Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-65503

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-24 Nov, 2025 | 00:00
Updated At-24 Nov, 2025 | 18:20
Rejected At-
Credits

Use after free in endpoint destructors in Redboltz async_mqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between io_context and endpoint objects.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:24 Nov, 2025 | 00:00
Updated At:24 Nov, 2025 | 18:20
Rejected At:
â–¼CVE Numbering Authority (CNA)

Use after free in endpoint destructors in Redboltz async_mqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between io_context and endpoint objects.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/redboltz/async_mqtt/issues/436
N/A
https://github.com/redboltz/async_mqtt/pull/437
N/A
Hyperlink: https://github.com/redboltz/async_mqtt/issues/436
Resource: N/A
Hyperlink: https://github.com/redboltz/async_mqtt/pull/437
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:24 Nov, 2025 | 14:15
Updated At:11 Dec, 2025 | 23:22

Use after free in endpoint destructors in Redboltz async_mqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between io_context and endpoint objects.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches

redboltz
redboltz
>>async_mqtt>>10.2.5
cpe:2.3:a:redboltz:async_mqtt:10.2.5:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-416
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/redboltz/async_mqtt/issues/436cve@mitre.org
Exploit
Issue Tracking
Patch
https://github.com/redboltz/async_mqtt/pull/437cve@mitre.org
Issue Tracking
Patch
Hyperlink: https://github.com/redboltz/async_mqtt/issues/436
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Patch
Hyperlink: https://github.com/redboltz/async_mqtt/pull/437
Source: cve@mitre.org
Resource:
Issue Tracking
Patch

Change History

0
Information is not available yet

Similar CVEs

357Records found

CVE-2010-4168
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.67% / 88.29%
||
7 Day CHG~0.00%
Published-17 Nov, 2010 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp.

Action-Not Available
Vendor-openttdn/aFedora Project
Product-openttdfedoran/a
CWE ID-CWE-416
Use After Free
CVE-2022-27457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.66% / 73.84%
||
7 Day CHG+0.08%
Published-14 Apr, 2022 | 12:57
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.

Action-Not Available
Vendor-n/aMariaDB Foundation
Product-mariadbn/a
CWE ID-CWE-416
Use After Free
CVE-2022-27456
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.12% / 79.67%
||
7 Day CHG+0.10%
Published-14 Apr, 2022 | 12:57
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-416
Use After Free
CVE-2022-27455
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.56% / 72.28%
||
7 Day CHG+0.07%
Published-14 Apr, 2022 | 12:57
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.

Action-Not Available
Vendor-n/aMariaDB Foundation
Product-mariadbn/a
CWE ID-CWE-416
Use After Free
CVE-2022-27377
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.34% / 81.53%
||
7 Day CHG+0.11%
Published-12 Apr, 2022 | 19:14
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-416
Use After Free
CVE-2022-27447
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.25% / 80.74%
||
7 Day CHG+0.11%
Published-14 Apr, 2022 | 12:56
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-416
Use After Free
CVE-2022-27383
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.10% / 79.41%
||
7 Day CHG+0.10%
Published-12 Apr, 2022 | 19:14
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-416
Use After Free
CVE-2022-28073
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.75% / 50.40%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-416
Use After Free
CVE-2022-27376
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.20% / 80.34%
||
7 Day CHG+0.10%
Published-12 Apr, 2022 | 19:14
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-416
Use After Free
CVE-2024-49925
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 17.66%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 18:01
Updated-01 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fbdev: efifb: Register sysfs groups through driver core

In the Linux kernel, the following vulnerability has been resolved: fbdev: efifb: Register sysfs groups through driver core The driver core can register and cleanup sysfs groups already. Make use of that functionality to simplify the error handling and cleanup. Also avoid a UAF race during unregistering where the sysctl attributes were usable after the info struct was freed.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2024-49867
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 20.80%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 18:01
Updated-23 May, 2026 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
btrfs: wait for fixup workers before stopping cleaner kthread during umount

In the Linux kernel, the following vulnerability has been resolved: btrfs: wait for fixup workers before stopping cleaner kthread during umount During unmount, at close_ctree(), we have the following steps in this order: 1) Park the cleaner kthread - this doesn't destroy the kthread, it basically halts its execution (wake ups against it work but do nothing); 2) We stop the cleaner kthread - this results in freeing the respective struct task_struct; 3) We call btrfs_stop_all_workers() which waits for any jobs running in all the work queues and then free the work queues. Syzbot reported a case where a fixup worker resulted in a crash when doing a delayed iput on its inode while attempting to wake up the cleaner at btrfs_add_delayed_iput(), because the task_struct of the cleaner kthread was already freed. This can happen during unmount because we don't wait for any fixup workers still running before we call kthread_stop() against the cleaner kthread, which stops and free all its resources. Fix this by waiting for any fixup workers at close_ctree() before we call kthread_stop() against the cleaner and run pending delayed iputs. The stack traces reported by syzbot were the following: BUG: KASAN: slab-use-after-free in __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065 Read of size 8 at addr ffff8880272a8a18 by task kworker/u8:3/52 CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.12.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: btrfs-fixup btrfs_work_helper Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline] try_to_wake_up+0xb0/0x1480 kernel/sched/core.c:4154 btrfs_writepage_fixup_worker+0xc16/0xdf0 fs/btrfs/inode.c:2842 btrfs_work_helper+0x390/0xc50 fs/btrfs/async-thread.c:314 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Allocated by task 2: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:247 [inline] slab_post_alloc_hook mm/slub.c:4086 [inline] slab_alloc_node mm/slub.c:4135 [inline] kmem_cache_alloc_node_noprof+0x16b/0x320 mm/slub.c:4187 alloc_task_struct_node kernel/fork.c:180 [inline] dup_task_struct+0x57/0x8c0 kernel/fork.c:1107 copy_process+0x5d1/0x3d50 kernel/fork.c:2206 kernel_clone+0x223/0x880 kernel/fork.c:2787 kernel_thread+0x1bc/0x240 kernel/fork.c:2849 create_kthread kernel/kthread.c:412 [inline] kthreadd+0x60d/0x810 kernel/kthread.c:765 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Freed by task 61: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_h ---truncated---

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2024-49945
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 13.49%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 18:02
Updated-11 May, 2026 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
net/ncsi: Disable the ncsi work before freeing the associated structure

In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2024-49988
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 14.09%
||
7 Day CHG-0.00%
Published-21 Oct, 2024 | 18:02
Updated-11 May, 2026 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ksmbd: add refcnt to ksmbd_conn struct

In the Linux kernel, the following vulnerability has been resolved: ksmbd: add refcnt to ksmbd_conn struct When sending an oplock break request, opinfo->conn is used, But freed ->conn can be used on multichannel. This patch add a reference count to the ksmbd_conn struct so that it can be freed when it is no longer used.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2024-50084
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.21% / 11.20%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 00:50
Updated-23 May, 2026 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()

In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() Commit a3c1e45156ad ("net: microchip: vcap: Fix use-after-free error in kunit test") fixed the use-after-free error, but introduced below memory leaks by removing necessary vcap_free_rule(), add it to fix it. unreferenced object 0xffffff80ca58b700 (size 192): comm "kunit_try_catch", pid 1215, jiffies 4294898264 hex dump (first 32 bytes): 00 12 7a 00 05 00 00 00 0a 00 00 00 64 00 00 00 ..z.........d... 00 00 00 00 00 00 00 00 00 04 0b cc 80 ff ff ff ................ backtrace (crc 9c09c3fe): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<0000000040a01b8d>] vcap_alloc_rule+0x3cc/0x9c4 [<000000003fe86110>] vcap_api_encode_rule_test+0x1ac/0x16b0 [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000c5d82c9a>] kthread+0x2e8/0x374 [<00000000f4287308>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80cc0b0400 (size 64): comm "kunit_try_catch", pid 1215, jiffies 4294898265 hex dump (first 32 bytes): 80 04 0b cc 80 ff ff ff 18 b7 58 ca 80 ff ff ff ..........X..... 39 00 00 00 02 00 00 00 06 05 04 03 02 01 ff ff 9............... backtrace (crc daf014e9): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<000000000ff63fd4>] vcap_rule_add_key+0x2cc/0x528 [<00000000dfdb1e81>] vcap_api_encode_rule_test+0x224/0x16b0 [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000c5d82c9a>] kthread+0x2e8/0x374 [<00000000f4287308>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80cc0b0700 (size 64): comm "kunit_try_catch", pid 1215, jiffies 4294898265 hex dump (first 32 bytes): 80 07 0b cc 80 ff ff ff 28 b7 58 ca 80 ff ff ff ........(.X..... 3c 00 00 00 00 00 00 00 01 2f 03 b3 ec ff ff ff <......../...... backtrace (crc 8d877792): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<000000006eadfab7>] vcap_rule_add_action+0x2d0/0x52c [<00000000323475d1>] vcap_api_encode_rule_test+0x4d4/0x16b0 [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000c5d82c9a>] kthread+0x2e8/0x374 [<00000000f4287308>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80cc0b0900 (size 64): comm "kunit_try_catch", pid 1215, jiffies 4294898266 hex dump (first 32 bytes): 80 09 0b cc 80 ff ff ff 80 06 0b cc 80 ff ff ff ................ 7d 00 00 00 01 00 00 00 00 00 00 00 ff 00 00 00 }............... backtrace (crc 34181e56): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<000000000ff63fd4>] vcap_rule_add_key+0x2cc/0x528 [<00000000991e3564>] vcap_val_rule+0xcf0/0x13e8 [<00000000fc9868e5>] vcap_api_encode_rule_test+0x678/0x16b0 [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000c5d82c9a>] kthread+0x2e8/0x374 [<00000000f4287308>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80cc0b0980 (size 64): comm "kunit_try_catch", pid 1215, jiffies 4294898266 hex dump (first 32 bytes): 18 b7 58 ca 80 ff ff ff 00 09 0b cc 80 ff ff ff ..X............. 67 00 00 00 00 00 00 00 01 01 74 88 c0 ff ff ff g.........t..... backtrace (crc 275fd9be): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<000000000ff63fd4>] vcap_rule_add_key+0x2cc/0x528 [<000000001396a1a2>] test_add_de ---truncated---

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-50149
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.20% / 10.08%
||
7 Day CHG~0.00%
Published-07 Nov, 2024 | 09:31
Updated-11 May, 2026 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
drm/xe: Don't free job in TDR

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't free job in TDR Freeing job in TDR is not safe as TDR can pass the run_job thread resulting in UAF. It is only safe for free job to naturally be called by the scheduler. Rather free job in TDR, add to pending list. (cherry picked from commit ea2f6a77d0c40d97f4a4dc93fee4afe15d94926d)

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2024-50085
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.22% / 12.53%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 00:50
Updated-23 May, 2026 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow Syzkaller reported this splat: ================================================================== BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881 Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662 CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc3/0x620 mm/kasan/report.c:488 kasan_report+0xd9/0x110 mm/kasan/report.c:601 mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881 mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline] mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572 mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603 genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline] netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357 netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:729 [inline] __sock_sendmsg net/socket.c:744 [inline] ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline] __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411 entry_SYSENTER_compat_after_hwframe+0x84/0x8e RIP: 0023:0xf7fe4579 Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Allocated by task 5387: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394 kmalloc_noprof include/linux/slab.h:878 [inline] kzalloc_noprof include/linux/slab.h:1014 [inline] subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803 subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956 __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline] tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167 mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764 __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592 mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642 mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline] mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943 mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777 process_one_work+0x958/0x1b30 kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/ke ---truncated---

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2024-50027
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 14.26%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 19:39
Updated-11 May, 2026 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
thermal: core: Free tzp copy along with the thermal zone

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Free tzp copy along with the thermal zone The object pointed to by tz->tzp may still be accessed after being freed in thermal_zone_device_unregister(), so move the freeing of it to the point after the removal completion has been completed at which it cannot be accessed any more.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2019-15890
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.03% / 89.34%
||
7 Day CHG~0.00%
Published-06 Sep, 2019 | 16:55
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.

Action-Not Available
Vendor-libslirp_projectn/aQEMU
Product-libslirpqemun/a
CWE ID-CWE-416
Use After Free
CVE-2024-46762
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 14.47%
||
7 Day CHG-0.00%
Published-18 Sep, 2024 | 07:12
Updated-11 May, 2026 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
xen: privcmd: Fix possible access to a freed kirqfd instance

In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fix possible access to a freed kirqfd instance Nothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and privcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd created and added to the irqfds_list by privcmd_irqfd_assign() may get removed by another thread executing privcmd_irqfd_deassign(), while the former is still using it after dropping the locks. This can lead to a situation where an already freed kirqfd instance may be accessed and cause kernel oops. Use SRCU locking to prevent the same, as is done for the KVM implementation for irqfds.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2024-46842
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 10.50%
||
7 Day CHG~0.00%
Published-27 Sep, 2024 | 12:39
Updated-11 May, 2026 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info The MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the routine unconditionally frees submitted mailbox commands regardless of return status. The issue is that for MBX_TIMEOUT cases, when firmware returns SFP information at a later time, that same mailbox memory region references previously freed memory in its cmpl routine. Fix by adding checks for the MBX_TIMEOUT return code. During mailbox resource cleanup, check the mbox flag to make sure that the wait did not timeout. If the MBOX_WAKE flag is not set, then do not free the resources because it will be freed when firmware completes the mailbox at a later time in its cmpl routine. Also, increase the timeout from 30 to 60 seconds to accommodate boot scripts requiring longer timeouts.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2024-4741
Matching Score-4
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-4
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.94% / 85.46%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 10:20
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free with SSL_free_buffers

Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

Action-Not Available
Vendor-OpenSSL
Product-OpenSSLopenssl
CWE ID-CWE-416
Use After Free
CVE-2024-47666
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 11.02%
||
7 Day CHG~0.00%
Published-09 Oct, 2024 | 14:13
Updated-11 May, 2026 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
scsi: pm80xx: Set phy->enable_completion only when we wait for it

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy->enable_completion only when we wait for it pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and returns. The problem arises when a phy control response comes late. After 300 ms the pm8001_phy_control() function returns and the passed enable_completion stack address is no longer valid. Late phy control response invokes complete() on a dangling enable_completion pointer which leads to a kernel crash.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2022-24070
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-9.25% / 94.75%
||
7 Day CHG+0.50%
Published-12 Apr, 2022 | 17:50
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Subversion mod_dav_svn is vulnerable to memory corruption

Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.

Action-Not Available
Vendor-The Apache Software FoundationApple Inc.Fedora ProjectDebian GNU/Linux
Product-subversiondebian_linuxmacosfedoraApache Subversion
CWE ID-CWE-416
Use After Free
CVE-2024-46716
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 12.49%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 06:32
Updated-11 May, 2026 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor

In the Linux kernel, the following vulnerability has been resolved: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Remove list_del call in msgdma_chan_desc_cleanup, this should be the role of msgdma_free_descriptor. In consequence replace list_add_tail with list_move_tail in msgdma_free_descriptor. This fixes the path: msgdma_free_chan_resources -> msgdma_free_descriptors -> msgdma_free_desc_list -> msgdma_free_descriptor which does not correctly free the descriptors as first nodes were not removed from the list.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2024-45013
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 7.67%
||
7 Day CHG~0.00%
Published-11 Sep, 2024 | 15:13
Updated-11 May, 2026 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
nvme: move stopping keep-alive into nvme_uninit_ctrl()

In the Linux kernel, the following vulnerability has been resolved: nvme: move stopping keep-alive into nvme_uninit_ctrl() Commit 4733b65d82bd ("nvme: start keep-alive after admin queue setup") moves starting keep-alive from nvme_start_ctrl() into nvme_init_ctrl_finish(), but don't move stopping keep-alive into nvme_uninit_ctrl(), so keep-alive work can be started and keep pending after failing to start controller, finally use-after-free is triggered if nvme host driver is unloaded. This patch fixes kernel panic when running nvme/004 in case that connection failure is triggered, by moving stopping keep-alive into nvme_uninit_ctrl(). This way is reasonable because keep-alive is now started in nvme_init_ctrl_finish().

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2024-43864
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 10.82%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 23:45
Updated-11 May, 2026 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
net/mlx5e: Fix CT entry update leaks of modify header context

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix CT entry update leaks of modify header context The cited commit allocates a new modify header to replace the old one when updating CT entry. But if failed to allocate a new one, eg. exceed the max number firmware can support, modify header will be an error pointer that will trigger a panic when deallocating it. And the old modify header point is copied to old attr. When the old attr is freed, the old modify header is lost. Fix it by restoring the old attr to attr when failed to allocate a new modify header context. So when the CT entry is freed, the right modify header context will be freed. And the panic of accessing error pointer is also fixed.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2010-0302
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.58% / 83.34%
||
7 Day CHG~0.00%
Published-05 Mar, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.Red Hat, Inc.Fedora Project
Product-enterprise_linux_eusubuntu_linuxmac_os_xenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopfedoramac_os_x_servercupsenterprise_linuxn/a
CWE ID-CWE-416
Use After Free
CVE-2024-42108
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 13.99%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 07:46
Updated-11 May, 2026 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
net: rswitch: Avoid use-after-free in rswitch_poll()

In the Linux kernel, the following vulnerability has been resolved: net: rswitch: Avoid use-after-free in rswitch_poll() The use-after-free is actually in rswitch_tx_free(), which is inlined in rswitch_poll(). Since `skb` and `gq->skbs[gq->dirty]` are in fact the same pointer, the skb is first freed using dev_kfree_skb_any(), then the value in skb->len is used to update the interface statistics. Let's move around the instructions to use skb->len before the skb is freed. This bug is trivial to reproduce using KFENCE. It will trigger a splat every few packets. A simple ARP request or ICMP echo request is enough.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2019-20006
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.60% / 72.91%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 21:55
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.

Action-Not Available
Vendor-ezxml_projectn/a
Product-ezxmln/a
CWE ID-CWE-416
Use After Free
CVE-2022-23308
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.01% / 92.45%
||
7 Day CHG~0.00%
Published-26 Feb, 2022 | 00:00
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Fedora ProjectApple Inc.libxml2 (XMLSoft)Debian GNU/Linux
Product-h410sactive_iq_unified_managerdebian_linuxh500s_firmwarecommunications_cloud_native_core_binding_support_functionbootstrap_osh410c_firmwareh410ch700sh500smysql_workbenchh700e_firmwarezfs_storage_appliance_kitontap_select_deploy_administration_utilitycommunications_cloud_native_core_network_function_cloud_native_environmenth500e_firmwaresolidfire\,_enterprise_sds_\&_hci_storage_nodetvosclustered_data_ontap_antivirus_connectorclustered_data_ontaph300ecommunications_cloud_native_core_network_repository_functioncommunications_cloud_native_core_unified_data_repositoryh300e_firmwaremacoswatchossolidfire_\&_hci_management_nodeh700eipadosmac_os_xhci_compute_nodeh500eh700s_firmwaresmi-s_providerfedoracommunications_cloud_native_core_network_slice_selection_functionh410s_firmwaresnapmanagerlibxml2h300s_firmwaremanageability_software_development_kitsnapdriveiphone_osh300sn/a
CWE ID-CWE-416
Use After Free
CVE-2022-29228
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.17% / 63.69%
||
7 Day CHG~0.00%
Published-09 Jun, 2022 | 19:20
Updated-23 Apr, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable assertion in Envoy

Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn’t ever be called from filters after a local reply has been sent. Users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-envoyproxyenvoyproxy
Product-envoyenvoy
CWE ID-CWE-617
Reachable Assertion
CWE ID-CWE-416
Use After Free
CVE-2024-38910
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 39.62%
||
7 Day CHG+0.01%
Published-05 Dec, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a use-after-free in the nav2_amcl process. This vulnerability is triggered via sending a request to change dynamic parameters.

Action-Not Available
Vendor-n/aopen_robotics
Product-n/aros2nav2_humble
CWE ID-CWE-416
Use After Free
CVE-2022-22533
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-1.75% / 75.20%
||
7 Day CHG+0.03%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable.

Action-Not Available
Vendor-SAP SE
Product-netweaver_application_server_javaSAP NetWeaver Application Server Java
CWE ID-CWE-416
Use After Free
CVE-2022-2318
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.42% / 33.69%
||
7 Day CHG+0.01%
Published-06 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-debian_linuxlinux_kernelh500sh410s_firmwareh700s_firmwareh300s_firmwareh500s_firmwareh410c_firmwareh410sh410ch300sh700sKernel
CWE ID-CWE-416
Use After Free
CVE-2019-17069
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.25% / 80.75%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 00:00
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.

Action-Not Available
Vendor-puttyn/aNetApp, Inc.openSUSE
Product-oncommand_unified_manager_core_packageputtyleapn/a
CWE ID-CWE-416
Use After Free
CVE-2009-3553
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.91% / 89.03%
||
7 Day CHG~0.00%
Published-20 Nov, 2009 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.Red Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxmac_os_xfedoramac_os_x_servercupsenterprise_linuxn/a
CWE ID-CWE-416
Use After Free
CVE-2024-38385
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 10.68%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 14:22
Updated-11 May, 2026 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()

In the Linux kernel, the following vulnerability has been resolved: genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() irq_find_at_or_after() dereferences the interrupt descriptor which is returned by mt_find() while neither holding sparse_irq_lock nor RCU read lock, which means the descriptor can be freed between mt_find() and the dereference: CPU0 CPU1 desc = mt_find() delayed_free_desc(desc) irq_desc_get_irq(desc) The use-after-free is reported by KASAN: Call trace: irq_get_next_irq+0x58/0x84 show_stat+0x638/0x824 seq_read_iter+0x158/0x4ec proc_reg_read_iter+0x94/0x12c vfs_read+0x1e0/0x2c8 Freed by task 4471: slab_free_freelist_hook+0x174/0x1e0 __kmem_cache_free+0xa4/0x1dc kfree+0x64/0x128 irq_kobj_release+0x28/0x3c kobject_put+0xcc/0x1e0 delayed_free_desc+0x14/0x2c rcu_do_batch+0x214/0x720 Guard the access with a RCU read lock section.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2024-36844
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 44.65%
||
7 Day CHG~0.00%
Published-31 May, 2024 | 19:16
Updated-03 Nov, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.

Action-Not Available
Vendor-libmodbusn/alibmodbus
Product-libmodbusn/alibmodbus
CWE ID-CWE-416
Use After Free
CVE-2019-10484
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 6.62%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 08:30
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free issue occurs when command destructors access dynamically allocated response buffer which is already deallocated during previous command teardwon sequence in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8098, MSM8909W, Nicobar, QCS405, QCS605, SDA845, SDM660, SDM670, SDM710, SDM845, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-apq8098_firmwaresdm845sdm660sdx24sm8250_firmwareqcs405sm7150_firmwaresdm710msm8909w_firmwaresm6150sdm710_firmwaresm7150sdm670sxr2130qcs605_firmwaresdm670_firmwaresm8150_firmwaresdx24_firmwaresxr2130_firmwareqcs405_firmwaresda845_firmwareapq8098qcs605sm6150_firmwaresm8250sm8150nicobar_firmwaremsm8909wsdm660_firmwaresda845nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2024-36932
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 9.73%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 15:29
Updated-11 May, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
thermal/debugfs: Prevent use-after-free from occurring after cdev removal

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Prevent use-after-free from occurring after cdev removal Since thermal_debug_cdev_remove() does not run under cdev->lock, it can run in parallel with thermal_debug_cdev_state_update() and it may free the struct thermal_debugfs object used by the latter after it has been checked against NULL. If that happens, thermal_debug_cdev_state_update() will access memory that has been freed already causing the kernel to crash. Address this by using cdev->lock in thermal_debug_cdev_remove() around the cdev->debugfs value check (in case the same cdev is removed at the same time in two different threads) and its reset to NULL. Cc :6.8+ <stable@vger.kernel.org> # 6.8+

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinuxlinux_kernel
CWE ID-CWE-416
Use After Free
CVE-2024-35836
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 8.91%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 14:02
Updated-11 May, 2026 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
dpll: fix pin dump crash for rebound module

In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirely freed (other kernel module instance of the same PCI device have had kept the reference to that pin), and kernel module is again bound, the pin properties would not be updated (the properties are only assigned when memory for the pin is allocated), prop pointer still points to the kernel module memory of the kernel module which was deallocated on the unbind. If the pin dump is invoked in this state, the result is a kernel crash. Prevent the crash by storing persistent pin properties in dpll subsystem, copy the content from the kernel module when pin is allocated, instead of using memory of the kernel module.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2024-35865
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 13.09%
||
7 Day CHG~0.00%
Published-19 May, 2024 | 08:34
Updated-01 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
smb: client: fix potential UAF in smb2_is_valid_oplock_break()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_valid_oplock_break() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2024-35801
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.23% / 14.11%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 13:23
Updated-11 May, 2026 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Commit 672365477ae8 ("x86/fpu: Update XFD state where required") and commit 8bf26758ca96 ("x86/fpu: Add XFD state to fpstate") introduced a per CPU variable xfd_state to keep the MSR_IA32_XFD value cached, in order to avoid unnecessary writes to the MSR. On CPU hotplug MSR_IA32_XFD is reset to the init_fpstate.xfd, which wipes out any stale state. But the per CPU cached xfd value is not reset, which brings them out of sync. As a consequence a subsequent xfd_update_state() might fail to update the MSR which in turn can result in XRSTOR raising a #NM in kernel space, which crashes the kernel. To fix this, introduce xfd_set_state() to write xfd_state together with MSR_IA32_XFD, and use it in all places that set MSR_IA32_XFD.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinuxlinux_kernel
CWE ID-CWE-416
Use After Free
CVE-2024-35811
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 14.07%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 13:23
Updated-12 May, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach This is the candidate patch of CVE-2023-47233 : https://nvd.nist.gov/vuln/detail/CVE-2023-47233 In brcm80211 driver,it starts with the following invoking chain to start init a timeout worker: ->brcmf_usb_probe ->brcmf_usb_probe_cb ->brcmf_attach ->brcmf_bus_started ->brcmf_cfg80211_attach ->wl_init_priv ->brcmf_init_escan ->INIT_WORK(&cfg->escan_timeout_work, brcmf_cfg80211_escan_timeout_worker); If we disconnect the USB by hotplug, it will call brcmf_usb_disconnect to make cleanup. The invoking chain is : brcmf_usb_disconnect ->brcmf_usb_disconnect_cb ->brcmf_detach ->brcmf_cfg80211_detach ->kfree(cfg); While the timeout woker may still be running. This will cause a use-after-free bug on cfg in brcmf_cfg80211_escan_timeout_worker. Fix it by deleting the timer and canceling the worker in brcmf_cfg80211_detach. [arend.vanspriel@broadcom.com: keep timer delete as is and cancel work just before free]

Action-Not Available
Vendor-Debian GNU/LinuxSiemens AGLinux Kernel Organization, Inc
Product-debian_linuxlinux_kernelLinuxSIMATIC S7-1500 TM MFP - GNU/Linux subsystem
CWE ID-CWE-416
Use After Free
CVE-2022-22252
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.64% / 46.08%
||
7 Day CHG~0.00%
Published-13 May, 2022 | 15:10
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosHarmonyOS;EMUI;Magic UI
CWE ID-CWE-416
Use After Free
CVE-2019-11810
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.79% / 92.20%
||
7 Day CHG~0.00%
Published-07 May, 2019 | 13:04
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-21504
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.25% / 16.02%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 17:50
Updated-24 Sep, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of the kernel. An attack with local access can operate on the socket, and cause a denial of service. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-linuxOracle Linux
CWE ID-CWE-416
Use After Free
CVE-2024-33010
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.28% / 19.87%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 14:21
Updated-26 Nov, 2024 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in WLAN Host

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareqam8255p_firmwaresnapdragon_8_gen_1_mobile_platformsa6150p_firmwareqcs610ipq4028_firmwareqca8337qfw7124sg8275p_firmwarear9380ipq8173_firmwareqam8775pqcf8001qamsrv1msnapdragon_888_5g_mobile_platformqcn5124qca4024_firmwarewsa8840wcn3950_firmwareimmersive_home_318_platform_firmwareqxm8083ipq8078aipq5028_firmwaresa8150p_firmwareqca6595au_firmwaresnapdragon_480_5g_mobile_platformvideo_collaboration_vc3_platformcsra6620_firmwarecsra6640_firmwareqcm5430_firmwareqcs6125_firmwaresnapdragon_460_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwareqep8111_firmwareqca6554a_firmwareqam8295pwcn3950qcn6024_firmwareipq8076amdm9628immersive_home_316_platform_firmwareqca8386_firmwaresd_8_gen1_5g_firmwareqca8084_firmwaresnapdragon_460_mobile_platformqca6688aqqcn6412sm7315_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwareqcn5164_firmwareqcn6422_firmwarewcd9375_firmwareqca8081_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca9367_firmwareipq8065ipq8078a_firmwareqca6678aq_firmwaresmart_audio_400_platform_firmwareqrb5165m_firmwareipq5028qca7500ipq4029_firmwareqca6698aqqcs6125sa4155p_firmwareqcf8001_firmwarewsa8840_firmwareipq6010ipq8068sa7775p_firmwaresdx65mwcd9340snapdragon_8\+_gen_1_mobile_platformqcn6432qcn6132snapdragon_780g_5g_mobile_platformsw5100sa6155pqcf8000qca6698aq_firmwaresxr2250pipq5312snapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)snapdragon_auto_5g_modem-rf_gen_2_firmwareqca9888_firmwareqcn6122wcd9341qam8775p_firmwareipq8068_firmwareqca6696_firmwaresa8255pipq9008_firmwareqcn5154_firmwareqca6797aqsa8150pqcc710_firmwarerobotics_rb5_platformwsa8830_firmwareqca9992_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3988snapdragon_780g_5g_mobile_platform_firmwaresa8195p_firmwareqcn5022_firmwareqca9898sa8295p_firmwareipq4028immersive_home_216_platform_firmwaresa8770pqca9985_firmwaresnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)ipq4018_firmwareqca8337_firmwaresnapdragon_778g_5g_mobile_platform_firmwaressg2125pwcd9380_firmwareipq8072aqca7500_firmwareqca9980_firmwaresw5100pipq8076a_firmwaresnapdragon_w5\+_gen_1_wearable_platformipq8078qca8084qcm8550ipq8173qca6564auipq9008qcn5164qca6574qcn6402_firmwarecsr8811_firmwaresnapdragon_7c\+_gen_3_computewcd9380snapdragon_x72_5g_modem-rf_system_firmwarefastconnect_6700ipq9554_firmwareqcs410snapdragon_782g_mobile_platform_\(sm7325-af\)qcn5024ipq4019_firmwaresxr1230psnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)_firmwarevideo_collaboration_vc3_platform_firmwaresg8275pqca9985qcn9012_firmwaresm6370_firmwareqcn9274_firmwareqcn5052_firmwareqfw7114_firmwarewcd9335_firmwarewcn3980wsa8845qcc2073_firmwareipq6018_firmwareqcm4325_firmwarewcd9340_firmwarewsa8815qcn6112snapdragon_4_gen_1_mobile_platformqxm8083_firmwareqcs8250qca9984ipq6028ipq8064snapdragon_x62_5g_modem-rf_system_firmwareqcn9024ipq9574_firmwarewcn3980_firmwareimmersive_home_3210_platform_firmwareipq5302ipq8064_firmwaresa8295pwcn6740_firmwareqcs4490_firmwareqca6678aqsnapdragon_x65_5g_modem-rf_systemipq8078_firmwaresa8650p_firmwarefastconnect_6900snapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwareqca9994qca6797aq_firmwaresnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)_firmwaresrv1lqca9980qcn9024_firmwareipq8174_firmwareqca6564a_firmwaresa7255p_firmwareqca9880snapdragon_8\+_gen_2_mobile_platformsa8620pwsa8832qcn6412_firmwaresw5100p_firmwaresa8540pqcs610_firmwareipq5332ipq5302_firmwareqamsrv1m_firmwareimmersive_home_326_platformqcm5430sa6145pipq6018qca9886_firmwareqcc710immersive_home_214_platformqcs4490qca6595_firmwaresa8145pwcd9395qcs5430_firmwareqca6391_firmwaresa4150p_firmwareimmersive_home_214_platform_firmwareqca4024wcd9370_firmwaresm8550p_firmwaresdx55sd888_firmwareqcn6402sa8155pcsra6640snapdragon_695_5g_mobile_platformvideo_collaboration_vc1_platformsrv1mssg2115p_firmwareqam8620p_firmwareqfw7124_firmwareqam8255psa4155pqep8111snapdragon_685_4g_mobile_platform_\(sm6225-ad\)snapdragon_782g_mobile_platform_\(sm7325-af\)_firmwarear8035_firmwareqcn5024_firmwaretalynplus_firmwarewsa8830snapdragon_662_mobile_platform_firmwareqcn9070sxr2230p_firmwaresa8145p_firmwareqam8650pmdm9628_firmwareflight_rb5_5g_platformcsra6620flight_rb5_5g_platform_firmwareqcn6224_firmwareqca8082qcn9072qca8386qca9880_firmwareqca9992srv1l_firmwaresnapdragon_888_5g_mobile_platform_firmwareipq6000wcd9370ssg2115pqcn5152_firmwareqca6584au_firmwarewcn3990_firmwareqrb5165n_firmwaresnapdragon_8_gen_2_mobile_platformqca9984_firmwareqca9377qcn9000_firmwareqcn9160ipq9554qamsrv1hsa8530pwcd9385_firmwareimmersive_home_216_platformfastconnect_6200talynplusqamsrv1h_firmwareimmersive_home_316_platformipq8074aimmersive_home_318_platformqcn5124_firmwareqam8295p_firmwareqcn9011_firmwareqca8082_firmwaresa9000p_firmwareqcn5122_firmwaresa7255psdx55_firmwaresnapdragon_4_gen_2_mobile_platformqcn6023_firmwaresnapdragon_8_gen_3_mobile_platformqfw7114wsa8845h_firmwaresnapdragon_778g_5g_mobile_platformqca6595ausnapdragon_680_4g_mobile_platform_firmwareqrb5165nsnapdragon_w5\+_gen_1_wearable_platform_firmwareipq5010qca6564au_firmwareqca6584ausa8620p_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqcn9274snapdragon_x72_5g_modem-rf_systemsa8775p_firmwareipq8174qca9990qcs6490qcn5052qca9367video_collaboration_vc5_platformqcs8550_firmwareqcn6112_firmwarewcn3988_firmwareqcn9074srv1hsa6145p_firmwareqca8085fastconnect_6700_firmwaresa8195pwsa8810_firmwareqcn6224vision_intelligence_400_platformwsa8845hsnapdragon_x62_5g_modem-rf_systemwcd9395_firmwaresnapdragon_x75_5g_modem-rf_systemwcd9335snapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwaresg4150pqcs7230qca8081snapdragon_x35_5g_modem-rf_systemsnapdragon_auto_5g_modem-rf_gen_2qcm4490qcn6023ipq8071asa7775psdx65m_firmwareqam8620pqca6174a_firmwaresa8770p_firmwareqca8085_firmwareipq5300ipq8071a_firmwareqcs5430immersive_home_3210_platformwcd9385qcs6490_firmwareqca9898_firmwarewcd9375ar8035csr8811ipq4019wcd9390qcn9100_firmwarevision_intelligence_400_platform_firmwaresnapdragon_662_mobile_platformipq5010_firmwareipq8074a_firmwarewsa8815_firmwareqcm6490wsa8835_firmwarevideo_collaboration_vc5_platform_firmwaresxr2250p_firmwareqca6564asa4150psnapdragon_8_gen_2_mobile_platform_firmwaresg4150p_firmwareqcm6125_firmwareqca6688aq_firmwareqcm4325robotics_rb5_platform_firmwarewcn3990qcn9000qcf8000_firmwareqca6554aqca6595ar9380_firmwareqcs7230_firmwareqcn9012sd888sa8530p_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareipq8065_firmwaresxr1230p_firmwarewsa8835sa8540p_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwaresnapdragon_auto_5g_modem-rfqcn6274sd_8_gen1_5gsnapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmwareqcn6422snapdragon_4_gen_1_mobile_platform_firmwareqcn5154qca8075_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaressg2125p_firmwaresmart_audio_400_platformipq4018qca6574aqca9889qca6174asm7325pqcn6132_firmwareqca9888qca9994_firmwareqcc2076_firmwareipq8070a_firmwareipq8076_firmwaresa8650psa9000pqca6574_firmwareqca9886sm7325p_firmwaresxr2230pipq8076wsa8845_firmwareqcn9160_firmwareqca6175aqca6574a_firmwaresa8775pfastconnect_6200_firmwareqcn5152qrb5165msm7315qca6391snapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)fastconnect_7800qcn9100snapdragon_x35_5g_modem-rf_system_firmwareqcm4490_firmwareqcn6274_firmwareqcm6490_firmwareipq5300_firmwarewsa8832_firmwareqcn9070_firmwaresrv1h_firmwareipq6028_firmwareipq8072a_firmwareqcn9011video_collaboration_vc1_platform_firmwareqcn6432_firmwareipq5312_firmwareqca6574ausnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)_firmwareqca9889_firmwaresa8155p_firmwareqcn5122ipq9574qcs8250_firmwarewcd9341_firmwarefastconnect_7800_firmwareqcm6125wsa8810ipq5332_firmwaresm8550psnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_680_4g_mobile_platformsm6370srv1m_firmwaresnapdragon_ar2_gen_1_platformqcn5022qam8650p_firmwareipq6010_firmwarewcn6740qca6696qcs8550sa6150pqca8075snapdragon_8_gen_3_mobile_platform_firmwareqcn9022_firmwareqcn6024qcn9022wcd9390_firmwareqcc2076qca9990_firmwareipq8070aqcn9072_firmwareipq6000_firmwaresnapdragon_8\+_gen_1_mobile_platform_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareipq4029qcc2073qca6175a_firmwareSnapdragonqcn5024_firmwareqam8255p_firmwareqca9377_firmwaretalynplus_firmwaresnapdragon_662_mobile_platform_firmwaresa6150p_firmwaresa8145p_firmwaresxr2230p_firmwareipq4028_firmwaresg8275p_firmwareipq8173_firmwaremdm9628_firmwareflight_rb5_5g_platform_firmwareqcn6224_firmwareqca4024_firmwareqca9880_firmwareimmersive_home_318_platform_firmwarewcn3950_firmwaresrv1l_firmwaresnapdragon_888_5g_mobile_platform_firmwareipq5028_firmwaresa8150p_firmwareqca6595au_firmwarecsra6620_firmwarecsra6640_firmwareqcm5430_firmwareqcn5152_firmwareqcs6125_firmwaresnapdragon_460_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwareqca6584au_firmwareqep8111_firmwareqrb5165n_firmwareqcn9000_firmwareqca9984_firmwarewcn3990_firmwareqca6554a_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9385_firmwareqcn6024_firmwareqca8386_firmwareimmersive_home_316_platform_firmwareqamsrv1h_firmwaresd_8_gen1_5g_firmwareqca8084_firmwareqcn5124_firmwareqam8295p_firmwareqcn9011_firmwareqca8082_firmwaresa9000p_firmwaresm7315_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwareqcn6422_firmwaresdx55_firmwareqca8081_firmwareqcn6023_firmwaresnapdragon_695_5g_mobile_platform_firmwarewcd9375_firmwarewsa8845h_firmwaresnapdragon_680_4g_mobile_platform_firmwareqca6564au_firmwaresa8620p_firmwaresa6155p_firmwareqca9367_firmwaresnapdragon_auto_5g_modem-rf_firmwareqcm8550_firmwareipq8078a_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqca6678aq_firmwaresmart_audio_400_platform_firmwaresa8775p_firmwareqrb5165m_firmwarewsa8840_firmwareipq4029_firmwaresa4155p_firmwareqcf8001_firmwareqcs8550_firmwareqcn6112_firmwarewcn3988_firmwaresa6145p_firmwaresa7775p_firmwarefastconnect_6700_firmwarewsa8810_firmwaresnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwarewcd9395_firmwareqca6698aq_firmwaresdx65m_firmwareqca6174a_firmwareipq8071a_firmwaresa8770p_firmwareqca8085_firmwareqam8775p_firmwareipq8068_firmwareqca9888_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqca6696_firmwareqcs6490_firmwareipq9008_firmwareqcn5154_firmwareqca9898_firmwareqcc710_firmwareqcn9100_firmwarevision_intelligence_400_platform_firmwarewsa8830_firmwareqca9992_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarewsa8835_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresa8195p_firmwareqcn5022_firmwaresa8295p_firmwaresxr2250p_firmwareimmersive_home_216_platform_firmwaresg4150p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqca6688aq_firmwareqcm6125_firmwarequalcomm_video_collaboration_vc1_platform_firmwareqca9985_firmwarerobotics_rb5_platform_firmwareipq4018_firmwareqca8337_firmwaresnapdragon_778g_5g_mobile_platform_firmwarewcd9380_firmwareqca7500_firmwareqca9980_firmwareqcf8000_firmwareipq8076a_firmwarear9380_firmwareqcs7230_firmwaresa8530p_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareipq8065_firmwaresxr1230p_firmwareqcn6402_firmwaresa8540p_firmwarecsr8811_firmwareipq9554_firmwaresnapdragon_x72_5g_modem-rf_system_firmwaresnapdragon_4_gen_1_mobile_platform_firmwareqca8075_firmwaresnapdragon_4_gen_2_mobile_platform_firmwareipq4019_firmwaressg2125p_firmwareqcn6132_firmwareqca9994_firmwareqcn5052_firmwareqcn9012_firmwareqcc2076_firmwareipq8070a_firmwareqcn9274_firmwareqfw7114_firmwaresm6370_firmwarewcd9335_firmwareqcc2073_firmwareipq6018_firmwareipq8076_firmwareqcm4325_firmwareqca6574_firmwarewcd9340_firmwaresm7325p_firmwarewsa8845_firmwareqcn9160_firmwareqxm8083_firmwareqca6574a_firmwarefastconnect_6200_firmwaresnapdragon_x62_5g_modem-rf_system_firmwareipq9574_firmwarewcn3980_firmwareimmersive_home_3210_platform_firmwareipq8064_firmwarewcn6740_firmwareqcm4490_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqcn6274_firmwareqcs4490_firmwareipq5300_firmwareqcm6490_firmwareipq8078_firmwaresa8650p_firmwareqcn9070_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewsa8832_firmwarefastconnect_6900_firmwaresrv1h_firmwareipq6028_firmwareipq8072a_firmwareqca6797aq_firmwareipq5312_firmwareqcn6432_firmwareqca9889_firmwaresa8155p_firmwareqca6564a_firmwareipq8174_firmwareqcn9024_firmwaresa7255p_firmwareqcs8250_firmwarewcd9341_firmwarefastconnect_7800_firmwareqcn6412_firmwaresw5100p_firmwareipq5332_firmwareqcs610_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareipq5302_firmwareqamsrv1m_firmwaresrv1m_firmwareqca9886_firmwareqam8650p_firmwareipq6010_firmwareqca6595_firmwareqcs5430_firmwareqca6391_firmwareimmersive_home_214_platform_firmwaresa4150p_firmwarewcd9370_firmwaresm8550p_firmwarequalcomm_video_collaboration_vc5_platform_firmwaresd888_firmwareqcn9022_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewcd9390_firmwareqca9990_firmwareqcn9072_firmwareipq6000_firmwaressg2115p_firmwaresw5100_firmwareqcn9074_firmwareqam8620p_firmwareqcs410_firmwareqfw7124_firmwareqca6175a_firmwarear8035_firmware
CWE ID-CWE-416
Use After Free
CVE-2024-32974
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.69% / 48.39%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 21:00
Updated-02 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Envoy affected by a crash in EnvoyQuicServerStream::OnInitialHeadersComplete()

Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM's `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free.

Action-Not Available
Vendor-envoyproxyenvoyproxy
Product-envoyenvoy
CWE ID-CWE-416
Use After Free
CVE-2024-33068
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 15.44%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 10:04
Updated-07 Nov, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in WLAN Host Communication

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwarewsa8830qca6777aqsxr2230p_firmwareqca8337qam8650pqfw7124sg8275p_firmwareqcf8001qam8775pqamsrv1mqca6777aq_firmwareqcn6224_firmwareqcn5124wsa8840qca8082qca8386srv1l_firmwarewcn6755_firmwareqca6595au_firmwarevideo_collaboration_vc3_platformwcd9370ssg2115pqca6584au_firmwarewcn3990_firmwaresnapdragon_8_gen_2_mobile_platformqcn9000_firmwareqamsrv1hqca6554a_firmwarewcd9385_firmwareqam8295pwcn7881_firmwareqca8386_firmwareqamsrv1h_firmwarewcn3660bqca8084_firmwareqcn6412qcn5124_firmwareqca6688aqqam8295p_firmwaresa9000p_firmwaresnapdragon_429_mobile_platform_firmwareqca8082_firmwareqca6574au_firmwaresa7255pqcn6422_firmwarewsa8845h_firmwarewcd9375_firmwaresnapdragon_8_gen_3_mobile_platformqfw7114qca8081_firmwareqca6595ausnapdragon_429_mobile_platformwcn7860qca6564au_firmwaresa8620p_firmwaresa6155p_firmwareqca6584ausnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqcn9274wcn7881snapdragon_x72_5g_modem-rf_systemqca6678aq_firmwaresa8775p_firmwareqcs6490wsa8840_firmwareqca6698aqvideo_collaboration_vc5_platformqcf8001_firmwareqcs8550_firmwaresm8635wcn7880_firmwaresrv1hqcn9074qca8085sdx65msa7775p_firmwarewcd9340sa8195pqcn6224vision_intelligence_400_platformwsa8845hwcn6755wcd9395_firmwarewcd9335snapdragon_x75_5g_modem-rf_systemsnapdragon_ar2_gen_1_platform_firmwaresm8750p_firmwaresm8750_firmwaresa8255p_firmwaresa6155pqcs7230snapdragon_auto_5g_modem-rf_gen_2qcf8000sdx65m_firmwaresa7775psxr2250pqca8081qca6698aq_firmwareqam8620pwcd9385wcd9341snapdragon_auto_5g_modem-rf_gen_2_firmwaresa8770p_firmwaresa8255pqca8085_firmwareqca6696_firmwareqcs6490_firmwareqam8775p_firmwareimmersive_home_3210_platformipq9008_firmwareqca6797aqar8035wcd9375wcd9390vision_intelligence_400_platform_firmwareqcc710_firmwarewsa8830_firmwarewcn3620_firmwarewsa8835_firmwarewcn3620sa8195p_firmwarevideo_collaboration_vc5_platform_firmwaresxr2250p_firmwaresa8295p_firmwarewcn7880snapdragon_8_gen_2_mobile_platform_firmwaresa8770pqca6787aq_firmwareqca6688aq_firmwarewcd9380_firmwareqca8337_firmwaressg2125pwcn3990qcn9000sdm429wqcf8000_firmwareqca6554aqca6595qca8084qcm8550qca6564auqcs7230_firmwareipq9008immersive_home_326_platform_firmwarewsa8835qca6574sxr1230p_firmwaresdm429w_firmwareqcn6402_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewcd9380qcn6274qcn6422snapdragon_x72_5g_modem-rf_system_firmwaressg2125p_firmwaresm8635_firmwareqca6574asxr1230pvideo_collaboration_vc3_platform_firmwaresg8275pwcd9335_firmwareqfw7114_firmwareqcn9274_firmwarewsa8845ipq5312sa8650psa9000pqca6574_firmwarewcd9340_firmwaresxr2230pwsa8845_firmwareqcs8250wcn3660b_firmwaresm8750psa8775pqca6574a_firmwareqcn9024ipq9574_firmwareqca6391immersive_home_3210_platform_firmwareipq5302sa8295pfastconnect_7800qcn6274_firmwaresnapdragon_x65_5g_modem-rf_systemwcn7861_firmwareqca6678aqwsa8832_firmwaresa8650p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900srv1h_firmwarefastconnect_6900_firmwareqcn6432_firmwareqca6797aq_firmwareqca6574auipq5312_firmwaresa8155p_firmwaresrv1lipq9574qcn9024_firmwaresa7255p_firmwareqcs8250_firmwarewcd9341_firmwaresnapdragon_8\+_gen_2_mobile_platformfastconnect_7800_firmwaresa8620pwsa8832qcn6412_firmwareipq5332_firmwaresm8550pipq5332ipq5302_firmwaresrv1m_firmwaresnapdragon_ar2_gen_1_platformqamsrv1m_firmwareimmersive_home_326_platformsm8750qam8650p_firmwareqcc710wcn7860_firmwareqca6595_firmwarewcn7861wcd9395qca6696qca6787aqqca6391_firmwareqcs8550wcd9370_firmwaresm8550p_firmwarewcd9390_firmwaresnapdragon_8_gen_3_mobile_platform_firmwaresa8155pqcn6402srv1mssg2115p_firmwareqcn9074_firmwareqam8620p_firmwareqfw7124_firmwareqam8255pqcn6432ar8035_firmwareSnapdragonqam8255p_firmwareqca8337_firmwarewcd9380_firmwaresxr2230p_firmwareqcf8000_firmwaresg8275p_firmwareqcs7230_firmwarear8035_firmwareqca6777aq_firmwareqcn6224_firmwareimmersive_home_326_platform_firmwaresxr1230p_firmwareqcn6402_firmwaresdm429w_firmwaresrv1l_firmwarewcn6755_firmwareqca6595au_firmwaresnapdragon_x72_5g_modem-rf_system_firmwaressg2125p_firmwaresm8635_firmwareqca6584au_firmwarewcn3990_firmwareqcn9000_firmwarewcd9335_firmwareqcn9274_firmwareqfw7114_firmwareqca6554a_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9385_firmwarewcn7881_firmwareqca8386_firmwareqamsrv1h_firmwareqca6574_firmwarewcd9340_firmwareqca8084_firmwareqcn5124_firmwarewsa8845_firmwareqam8295p_firmwarewcn3660b_firmwareqca8082_firmwaresa9000p_firmwaresnapdragon_429_mobile_platform_firmwareqca6574au_firmwareqca6574a_firmwareqcn6422_firmwarewcd9375_firmwareqca8081_firmwarewsa8845h_firmwareipq9574_firmwareimmersive_home_3210_platform_firmwareqca6564au_firmwaresa8620p_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqca6678aq_firmwareqcn6274_firmwaresa8775p_firmwarewcn7861_firmwarewsa8840_firmwaresa8650p_firmwarewsa8832_firmwaresnapdragon_x75_5g_modem-rf_system_firmwareqcf8001_firmwarefastconnect_6900_firmwaresrv1h_firmwareqcs8550_firmwareqca6797aq_firmwareipq5312_firmwareqcn6432_firmwarewcn7880_firmwaresa8155p_firmwaresa7775p_firmwareqcn9024_firmwaresa7255p_firmwareqcs8250_firmwarewcd9341_firmwarefastconnect_7800_firmwaresnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwaresm8750_firmwaresm8750p_firmwarewcd9395_firmwareqcn6412_firmwareipq5332_firmwareipq5302_firmwareqca6698aq_firmwareqamsrv1m_firmwaresdx65m_firmwaresrv1m_firmwareqam8650p_firmwaresa8770p_firmwareqca8085_firmwareqam8775p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqca6696_firmwareqcs6490_firmwarewcn7860_firmwareqca6595_firmwareipq9008_firmwareqca6391_firmwarewcd9370_firmwaresm8550p_firmwarequalcomm_video_collaboration_vc5_platform_firmwareqcc710_firmwarevision_intelligence_400_platform_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewsa8830_firmwarewcd9390_firmwarewcn3620_firmwaresxr2250p_firmwarewsa8835_firmwaresa8195p_firmwaressg2115p_firmwareqcn9074_firmwareqam8620p_firmwareqfw7124_firmwaresa8295p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqca6688aq_firmwareqca6787aq_firmware
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 7
  • 8
  • Next
Details not found