microsoft Office LTSC for Mac 2021Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2024Microsoft Office for Android
CWE ID-CWE-416
Use After Free
CVE-2023-23420
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.55%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-01 Jan, 2025 | 00:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-416
Use After Free
CVE-2025-61662
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 3.06%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 18:20
Updated-21 Jan, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grub2: missing unregister call for gettext command may lead to use-after-free

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.

Action-Not Available
Vendor-GNURed Hat, Inc.
Product-grub2Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7grub2Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9
CWE ID-CWE-416
Use After Free
CVE-2025-60707
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.57%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability

Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2019windows_11_24h2windows_server_2022_23h2windows_server_2025windows_10_21h2windows_11_25h2windows_10_1809windows_11_23h2windows_server_2022windows_10_22h2Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 21H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2023-22383
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.12%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 03:03
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Camera

Memory Corruption in camera while installing a fd for a particular DMA buffer.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sw5100pqcs410_firmwaresa6150p_firmwaresd865_5gsnapdragon_865_5g_mobile_platform_firmwareqcs8155_firmwarec-v2x_9150_firmwaresa6155p_firmwareqam8295p_firmwaresd855qcs610_firmwaresxr2130_firmwarewcd9370wsa8830_firmwareqca6696snapdragon_870_5g_mobile_platform_firmwareqca6436_firmwarewcd9341_firmwaresnapdragon_wear_4100\+_platform_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwarewcn3610_firmwareqca6426snapdragon_855\+\/860_mobile_platform_firmwarefastconnect_6700wcn3610qca6420snapdragon_865\+_5g_mobile_platform_firmwareqcn9074qca6430wsa8815_firmwaresa8195p_firmwarewcd9370_firmwareqca8337_firmwaresdx55_firmwareqca8337qca6426_firmwaresnapdragon_x55_5g_modem-rf_system_firmwarewcn3660bsxr2130qca6574au_firmwaresa8195pqam8295pwcd9341qca6574ausnapdragon_855_mobile_platformwcn3950wsa8810_firmwaresnapdragon_xr2_5g_platformsnapdragon_855_mobile_platform_firmwareqca6420_firmwareaqt1000_firmwarewcn3988qcs6490_firmwaresd855_firmwarewcn3980_firmwarewcn3660b_firmwareqca6436wsa8835qca6391_firmwareqca6430_firmwaresnapdragon_870_5g_mobile_platformsw5100p_firmwarefastconnect_6800_firmwaresa8295p_firmwareqca6696_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwaresa6150pqcs410sa8155p_firmwarewsa8815wcn3680b_firmwarevideo_collaboration_vc1_platform_firmwaresa8155pwsa8830c-v2x_9150sa6145pqcn9074_firmwaresw5100_firmwaresdx55qsm8250_firmwarefastconnect_6800fastconnect_6900qca6391video_collaboration_vc1_platformwcn3950_firmwaresnapdragon_x55_5g_modem-rf_systemfastconnect_6900_firmwaresa8295pwcd9380sa6145p_firmwarefastconnect_6200wcn3680bsa8145p_firmwaresnapdragon_xr2_5g_platform_firmwaresd865_5g_firmwaresa8150pqcs8155sa8150p_firmwaresnapdragon_855\+\/860_mobile_platformsnapdragon_w5\+_gen_1_wearable_platformwcn3988_firmwaresa6155pfastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwaresa8145psnapdragon_wear_4100\+_platformwsa8835_firmwarewsa8810qcs6490wcn3980snapdragon_865\+_5g_mobile_platformqsm8250fastconnect_6200_firmwaresw5100video_collaboration_vc3_platformaqt1000qcs610Snapdragon
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21672
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.04% / 13.73%
||
7 Day CHG~0.00%
Published-04 Jul, 2023 | 04:46
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Audio

Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwarewsa8830wcd9380_firmwaresa6150p_firmwaressg2125psa8145p_firmwaresxr2230p_firmwaresw5100pqam8650psd865_5gqca6595snapdragon_8_gen_1_firmwareqam8775psnapdragon_ar2_gen_1snapdragon_685_4g_firmwarewsa8835qca6574sxr1230p_firmwarewcn3950_firmwaresnapdragon_8_gen_1sd_8_gen1_5gwcd9380sa8150p_firmwareqca6595au_firmwarefastconnect_6700wcd9370ssg2125p_firmwareqca6574assg2115psxr1230pwcn3980snapdragon_8\+_gen_1wcd9385_firmwareqam8295pwcn3950qcm4325_firmwareqca6574_firmwaresd_8_gen1_5g_firmwaresnapdragon_680_4g_firmwarewsa8815sxr2230pqam8295p_firmwaresnapdragon_4_gen_2qca6574a_firmwareqca6574au_firmwareqca6595auwcd9375_firmwarewcn3980_firmwaresnapdragon_w5\+_gen_1_firmwaresnapdragon_xr2_5gsa8295psnapdragon_w5\+_gen_1fastconnect_7800wcn6740_firmwaresa6155p_firmwaresnapdragon_685_4gsnapdragon_ar2_gen_1_firmwaresnapdragon_4_gen_2_firmwarewsa8832_firmwareqca6698aqsa4155p_firmwarefastconnect_6900fastconnect_6900_firmwaresa4150pwcn3988_firmwareqca6797aq_firmwareqca6574ausa6145p_firmwaresa8155p_firmwaresnapdragon_680_4gfastconnect_6700_firmwaresa8195pwsa8810_firmwaresnapdragon_8\+_gen_1_firmwarefastconnect_7800_firmwaresw5100wsa8810wsa8832sa8255p_firmwaresa6155psg4150psw5100p_firmwareqca6698aq_firmwaresa6145pqam8650p_firmwarewcd9385qam8775p_firmwaresa8255pqca6696_firmwareqca6595_firmwaresa8145pwcn6740qca6696qca6797aqsnapdragon_xr2_5g_firmwaresa4150p_firmwarewcd9375wcd9370_firmwaresa8150psa6150psa8155pwsa8830_firmwaresd865_5g_firmwarewcn3988wsa8815_firmwarewsa8835_firmwaresa8195p_firmwaressg2115p_firmwaresw5100_firmwaresa8295p_firmwareqam8255psa4155psg4150p_firmwareqcm4325Snapdragon
CWE ID-CWE-416
Use After Free
CVE-2023-21724
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.48%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft DWM Core Library Elevation of Privilege Vulnerability

Microsoft DWM Core Library Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_11_22h2windows_11_21h2windows_10_22h2windows_10_20h2windows_server_2022Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 20H2
CWE ID-CWE-416
Use After Free
CVE-2023-21822
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.93% / 75.90%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:33
Updated-28 Feb, 2025 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Elevation of Privilege Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-416
Use After Free
CVE-2023-21552
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.17% / 78.48%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Elevation of Privilege Vulnerability

Windows GDI Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_8.1windows_rt_8.1windows_11_21h2windows_7windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21756
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.52%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32k Elevation of Privilege Vulnerability

Windows Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-416
Use After Free
CVE-2023-21774
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.97% / 83.33%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_8.1windows_rt_8.1windows_11_21h2windows_7windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21755
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.71% / 82.10%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_8.1windows_rt_8.1windows_11_21h2windows_7windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 21H2Windows 11 version 22H2Windows 10 Version 1809Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 20H2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21688
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.60% / 85.42%
||
7 Day CHG+0.10%
Published-14 Feb, 2023 | 19:33
Updated-01 Jan, 2025 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NT OS Kernel Elevation of Privilege Vulnerability

NT OS Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-416
Use After Free
CVE-2025-59290
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.77%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-22 Feb, 2026 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Bluetooth Service Elevation of Privilege Vulnerability

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_11_24h2windows_10_21h2windows_11_23h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_server_2025Windows Server 2025Windows Server 2022Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows 11 version 22H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2
CWE ID-CWE-416
Use After Free
CVE-2023-21773
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.01% / 83.52%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_8.1windows_rt_8.1windows_11_21h2windows_7windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21551
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 51.93%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2Windows 10 Version 20H2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-32709
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.84% / 74.49%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:58
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-06-03||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2016windows_10_1507windows_10_22h2windows_server_2012windows_server_2008windows_11_24h2windows_11_23h2windows_10_1809windows_server_2022windows_server_2025windows_11_22h2windows_server_2022_23h2windows_10_1607windows_server_2019Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows
CWE ID-CWE-416
Use After Free
CVE-2025-59236
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.11% / 28.77%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_server365_appsoffice_long_term_servicing_channelofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2019Microsoft Office LTSC for Mac 2021Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2024Microsoft Office LTSC 2021Office Online Server
CWE ID-CWE-416
Use After Free
CVE-2023-20920
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.29%
||
7 Day CHG~0.00%
Published-24 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-204584366

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2025-58728
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.77%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Bluetooth Service Elevation of Privilege Vulnerability

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_10_1809windows_server_2022_23h2windows_server_2025windows_11_23h2windows_10_21h2windows_11_22h2windows_10_22h2windows_server_2019Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2023-20933
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.02%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 00:00
Updated-21 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2023-20937
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.02%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 00:00
Updated-21 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257443051References: Upstream kernel

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2023-20928
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.36%
||
7 Day CHG~0.00%
Published-24 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-667
Improper Locking
CVE-2023-20925
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.29%
||
7 Day CHG~0.00%
Published-24 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236674672References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2023-20938
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.1||HIGH
EPSS-0.18% / 39.91%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 00:00
Updated-02 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257685302References: Upstream kernel

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroidandroid
CWE ID-CWE-416
Use After Free
CVE-2023-21120
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.41%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 00:00
Updated-18 Dec, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258188673

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-667
Improper Locking
CVE-2023-21381
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.08%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 17:01
Updated-06 Sep, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2023-21165
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.02% / 4.59%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 18:33
Updated-16 Dec, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Imagination Technologies LimitedGoogle LLC
Product-androidAndroidpowervr-gpu
CWE ID-CWE-416
Use After Free
CVE-2023-21255
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.08% / 22.78%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 23:33
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Debian GNU/LinuxGoogle LLC
Product-androiddebian_linuxAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-1393
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.68%
||
7 Day CHG~0.00%
Published-30 Mar, 2023 | 00:00
Updated-22 Jan, 2026 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

Action-Not Available
Vendor-n/aFedora ProjectX.Org Foundation
Product-fedorax_serverxorg-server
CWE ID-CWE-416
Use After Free
CVE-2023-0494
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.61% / 69.57%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 00:00
Updated-24 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.

Action-Not Available
Vendor-n/aFedora ProjectX.Org FoundationRed Hat, Inc.
Product-enterprise_linux_for_scientific_computingenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsx_serverenterprise_linux_server_workstationenterprise_linux_desktopenterprise_linuxenterprise_linux_server_update_services_for_sap_solutionsenterprise_linux_for_ibm_z_systems_eusenterprise_linux_ausenterprise_linux_for_ibm_z_systemsenterprise_linux_eusenterprise_linux_for_power_little_endianenterprise_linux_server_ausenterprise_linux_server_tusenterprise_linux_for_power_big_endianfedoraenterprise_linux_serverenterprise_linux_for_power_little_endian_eusxorg-x11-server
CWE ID-CWE-416
Use After Free
CVE-2024-32900
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.32%
||
7 Day CHG+0.02%
Published-13 Jun, 2024 | 21:01
Updated-19 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking. This could lead to local escalation of privilege from hal_camera_default SELinux label with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-667
Improper Locking
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • ...
  • 57
  • 58
  • 59
  • ...
  • 63
  • 64
  • Next
Details not found