Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-68817

Summary
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At-13 Jan, 2026 | 15:29
Updated At-09 Feb, 2026 | 08:34
Rejected At-
Credits

ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still holds a reference and later executes *_put()/write on it.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Linux
Assigner Org ID:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:13 Jan, 2026 | 15:29
Updated At:09 Feb, 2026 | 08:34
Rejected At:
â–¼CVE Numbering Authority (CNA)
ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still holds a reference and later executes *_put()/write on it.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • fs/smb/server/mgmt/tree_connect.c
  • fs/smb/server/mgmt/tree_connect.h
  • fs/smb/server/smb2pdu.c
Default Status
unaffected
Versions
Affected
  • From dd45db4d9bbc8f122a9b4db5ce94ae29fcf03d3c before 446beed646b2e426dd53d27358365f8678e1dd01 (git)
  • From 7b58ee8d0b91359554cf219cd4f33872ea2afd66 before d092de8a26c952379ded8e6b0bda31d89befac1a (git)
  • From 33b235a6e6ebe0f05f3586a71e8d281d00f71e2e before d64977495e44855f2b28d8ce56107c963a7a50e4 (git)
  • From 33b235a6e6ebe0f05f3586a71e8d281d00f71e2e before 21a3d01fc6db5129f81edb0ab7cb94fd758bcbea (git)
  • From 33b235a6e6ebe0f05f3586a71e8d281d00f71e2e before 063cbbc6f595ea36ad146e1b7d2af820894beb21 (git)
  • From 33b235a6e6ebe0f05f3586a71e8d281d00f71e2e before b39a1833cc4a2755b02603eec3a71a85e9dff926 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • fs/smb/server/mgmt/tree_connect.c
  • fs/smb/server/mgmt/tree_connect.h
  • fs/smb/server/smb2pdu.c
Default Status
affected
Versions
Affected
  • 6.6
Unaffected
  • From 0 before 6.6 (semver)
  • From 5.15.199 through 5.15.* (semver)
  • From 6.1.160 through 6.1.* (semver)
  • From 6.6.120 through 6.6.* (semver)
  • From 6.12.64 through 6.12.* (semver)
  • From 6.18.3 through 6.18.* (semver)
  • From 6.19 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/446beed646b2e426dd53d27358365f8678e1dd01
N/A
https://git.kernel.org/stable/c/d092de8a26c952379ded8e6b0bda31d89befac1a
N/A
https://git.kernel.org/stable/c/d64977495e44855f2b28d8ce56107c963a7a50e4
N/A
https://git.kernel.org/stable/c/21a3d01fc6db5129f81edb0ab7cb94fd758bcbea
N/A
https://git.kernel.org/stable/c/063cbbc6f595ea36ad146e1b7d2af820894beb21
N/A
https://git.kernel.org/stable/c/b39a1833cc4a2755b02603eec3a71a85e9dff926
N/A
Hyperlink: https://git.kernel.org/stable/c/446beed646b2e426dd53d27358365f8678e1dd01
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/d092de8a26c952379ded8e6b0bda31d89befac1a
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/d64977495e44855f2b28d8ce56107c963a7a50e4
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/21a3d01fc6db5129f81edb0ab7cb94fd758bcbea
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/063cbbc6f595ea36ad146e1b7d2af820894beb21
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/b39a1833cc4a2755b02603eec3a71a85e9dff926
Resource: N/A
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:13 Jan, 2026 | 16:16
Updated At:26 Feb, 2026 | 18:43

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still holds a reference and later executes *_put()/write on it.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.15.145(inclusive) to 5.15.199(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.1.71(inclusive) to 6.1.160(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.6.1(inclusive) to 6.6.120(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.7(inclusive) to 6.12.64(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.13(inclusive) to 6.18.3(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.6
cpe:2.3:o:linux:linux_kernel:6.6:-:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.6
cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.6
cpe:2.3:o:linux:linux_kernel:6.6:rc6:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.6
cpe:2.3:o:linux:linux_kernel:6.6:rc7:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Primarynvd@nist.gov
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://git.kernel.org/stable/c/063cbbc6f595ea36ad146e1b7d2af820894beb21416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/21a3d01fc6db5129f81edb0ab7cb94fd758bcbea416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/446beed646b2e426dd53d27358365f8678e1dd01416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/b39a1833cc4a2755b02603eec3a71a85e9dff926416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/d092de8a26c952379ded8e6b0bda31d89befac1a416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/d64977495e44855f2b28d8ce56107c963a7a50e4416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Hyperlink: https://git.kernel.org/stable/c/063cbbc6f595ea36ad146e1b7d2af820894beb21
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/21a3d01fc6db5129f81edb0ab7cb94fd758bcbea
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/446beed646b2e426dd53d27358365f8678e1dd01
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/b39a1833cc4a2755b02603eec3a71a85e9dff926
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/d092de8a26c952379ded8e6b0bda31d89befac1a
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/d64977495e44855f2b28d8ce56107c963a7a50e4
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch

Change History

0
Information is not available yet

Similar CVEs

3188Records found
CVE-2019-10583
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.76%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free issue occurs when camera access sensors data through direct report mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, MDM9607, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6155p_firmwaresdm429wsdm845mdm9607_firmwaresm8250_firmwaresdm710msm8909w_firmwaremdm9607sm6150sdm429w_firmwaresdm710_firmwaresa6155psdm670sxr2130qcs605_firmwaresdm670_firmwaresm8150_firmwaresxr2130_firmwareapq8096ausda845_firmwareqcs605apq8096au_firmwaresm6150_firmwaresm8250sm8150sxr1130_firmwarenicobar_firmwaremsm8909wsxr1130sda845nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2025-48806
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.88%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability

Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_22h2windows_server_2022_23h2windows_10_21h2windows_11_24h2windows_server_2019windows_server_2025windows_server_2022windows_10_1607windows_11_23h2windows_10_1809windows_server_2016windows_server_2008windows_10_1507windows_11_22h2Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-416
Use After Free
CVE-2019-10524
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.26%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of check for a negative value returned for get_clk is wrongly interpreted as valid pointer and lead to use after free in clk driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdx24sdm439mdm9650sd_636msm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_665sdx24_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaremsm8909wsd_665_firmwaresd_205_firmwaresd_212sd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sdx20sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_710_firmwaresdm630qcs405sd_625sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresd_730sd_212_firmwaresd_850_firmwaresd_855_firmwaresdm439_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_205sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2019-10585
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.76%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible integer overflow happens when mmap find function will increment refcount every time when it invokes and can lead to use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, MDM9607, MDM9640, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9640_firmwaremsm8953sdm450sdm845_firmwaresdm429wsdm632_firmwaresdm845sdm450_firmwaresdm632sdm660sdx24sdm439mdm9607_firmwaresm8250_firmwaresdm429sdm710msm8909w_firmwaremdm9607qm215sdm429w_firmwaresm6150sdm710_firmwareapq8009apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaresdm670_firmwaresm8150_firmwaresdx24_firmwaresxr2130_firmwaresdm439_firmwaresda845_firmwareqm215_firmwareqcs605sdx55msm8953_firmwareapq8053sm6150_firmwaresm8250msm8917_firmwaresdm429_firmwaresm8150sxr1130_firmwaresdx55_firmwarenicobar_firmwaremsm8909wsxr1130apq8053_firmwaresdm660_firmwaresda845nicobarmdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-9344
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.11%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 18:59
Updated-22 Nov, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In several functions of DescramblerImpl.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-667
Improper Locking
CVE-2019-0211
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.8||HIGH
EPSS-89.13% / 99.53%
||
7 Day CHG-0.32%
Published-08 Apr, 2019 | 21:31
Updated-27 Oct, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxOracle CorporationopenSUSEThe Apache Software FoundationNetApp, Inc.Red Hat, Inc.Fedora Project
Product-enterprise_linux_for_ibm_z_systemsjboss_core_servicesenterprise_linuxinstantis_enterprisetrackenterprise_linux_eusretail_xstore_point_of_serviceubuntu_linuxenterprise_linux_for_power_little_endianenterprise_manager_ops_centeropenshift_container_platformenterprise_linux_for_arm_64_eushttp_serversoftware_collectionscommunications_session_report_managerdebian_linuxenterprise_linux_server_ausenterprise_linux_update_services_for_sap_solutionsenterprise_linux_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_server_tusfedoraenterprise_linux_for_arm_64openshift_container_platform_for_powerleapcommunications_session_route_manageroncommand_unified_managerApache HTTP ServerHTTP Server
CWE ID-CWE-416
Use After Free
CVE-2018-9439
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.27%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 23:37
Updated-19 Dec, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In __unregister_prot_hook and packet_release of af_packet.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-416
Use After Free
CVE-2025-48000
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.30%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-13 Feb, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability

Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_server_2022_23h2windows_10_21h2windows_11_24h2windows_server_2019windows_server_2025windows_server_2022windows_10_1607windows_11_23h2windows_10_1809windows_server_2016windows_11_22h2Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows 10 Version 21H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2022-42430
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.14%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-14 Feb, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the wowlan_config data structure. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17543.

Action-Not Available
Vendor-teslaTesla
Product-model_3_firmwaremodel_3Model 3
CWE ID-CWE-416
Use After Free
CVE-2022-4283
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.02%
||
7 Day CHG~0.00%
Published-14 Dec, 2022 | 00:00
Updated-29 Aug, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.X.Org FoundationFedora Project
Product-debian_linuxfedoraenterprise_linuxx_serverxorg-x11-server
CWE ID-CWE-416
Use After Free
CVE-2025-21474
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.47%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 07:25
Updated-19 Aug, 2025 | 13:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in BTHOST

Memory corruption while processing commands from A2dp sink command queue.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_8_gen_1_mobile_platformsw5100psw5100_firmwarewcn3660b_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwaresa6145p_firmwarewcn3988wsa8835sa6155p_firmwareqca6426sa8195psnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)sa8295psnapdragon_x55_5g_modem-rf_systemqca6391qcs610sa8145p_firmwaresa8295p_firmwaresa8150pwcn3950_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqcn9074_firmwaresa6150p_firmwarewcn3980qam8295p_firmwarewcn3988_firmwarefastconnect_7800_firmwaresw5100p_firmwareqca6574au_firmwarewsa8830video_collaboration_vc1_platform_firmwaresa8145pwsa8815_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmwarewsa8810wcd9370_firmwarefastconnect_6800wcn3680b_firmwareqca6426_firmwaresa6150psnapdragon_xr2_5g_platform_firmwaresnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmwareqca6696sw5100snapdragon_870_5g_mobile_platform_\(sm8250-ac\)sd865_5gqca6574auwcn3680bsxr2130wsa8810_firmwarewcd9380_firmwarewsa8835_firmwarewcd9341snapdragon_xr2_5g_platformqca6436qcs610_firmwarewcd9370qam8295psnapdragon_8_gen_1_mobile_platform_firmwarewcn3660bqca6696_firmwarefastconnect_6800_firmwaresa6155pwcn3950wsa8815wcd9341_firmwaresa6145pvideo_collaboration_vc1_platformfastconnect_7800qcn9074qcs410snapdragon_865_5g_mobile_platformfastconnect_6900_firmwaresxr2130_firmwaresnapdragon_865_5g_mobile_platform_firmwareqca6436_firmwarewcn3980_firmwarefastconnect_6900qcs410_firmwaresa8155p_firmwarevideo_collaboration_vc3_platformsd865_5g_firmwaresa8155psnapdragon_w5\+_gen_1_wearable_platformsa8150p_firmwareqca6391_firmwarewsa8830_firmwarewcd9380sa8195p_firmwareSnapdragon
CWE ID-CWE-416
Use After Free
CVE-2024-47899
Matching Score-4
Assigner-Imagination Technologies
ShareView Details
Matching Score-4
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.32%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 03:17
Updated-18 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - PVRSRVDeviceServicesOpen use-after-free condition

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-416
Use After Free
CVE-2025-47358
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.28%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 15:20
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Secure Processor

Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-x2000077wcd9378cqcc2072wsa8845wsa8845hx2000077_firmwarefastconnect_6900_firmwarewsa8845_firmwarex2000094x2000090_firmwarewsa8840_firmwarefastconnect_6900sc8380xpwcd9378c_firmwarewcd9385xg101032wcd9380fastconnect_7800wsa8835x2000090wcd9380_firmwaresc8380xp_firmwarewsa8840x2000086_firmwarewsa8830wsa8835_firmwarewcd9385_firmwarexg101032_firmwarewsa8830_firmwaresnapdragon_8cx_gen_3_compute_platform_firmwarex2000092xg101002qcc2072_firmwarex2000092_firmwaresnapdragon_8cx_gen_3_compute_platformx2000086fastconnect_7800_firmwarex2000094_firmwarexg101039xg101002_firmwarewsa8845h_firmwarexg101039_firmwareSnapdragon
CWE ID-CWE-416
Use After Free
CVE-2025-47398
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.28%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 15:20
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Graphics

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm5430sxr2350p_firmwaresm7675sxr2230psnapdragon_8_gen_3_mobilewsa8845qcm6490_firmwaresm8750pqcn9011_firmwarewcn3980sm6650p_firmwareqcm6125qca6797aqwcd9375fastconnect_7800ssg2115psxr1230pssg2115p_firmwarecsra6620_firmwareqcm2290lemansau_firmwareqca6698aqqcm4325sd662wsa8815_firmwarewcd9390ar8031_firmwareqcs4490qca6595ausnapdragon_7\+_gen_2_mobile_firmwareqam8295p_firmwarewcn7880qcm6490qcn9011wsa8810_firmwareqcn9012_firmwarewcn3988_firmwareiq-8300qca6574asxr2350pqcm4325_firmwareqcm4490sm8475p_firmwarefastconnect_6900_firmwaresa7255pvideo_collaboration_vc3_firmwarefastconnect_6900qca6698au_firmwaresm7435_firmwaresnapdragon_6_gen_3_mobile_firmwaresa8155psnapdragon_680_4g_mobile_firmwaresm7675p_firmwaresm8750p_firmwarenetrani_firmwareqcm5430_firmwaresar2130p_firmwaresnapdragon_6_gen_1_mobile_firmwaresm7550p_firmwarecsra6640qamsrv1h_firmwaresm7550_firmwareiq-615_firmwareqmp1000_firmwaresnapdragon_8_eliteorneqcm2290_firmwareqca6688aqnetranisrv1mqcs2290_firmwaresnapdragon_662_mobilesnapdragon_8_gen_1_mobile_firmwarewcn7861g2_gen_1iq-9100wcn3988qca6797aq_firmwaresnapdragon_4_gen_2_mobile_firmwaresda660sa7775p_firmwaresnapdragon_685_4g_mobilewsa8840_firmwareqamsrv1mwcn3990_firmwareqca6678aq_firmwareqca6391_firmwaresnapdragon_8_gen1_5gqca6696_firmwareg1_gen_1_firmwaresw5100p_firmwaresxr2330pwcd9385iq-9075_firmwarelemans_au_lgitqca6574snapdragon_w5\+_gen_1_wearablewcn3910_firmwarewcn6755snapdragon_680_4g_mobilevideo_collaboration_vc5snapdragon_685_4g_mobile_firmwaresnapdragon_8_gen_1_mobilewcn6650_firmwaresm7550qcs410_firmwaresnapdragon_7s_gen_3_mobileqca6574a_firmwaresnapdragon_7_gen_1_mobile_firmwareqca6595_firmwareg1_gen_1wcd9370smart_audio_400_firmwarewcn7881qcs8550_firmwaresm7435snapdragon_8_gen_3_mobile_firmwareqcs4290_firmwaresar2130pwcn3990sd662_firmwaresm8550p_firmwaresnapdragon_662_mobile_firmwarepalawan25_firmwaresw5100_firmwaresw5100psnapdragon_460_mobileqca6678aqsnapdragon_8_elite_firmwareqca6688aq_firmwaresm8650qwsa8835wcd9375_firmwarewsa8840wcd9378sa8770pfastconnect_6700_firmwaresa8195probotics_rb5sa8155p_firmwaresnapdragon_8\+_gen_1_mobile_firmwaresnapdragon_4_gen_1_mobilesxr2230p_firmwarewcd9371sa6155psmart_audio_400qcm4490_firmwaresm7675_firmwarewcd9335_firmwaresa8620psm8635_firmwaremonaco_iot_firmwaresa8255psnapdragon_480\+_5g_mobile_firmwareqca8695au_firmwaresnapdragon_4_gen_1_mobile_firmwareiq-8275_firmwaresnapdragon_8_gen1_5g_firmwarecsra6640_firmwaresnapdragon_ar1_gen_1qcs8550wsa8832sa7775psa8295psnapdragon_480_5g_mobile_firmwarewcn3980_firmwareqrb5165n_firmwaresxr2250pwcd9371_firmwaresm7635p_firmwaremilossm7635pqcs4290sa8195p_firmwareqca6595wsa8830robotics_rb2_firmwarewcd9385_firmwarewsa8835_firmwareqamsrv1hsm6225p_firmwaresnapdragon_695_5g_mobilevideo_collaboration_vc5_firmwarewcn6650snapdragon_8\+_gen_1_mobilemonaco_iotsm8635snapdragon_7_gen_1_mobilewsa8845h_firmwarewcn3950_firmwaresrv1hvideo_collaboration_vc1_firmwaresm7675pwsa8845hlemansausa6155p_firmwareqam8295pqca6698aq_firmwarewcn3910sw5100sa7255p_firmwarewcd9370_firmwaresxr2330p_firmwaresm7550pqcm6125_firmwarewsa8832_firmwareqca6595au_firmwaresnapdragon_8\+_gen_2_mobile_firmwareflight_rb5_5g_firmwareqamsrv1m_firmwarewcd9390_firmwaresnapdragon_8_gen_2_mobile_firmwareqcs2290g2_gen_1_firmwaresm8650q_firmwaresnapdragon_660_mobile_firmwareqam8255p_firmwareorne_firmwarewcn7860_firmwarewsa8815wcn7860fastconnect_6200_firmwaresm8550pqrb5165nsxr1230p_firmwarecsra6620wcd9335wcn3950qmp1000lemans_au_lgit_firmwareflight_rb5_5gsm8475pwcd9395iq-9075fastconnect_6200snapdragon_8_gen_2_mobileqcn9012video_collaboration_vc3snapdragon_ar1_gen_1_firmwarewsa8845_firmwaresm6225psa8770p_firmwareqca2066sm8635psnapdragon_4_gen_2_mobilesm8635p_firmwarewcd9378_firmwaresa9000pwcn7861_firmwaresnapdragon_7s_gen_3_mobile_firmwaresa8255p_firmwaresnapdragon_6_gen_3_mobilerobotics_rb2qcs410snapdragon_8\+_gen_2_mobilessg2125pwcn7881_firmwaresrv1m_firmwareqcs4490_firmwarepalawan25qca6698ausnapdragon_480\+_5g_mobilesnapdragon_695_5g_mobile_firmwarewcn6755_firmwarewcn7880_firmwareiq-8275qca6574ausxr2250p_firmwaresa9000p_firmwareqam8255pwcd9341_firmwarefastconnect_6700iq-8300_firmwareqca6391srv1h_firmwareqca2066_firmwaresm6650psa8620p_firmwareqca6574au_firmwaresnapdragon_6_gen_4_mobile_firmwarewcd9341snapdragon_460_mobile_firmwaremilos_firmwarewcd9380iq-9100_firmwaresnapdragon_w5\+_gen_1_wearable_firmwarewcd9380_firmwarevideo_collaboration_vc1sa8295p_firmwaresnapdragon_660_mobilesda660_firmwarewsa8830_firmwareqca8695ausnapdragon_480_5g_mobilewcd9395_firmwarefastconnect_7800_firmwareqca6696snapdragon_6_gen_1_mobilesnapdragon_6_gen_4_mobilesnapdragon_7\+_gen_2_mobilewsa8810ar8031ssg2125p_firmwareqca6574_firmwarerobotics_rb5_firmwareiq-615Snapdragon
CWE ID-CWE-416
Use After Free
CVE-2025-20780
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.38%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:46
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184061; Issue ID: MSV-4712.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt6833mt6886mt6765mt8795tandroidmt6879mt6989mt6991mt6893mt6895mt6835mt6897mt6985mt6899mt8678mt8196mt6877mt8768mt6983mt8792mt8793mt8667mt6878mt6768mt8796mt8798mt6789mt6739mt8676mt8771mt6761mt6855mt8766mt6853mt6889mt8186mt8188mt6883mt8765mt8791tmt8873mt6885mt8673mt8883mt6781mt8781MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8188, MT8196, MT8667, MT8673, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8791T, MT8792, MT8793, MT8795T, MT8796, MT8798, MT8873, MT8883
CWE ID-CWE-416
Use After Free
CVE-2025-47315
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.29%
||
7 Day CHG~0.00%
Published-24 Sep, 2025 | 15:33
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Automotive Software platform based on QNX

Memory corruption while handling repeated memory unmap requests from guest VM.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6698aqsrv1h_firmwaresa8540p_firmwaresa8650p_firmwaresa8255pqamsrv1m_firmwareqca6574ausa8775p_firmwaresrv1m_firmwareqam8620p_firmwaresa8770p_firmwareqamsrv1h_firmwareqam8255p_firmwaresa8295pqca6696_firmwareqca6797aq_firmwareqam8775p_firmwaresa8255p_firmwareqam8255pqam8775pqam8295p_firmwaresa7255p_firmwaresa7775psrv1msa8540psa8770pqca6688aq_firmwareqca6595_firmwareqam8295pqca6595ausa9000psa8620p_firmwaresa8650pqca6797aqqamsrv1mqca6696qam8620psa8295p_firmwaresrv1l_firmwaresrv1hqca6688aqqca6595au_firmwareqca6574au_firmwareqam8650p_firmwaresa9000p_firmwaresa7775p_firmwaresrv1lqca6595qam8650psa7255psa8620pqca6698aq_firmwaresa8775pqamsrv1hSnapdragon
CWE ID-CWE-416
Use After Free
CVE-2024-47892
Matching Score-4
Assigner-Imagination Technologies
ShareView Details
Matching Score-4
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.55%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 17:35
Updated-16 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - UAF of kernel memory in PMRUnlockPhysAddressesOSMem for on-demand non-4KB PMRs in system memory (UMA)

Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-47339
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.72%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 22:48
Updated-27 Jan, 2026 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in HLOS

Memory corruption while deinitializing a HDCP session.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9375_firmwareqam8295p_firmwarewcn3988_firmwareqcm5430ipq8070_firmwareqca9889sa7255p_firmwareimmersive_home_214_platformqca6595au_firmwareqam8255pwcn7860_firmwarewcn7861qca6574au_firmwaresm7635pqcn6132_firmwaresc8380xpsa8650p_firmwaresrv1lipq4018_firmwareqam8775p_firmwareqca9980snapdragon_auto_5g_modem-rf_gen_2_firmwareqca6174aipq8068_firmwareqca6428ipq6010_firmwaresa6155p_firmwarewsa8845_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_x72_5g_modem-rf_system_firmwareqamsrv1mqca9994_firmwaresnapdragon_ar1_gen_1_platform_\"luna1\"_firmwaresm8635pimmersive_home_318_platform_firmwaresm8635_firmwareipq8074ipq8071_firmwareqca6574awcn7881_firmwareqca9990sa9000psa8195p_firmwareqca9984_firmwareqca9898qca6174a_firmwareqca6595ausa8155p_firmwaresm6650psnapdragon_x35_5g_modem-rf_systemsm8750p_firmwaresa6145p_firmwarewcn7860qcs5430sxr2330pipq6000_firmwareqcn9100_firmwareqca8075_firmwaresa8295p_firmwareqcs9100snapdragon_6_gen_1_mobile_platformwcn7881qcn9070qca6584auqcs9100_firmwaresm6650p_firmwareqfw7124_firmwareqcn5052qca9984qfw7114_firmwareqca9980_firmwaresa6150p_firmwarewsa8810qca6574auqca6574a_firmwarewsa8845hqcn5152_firmwareipq4028qca8337_firmwareqcn5122_firmwareqcn9000_firmwarewcn3950immersive_home_316_platformipq8078asm7635p_firmwareimmersive_home_316_platform_firmwarefastconnect_6700_firmwarefastconnect_6900_firmwareqca9985qcm6490_firmwaresdx55_firmwareqca6678aq_firmwaresm7435_firmwarewcd9340_firmwaresrv1hwcn6650_firmwareqcn9274srv1l_firmwareqca9886_firmwaresa8155psm8750pipq8076aqep8111_firmwaresm7675_firmwarewcd9370qcc710_firmwareqca9888_firmwareqcn6224qcn5024csr8811_firmwaresa8145p_firmwareqca9985_firmwareqcn5052_firmwarecsr8811ipq4029_firmwaresa8540p_firmwareipq8078_firmwaresa8150pqca7500qca9986qcn6112_firmwarewsa8840sa7255pipq8074_firmwaresm7435ipq8071a_firmwarear8035snapdragon_6_gen_1_mobile_platform_firmwarewsa8830qca9886qmp1000sa6145pqcn6023_firmwareipq8174_firmwareipq5028snapdragon_auto_5g_modem-rf_gen_2sa8770p_firmwaresm6475ipq5010qcs6490qcn9024_firmwareqca6678aqsnapdragon_x35_5g_modem-rf_system_firmwaresa9000p_firmwareqmp1000_firmwareqca6438wsa8815_firmwarewsa8835qca9888ipq4019_firmwaresa8620pqca9986_firmwareqca6696qcn6122qca9898_firmwarewcd9380_firmwarewcn3988qca6428_firmwareqcn9022qcn9100video_collaboration_vc3_platformwsa8815qcs6490_firmwarear9380_firmwaresa8145pqcn5154_firmwaresa8195pipq8074aipq8078sa8620p_firmwaresm6475_firmwareqca9990_firmwaresnapdragon_x32_5g_modem-rf_systemqam8620p_firmwaresm4635wcd9378qcn5024_firmwareqcn5124_firmwaresxr2350p_firmwaresa8770pqcn9072qcn6023qcn6274_firmwarewcn7861_firmwareqca8075qcn9072_firmwareqca9889_firmwaresm8735_firmwaresm8650q_firmwareipq8064qam8620pqcn5152snapdragon_8_gen_3_mobile_platformwcd9375ipq6028qca6574snapdragon_4_gen_2_mobile_platform_firmwareipq4029qca9880_firmwaresm8635p_firmwareqca8081sm6650_firmwarewcn7880ipq8072aipq8071ipq8173qcn9274_firmwareqcn9074_firmwareimmersive_home_216_platformqca9994ipq4028_firmwareipq8070a_firmwareipq8078a_firmwareqamsrv1h_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewcn7750ipq8074a_firmwarewcd9395_firmwareipq8072_firmwaresm8750sm4635_firmwareqcn9022_firmwareqam8255p_firmwareqca9992wsa8810_firmwaresa8150p_firmwareqca8081_firmwaresrv1h_firmwareqca4024ipq5010_firmwareqca6696_firmwareqca6584au_firmwaresdx55qfw7114ipq8076_firmwaresnapdragon_ar1_gen_1_platform_firmwaresa7775pqca6698aq_firmwarewsa8835_firmwareqca9880qcm5430_firmwareipq8072ipq8065_firmwareqcn5022_firmwareqca6797aq_firmwareqcn6122_firmwaresa8775pipq5028_firmwareqcn6024ipq8076a_firmwaresxr2330p_firmwareipq6010qcn9070_firmwaresrv1mfastconnect_6200_firmwareqam8650pqca6574_firmwareqam8650p_firmwarewcn6755_firmwareqcn5164_firmwareipq8071asnapdragon_x75_5g_modem-rf_systemqcn5122qca6438_firmwareipq8070aqam8775pipq8064_firmwareipq8068sm7635_firmwarewcn3950_firmwarewcn7750_firmwaresm6650ipq6018qcn5164sa8650pqcn6024_firmwareimmersive_home_216_platform_firmwaresrv1m_firmwarewcn6650qca6797aqfastconnect_6200sm8735sxr2350psm7635snapdragon_x75_5g_modem-rf_system_firmwareipq8070sm8635ipq4018qcn9000snapdragon_4_gen_2_mobile_platformfastconnect_6900qep8111qcn6274qca4024_firmwarewsa8832qcn5154sa8775p_firmwarewcn6755qcn6112ipq6018_firmwarewcd9390fastconnect_7800qcn5124wsa8832_firmwareqamsrv1hqca6698aqsa8255pipq8173_firmwaresm8750_firmwareipq6000sa6155psnapdragon_x32_5g_modem-rf_system_firmwareimmersive_home_214_platform_firmwareipq8072a_firmwareqcn9024qca6688aq_firmwaresa8540psm7675pwcd9385qcs5430_firmwareipq4019qca6688aqwcd9340fastconnect_7800_firmwaresnapdragon_ar1_gen_1_platformwsa8830_firmwareqamsrv1m_firmwarewsa8840_firmwarewcn7880_firmwarewcd9385_firmwareipq8076qca8337qfw7124qca9992_firmwareqam8295pqca6595qcn6224_firmwarear9380ipq8174qca6595_firmwaresnapdragon_x72_5g_modem-rf_systemsm7675qcm6490sm7675p_firmwarewcd9378_firmwareqcs615_firmwarewcd9370_firmwarear8035_firmwareipq8065wsa8845qcn6132qca7500_firmwareqcc710wsa8845h_firmwaresnapdragon_ar1_gen_1_platform_\"luna1\"sa6150pwcd9395qcs615qcn5022ipq6028_firmwareqcn9074sc8380xp_firmwarewcd9380sa7775p_firmwaresa8255p_firmwaresa8295pimmersive_home_318_platformfastconnect_6700wcd9390_firmwaresm8650qSnapdragon
CWE ID-CWE-416
Use After Free
CVE-2025-47327
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.29%
||
7 Day CHG~0.00%
Published-24 Sep, 2025 | 15:33
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Camera

Memory corruption while encoding the image data.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcs5430snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\)_firmwarewcd9340_firmwareqca6430_firmwarefastconnect_6900snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\)_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_8c_compute_platform_\(sc8180x-ad\)wcd9370_firmwarevideo_collaboration_vc3_platformwsa8830_firmwareqcs5430_firmwarefastconnect_7800snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-ab\)wcd9380_firmwarewsa8845hwsa8830aqt1000wcd9375_firmwarewsa8840_firmwarefastconnect_6700qca6391wcd9340wsa8840qca6391_firmwaresnapdragon_8c_compute_platform_\(sc8180xp-ad\)qcm5430_firmwarewcd9370snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\)_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-af\)_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-ac\)_firmwarewsa8845h_firmwarefastconnect_6200fastconnect_6800qca6430aqt1000_firmwaresnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\)wsa8810_firmwareqcm6490snapdragon_8cx_compute_platform_\(sc8180x-aa\)_firmwareqca6420snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-ab\)_firmwarefastconnect_6700_firmwarewcd9380wcd9341snapdragon_8cx_compute_platform_\(sc8180x-ab\)snapdragon_7c\+_gen_3_compute_firmwaresnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)_firmwaresc8380xp_firmwarewsa8815snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)video_collaboration_vc3_platform_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-ac\)snapdragon_8cx_compute_platform_\(sc8180xp-af\)wcd9341_firmwarewcd9385_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\)wsa8835snapdragon_8cx_compute_platform_\(sc8180x-ab\)_firmwarewcd9385wcd9375snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)_firmwarewsa8845_firmwaresnapdragon_8cx_compute_platform_\(sc8180x-aa\)wsa8835_firmwarefastconnect_6200_firmwareqcm5430qcm6490_firmwarewsa8815_firmwaresnapdragon_8c_compute_platform_\(sc8180xp-ad\)_firmwareqcs6490_firmwarefastconnect_6900_firmwarefastconnect_6800_firmwaresnapdragon_8c_compute_platform_\(sc8180x-ad\)_firmwareqcs6490wsa8810snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\)fastconnect_7800_firmwaresc8380xpwsa8845qca6420_firmwareSnapdragon
CWE ID-CWE-416
Use After Free
CVE-2025-47322
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.87%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 05:29
Updated-28 Jan, 2026 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Automotive Linux OS

Memory corruption while handling IOCTL calls to set mode.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qrb5165n_firmwareqca6696_firmwareqca8081_firmwareqca6797aq_firmwaresa8775pwsa8832wcn3910wcd9340sa6155psnapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmwaresmart_audio_400_platform_firmwarewcd9390robotics_rb5_platform_firmwarefastconnect_6900_firmwareqca6174a_firmwarewcn3950qcc710_firmwarewcd9385qcn9011snapdragon_x32_5g_modem-rf_system_firmwareqcn6224_firmwaresa8620psm8550p_firmwarewcn3980_firmwarear8031_firmwarewcd9378_firmwarewsa8835_firmwarewsa8845sa9000p_firmwareqfw7124csra6620qca6678aqsa8295p_firmwaresg4150p_firmwarewcd9378snapdragon_auto_5g_modem-rf_gen_2flight_rb5_5g_platform_firmwareqfw7114snapdragon_680_4g_mobile_platform_firmwaresnapdragon_w5\+_gen_1_wearable_platformsw5100p_firmwaresa7775psrv1mqdx1011snapdragon_662_mobile_platform_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwarewsa8845h_firmwareqca6574_firmwareqcm6125_firmwareqamsrv1mqca6584au_firmwareqca6595au_firmwareqca6688aq_firmwaresa8650p_firmwarewcd9335_firmwaresmart_audio_400_platformcsra6620_firmwarewcd9380_firmwareqdx1010sg8275_firmwareflight_rb5_5g_platformqca2066_firmwaresnapdragon_680_4g_mobile_platformsa8650pqca6696wcd9395csra6640sa7775p_firmwaresnapdragon_x75_5g_modem-rf_systemqcs8250wsa8832_firmwaresnapdragon_8\+_gen_2_mobile_platformsnapdragon_685_4g_mobile_platform_\(sm6225-ad\)snapdragon_x72_5g_modem-rf_system_firmwarerobotics_rb5_platformwcd9375_firmwareqam8295psrv1m_firmwarewcd9390_firmwaresnapdragon_x35_5g_modem-rf_systemqca2066snapdragon_8_gen_2_mobile_platformvideo_collaboration_vc5_platform_firmwarefastconnect_7800qca8337snapdragon_x72_5g_modem-rf_systemsa8770p_firmwareqcs8250_firmwarewsa8810_firmwareqam8255p_firmwarear8035_firmwarewcd9340_firmwareqcn9011_firmwaresg8275p_firmwarewcd9370_firmwaresa8770pvideo_collaboration_vc5_platformcsra6640_firmwarefastconnect_7800_firmwareqca6574a_firmwareqcm2290_firmwareqam8775pwcd9335qcs2290qam8775p_firmwarevideo_collaboration_vc1_platform_firmwareqcn9012qca6174aqrb5165nsnapdragon_x75_5g_modem-rf_system_firmwareqca6698aqqdx1011_firmwareqcs7230qfw7114_firmwarewcd9380qca6391_firmwaresnapdragon_460_mobile_platform_firmwarewcd9395_firmwaresm8550pqdu1010sa8295pqamsrv1hsa6155p_firmwaresm7550p_firmwaresa8255p_firmwaresnapdragon_460_mobile_platformsnapdragon_8_gen_2_mobile_platform_firmwareqcs6125_firmwareqcn9012_firmwareqcs6125sg8275pqca6698aq_firmwareqamsrv1m_firmwarewcd9370wsa8830_firmwarewcn3988sm7550pwsa8815_firmwarewsa8830qam8295p_firmwareqfw7124_firmwareqcs2290_firmwareqcs8550_firmwareqam8650pwcd9371_firmwarewsa8845hqcs7230_firmwarewcn6650_firmwaresa8155p_firmwareqamsrv1h_firmwaresm7550sa8255pqca6595qca6574au_firmwareqep8111_firmwareqdu1010_firmwaresw5100_firmwarewcd9385_firmwarewcn6650qcn6224qca6595_firmwareqep8111qca6574auwcn6755_firmwarewcn6755sa9000pqdx1010_firmwareqca6595auqcm8550snapdragon_x35_5g_modem-rf_system_firmwarewsa8815qca8081qca6797aqqcm2290srv1hsa8195p_firmwaresg8275srv1h_firmwaresm7550_firmwareqcm8550_firmwareqcn6274video_collaboration_vc1_platformsw5100qca6574aqcc710snapdragon_8\+_gen_2_mobile_platform_firmwaresa8195psnapdragon_x32_5g_modem-rf_systemsg4150pqcn6274_firmwareqcm6125wsa8835qcs8550sa8775p_firmwarewcn3980qca6678aq_firmwarewcd9375ar8035sa7255p_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwarewcn3910_firmwarewcn3950_firmwaresa7255pqca6574wsa8840wsa8840_firmwareqam8255psnapdragon_662_mobile_platformwsa8845_firmwarefastconnect_6900sa8155psa8620p_firmwarear8031qca8337_firmwarewcn3988_firmwareqca6688aqqca6584auqca6391wsa8810wcd9371qam8650p_firmwaresw5100pSnapdragon
CWE ID-CWE-416
Use After Free
CVE-2025-47350
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.87%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 05:29
Updated-23 Dec, 2025 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in DSP Service

Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9378c_firmwarewcd9378cwsa8840_firmwarex2000090_firmwarewsa8840x2000077_firmwarex2000094_firmwarex2000092_firmwarex2000092wcd9385_firmwarewsa8845h_firmwarex2000090x2000086_firmwarexg101002_firmwarefastconnect_6900_firmwarexg101039qca0000qca0000_firmwarefastconnect_7800x2000086fastconnect_6900wsa8845_firmwaresc8380xpwsa8845sc8380xp_firmwarewcd9385wcd9380xg101039_firmwarewcd9380_firmwarex2000094xg101032x2000077fastconnect_7800_firmwarexg101032_firmwarewsa8845hxg101002Snapdragon
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47891
Matching Score-4
Assigner-Imagination Technologies
ShareView Details
Matching Score-4
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.19%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 03:11
Updated-18 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - Exploitable double free on PTL_STREAM_DESC object in the kernel function TLServerCloseStreamKM due to a race condition

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-416
Use After Free
CVE-2022-42332
Matching Score-4
Assigner-Xen Project
ShareView Details
Matching Score-4
Assigner-Xen Project
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.62%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 00:00
Updated-13 Feb, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tables as well as auxiliary data structures. To migrate or snapshot guests, Xen additionally runs them in so called log-dirty mode. The data structures needed by the log-dirty tracking are part of aformentioned auxiliary data. In order to keep error handling efforts within reasonable bounds, for operations which may require memory allocations shadow mode logic ensures up front that enough memory is available for the worst case requirements. Unfortunately, while page table memory is properly accounted for on the code path requiring the potential establishing of new shadows, demands by the log-dirty infrastructure were not taken into consideration. As a result, just established shadow page tables could be freed again immediately, while other code is still accessing them on the assumption that they would remain allocated.

Action-Not Available
Vendor-Debian GNU/LinuxXen ProjectFedora Project
Product-xendebian_linuxfedoraxen
CWE ID-CWE-416
Use After Free
CVE-2024-47898
Matching Score-4
Assigner-Imagination Technologies
ShareView Details
Matching Score-4
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.32%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 03:14
Updated-20 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - PVRSRVDeviceSyncOpen use-after-free condition

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-416
Use After Free
CVE-2025-15538
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 5.87%
||
7 Day CHG~0.00%
Published-18 Jan, 2026 | 23:02
Updated-23 Feb, 2026 | 08:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Asset Import Library Assimp LWOMaterial.cpp FindUVChannels use after free

A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128.

Action-Not Available
Vendor-assimpOpen Asset Import Library
Product-assimpAssimp
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-416
Use After Free
CVE-2024-48423
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.04% / 13.76%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 00:00
Updated-05 Nov, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.

Action-Not Available
Vendor-assimpn/aassimp
Product-assimpn/aassimp
CWE ID-CWE-416
Use After Free
CVE-2022-39853
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 5.26%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.Samsung Electronics
Product-sm8150androidsm8250Samsung Mobile Devices
CWE ID-CWE-416
Use After Free
CVE-2023-43546
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.10% / 26.49%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 10:48
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Automotive Multimedia

Memory corruption while invoking HGSL IOCTL context create.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwareqca6678aq_firmwareqcm8550_firmwareqcs410_firmwaresa6150p_firmwaresw5100pwsa8845_firmwaresnapdragon_480_5g_mobileqca6595qcs610_firmwarewcd9335srv1mqca6678aqqca8081_firmwarewcd9370snapdragon_x35_5g_modem-rfar8035_firmwareqca6696wsa8830_firmwarewcd9340_firmwareqrb5165mwcd9341_firmwaresa4150p_firmwarewcd9395_firmwareqcc710_firmwarefastconnect_6700qca6564auqcs6125_firmwaresnapdragon_685_4g_mobilesa4150pwsa8815_firmwaresa8195p_firmwareqca8337_firmwareqca8337qdu1110wcd9395sg8275p_firmwareqca6574au_firmwareqam8295pwcd9341qca6574auqru1032wcd9390wcn3950wsa8810_firmwarewsa8845h_firmwarecsra6640qcs6125flight_rb5_5gsa9000p_firmwaresrv1hqca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwarewsa8815sa8295p_firmwaresmart_audio_400_firmwaresa4155p_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psa8770pqcm6125_firmwareqca6584auqcn6274_firmwareqcn9011_firmwareqcc710qru1062_firmwaresw5100_firmwareqru1062qfw7114_firmwareqca6595_firmwareqcs7230fastconnect_7800_firmwarefastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwarevideo_collaboration_vc1_platformqru1032_firmwareqep8111sa7255pqfw7114wcd9385_firmwarefastconnect_6900_firmwareqam8255p_firmwarerobotics_rb5_firmwarewcd9380sa6145p_firmwareqam8255psa8150psnapdragon_680_4g_mobilewsa8845sa6155pqcm6125snapdragon_auto_5g_modem-rf_firmwareqca6564au_firmwarewsa8810qam8650pqdu1000_firmwarevideo_collaboration_vc5_platform_firmwaresa9000psrv1h_firmwaresw5100qca6595auvideo_collaboration_vc3_platformsnapdragon_4_gen_1_mobile_firmwareqdu1010sa6155p_firmwaresnapdragon_685_4g_mobile_firmwarewsa8840qam8295p_firmwaresrv1m_firmwareqcs8550_firmwaresnapdragon_x35_5g_modem-rf_firmwareqdu1210_firmwaresnapdragon_8_gen_2_mobile_firmwareqfw7124_firmwareqca6564a_firmwareqca6698aq_firmwarewcd9385qcn9012snapdragon_695_5g_mobile_firmwaresnapdragon_680_4g_mobile_firmwaresa8255pqcs7230_firmwarewcd9390_firmwaresnapdragon_8_gen_2_mobileqep8111_firmwaresg8275pwcd9370_firmwareqdx1011_firmwaresnapdragon_auto_5g_modem-rfqdu1110_firmwareflight_rb5_5g_firmwareqdu1000sa7255p_firmwareqca6574asnapdragon_8\+_gen_2_mobileqru1052qca6174asa8195pwcd9340csra6640_firmwareqcs8250_firmwareqdu1210qamsrv1mrobotics_rb5snapdragon_480\+_5g_mobile_firmwareqca6174a_firmwaresnapdragon_auto_5g_modem-rf_gen_2qam8650p_firmwarevideo_collaboration_vc5_platformsm8550p_firmwareqcm8550wcn3988qcs6490_firmwareqca6584au_firmwarewcd9335_firmwareqcn6274qca6574qfw7124qrb5165n_firmwaresa8775pqca6595au_firmwareqca6391_firmwaresnapdragon_w5\+_gen_1_wearablewsa8835wsa8840_firmwareqdu1010_firmwaresw5100p_firmwareqcn9011sa8775p_firmwareqamsrv1hqca6696_firmwaresmart_audio_400wsa8845hwcd9380_firmwaresa6150pqca6574_firmwareqcs410sa8155p_firmwarecsra6620qca6564aqca8081mdm9628sa8155psg4150pqam8775pqca6797aqmdm9628_firmwaresm8550pwcn3980_firmwaresa6145psnapdragon_x75_5g_modem-rfwsa8830qcm4325_firmwaresa8255p_firmwarear8035qca6574a_firmwareqamsrv1m_firmwaresnapdragon_4_gen_1_mobileqrb5165m_firmwaresa8650p_firmwareqcm4325wcd9375_firmwareqca6391qcn6224qcn9012_firmwareqca6698aqsg4150p_firmwarewcn3950_firmwareqru1052_firmwareqrb5165ncsra6620_firmwaresa8295psa8770p_firmwareqcs8550snapdragon_480\+_5g_mobilefastconnect_6200fastconnect_7800sa8145p_firmwaresa8650pqam8775p_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_8\+_gen_2_mobile_firmwareqdx1011wcd9375sa8150p_firmwarewcn3988_firmwarefastconnect_6700_firmwareqamsrv1h_firmwarevideo_collaboration_vc3_platform_firmwaresa8145psnapdragon_x75_5g_modem-rf_firmwarewsa8835_firmwareqcs6490qcs8250snapdragon_695_5g_mobilewcn3980fastconnect_6200_firmwareqdx1010qcn6224_firmwareqcs610Snapdragonqca6574a_firmwaresnapdragon_4_gen_1_mobile_platform_firmwareqca6564au_firmwarewcn3980_firmwarequalcomm_video_collaboration_vc1_platform_firmwaremdm9628_firmwareqcm6125_firmwareqep8111_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareflight_rb5_5g_platform_firmwareqca6696_firmwaresa8150p_firmwaresa8775p_firmwareqcs7230_firmwaresrv1h_firmwarewsa8835_firmwareqca8337_firmwaresa8255p_firmwarewcn3988_firmwarequalcomm_video_collaboration_vc5_platform_firmwarefastconnect_6700_firmwareqca6595au_firmwarewcd9390_firmwareqamsrv1h_firmwaresm8550p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqcs6490_firmwaresa8155p_firmwarefastconnect_6200_firmwaresa4155p_firmwarewcd9395_firmwaresa6145p_firmwareqcn6224_firmwareqdu1010_firmwaresa8295p_firmwaresa4150p_firmwaresg4150p_firmwaresa6150p_firmwareqca6174a_firmwarewcd9375_firmwareqfw7124_firmwareqca6391_firmwareqca6698aq_firmwareqca8081_firmwaresnapdragon_680_4g_mobile_platform_firmwarefastconnect_6900_firmwareqdu1000_firmwaresa8770p_firmwarewcd9385_firmwarewcd9370_firmwarewsa8840_firmwarewcd9380_firmwareqca6584au_firmwareqam8775p_firmwarewsa8810_firmwarefastconnect_7800_firmwarecsra6640_firmwaresw5100p_firmwarewcd9341_firmwarewsa8845h_firmwareqcm4325_firmwareqfw7114_firmwarewsa8830_firmwareqcm8550_firmwareqdu1110_firmwareqam8295p_firmwarecsra6620_firmwareqca6574_firmwarewcd9335_firmwaresg8275p_firmwareqamsrv1m_firmwareqca6595_firmwareqcn6274_firmwaresa7255p_firmwaresa8145p_firmwareqam8650p_firmwareqcn9011_firmwareqru1052_firmwarequalcomm_video_collaboration_vc3_platform_firmwarerobotics_rb5_platform_firmwarewcn3950_firmwareqdu1210_firmwaresnapdragon_480_5g_mobile_platform_firmwareqdx1010_firmwareqcs610_firmwareqca6564a_firmwaresrv1m_firmwareqru1062_firmwarewsa8815_firmwareqrb5165n_firmwareqca6797aq_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresa8195p_firmwareqcn9012_firmwareqdx1011_firmwaresw5100_firmwareqrb5165m_firmwaresa9000p_firmwarewcd9340_firmwarear8035_firmwaresnapdragon_695_5g_mobile_platform_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewsa8845_firmwareqcs6125_firmwareqcc710_firmwaresmart_audio_400_platform_firmwareqru1032_firmwareqca6574au_firmwaresnapdragon_auto_5g_modem-rf_firmwareqcs410_firmwareqam8255p_firmwaresa6155p_firmwaresa8650p_firmwareqcs8250_firmwareqca6678aq_firmwareqcs8550_firmware
CWE ID-CWE-416
Use After Free
CVE-2025-33217
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.37%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 17:46
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-RTX PRO, RTX, QuadroGeForceTesla
CWE ID-CWE-416
Use After Free
CVE-2025-32332
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.39%
||
7 Day CHG~0.00%
Published-04 Sep, 2025 | 18:33
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2025-32701
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.54% / 81.18%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:58
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-06-03||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_server_2012windows_server_2008windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_server_2016Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows
CWE ID-CWE-416
Use After Free
CVE-2024-46971
Matching Score-4
Assigner-Imagination Technologies
ShareView Details
Matching Score-4
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.62%
||
7 Day CHG+0.03%
Published-13 Dec, 2024 | 17:32
Updated-16 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - UAF of memory in PMRUnlockSysPhysAddressesLocalMem for on-demand PMRs on PCI (LMA) systems

Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-32712
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.67%
||
7 Day CHG+0.03%
Published-10 Jun, 2025 | 17:02
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2008windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-416
Use After Free
CVE-2025-33220
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.37%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 17:48
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-RTX PRO, RTX, QuadroGeForceVirtual GPU ManagerTesla
CWE ID-CWE-416
Use After Free
CVE-2024-4610
Matching Score-4
Assigner-Arm Limited
ShareView Details
Matching Score-4
Assigner-Arm Limited
CVSS Score-7.4||HIGH
EPSS-0.76% / 73.14%
||
7 Day CHG~0.00%
Published-07 Jun, 2024 | 11:25
Updated-23 Oct, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-07-03||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Mali GPU Kernel Driver allows improper GPU memory processing operations

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.

Action-Not Available
Vendor-Arm Limited
Product-valhall_gpu_kernel_driverbifrost_gpu_kernel_driverBifrost GPU Kernel DriverValhall GPU Kernel Drivervalhall_gpu_kernel_driverbifrost_gpu_kernel_driverMali GPU Kernel Driver
CWE ID-CWE-416
Use After Free
CVE-2018-11816
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.12%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 13:56
Updated-06 Feb, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Video

Crafted Binder Request Causes Heap UAF in MediaServer

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-apq8076_firmwarear6003_firmwaresd835sd835_firmwareapq8056_firmwareapq8056sd820apq8039_firmwareaqt1000sd820_firmwareapq8052_firmwareapq8017_firmwareaqt1000_firmwaresd670ar6003apq8016_firmwaresd660_firmwaresd821apq8052apq8016apq8039sd821_firmwaresd660apq8017apq80769206_lte_modem_firmwaresd670_firmware9206_lte_modemSnapdragon9206_lte_modem_firmwareaqt1000_firmwarear6003_firmwaresd835_firmwaresd670_firmwaresd821_firmwareapq8076_firmwareapq8017_firmwaresd660_firmwareapq8052_firmwaresd820_firmwareapq8056_firmwareapq8016_firmwareapq8039_firmware
CWE ID-CWE-416
Use After Free
CVE-2025-30385
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.47%
||
7 Day CHG+0.02%
Published-13 May, 2025 | 16:59
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_10_22h2windows_11_23h2windows_11_22h2windows_10_1607windows_server_2019windows_server_2022_23h2windows_server_2025windows_11_24h2windows_server_2008windows_10_1809windows_server_2022windows_10_21h2Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-416
Use After Free
CVE-2025-30400
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.83% / 74.36%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:58
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-06-03||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Microsoft DWM Core Library Elevation of Privilege Vulnerability

Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows
CWE ID-CWE-416
Use After Free
CVE-2025-30232
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.03% / 7.20%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 00:00
Updated-30 Sep, 2025 | 21:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.

Action-Not Available
Vendor-Exim
Product-eximExim
CWE ID-CWE-416
Use After Free
CVE-2025-29824
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.58% / 68.61%
||
7 Day CHG+0.11%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-04-29||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_server_2012windows_server_2008windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_server_2016Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows
CWE ID-CWE-416
Use After Free
CVE-2025-27050
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.47%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 12:49
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Camera

Memory corruption while processing event close when client process terminates abruptly.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8845_firmwarewsa8840wcd9370sc8180xp-aaab_firmwarewcd9340_firmwarewcd9385sc8380xpwcd9341_firmwaresnapdragon_7c\+_gen_3_compute_firmwarefastconnect_6700qca6420sc8180xp-adsc8280xp-abbbqca6430wsa8815_firmwarewcd9370_firmwaresc8180xp-ad_firmwareqcm6490_firmwaresc8180xp-aaabwcd9340wcd9341qcm6490wsa8810_firmwarewsa8845h_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresc8180xp-acafsnapdragon_7c\+_gen_3_computewsa8835wsa8840_firmwareqca6391_firmwareqca6430_firmwarefastconnect_6800_firmwareqcs5430wsa8845hwcd9380_firmwareqcm5430sm6250_firmwaresc8180x-ad_firmwareqcm5430_firmwaresc8180x-acafwsa8815wsa8830sc8180x\+sdx55_firmwaresc8380xp_firmwarefastconnect_6800wcd9375_firmwarefastconnect_7800_firmwarefastconnect_6900qca6391qcs5430_firmwaresc8180x\+sdx55wcd9385_firmwaresm6250fastconnect_6900_firmwarewcd9380sc7180-acfastconnect_6200sc8280xp-abbb_firmwarefastconnect_7800sc8180x-acaf_firmwaresc7180-adsc7180-ad_firmwarewcd9375wsa8845fastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwaresc8180x-adwsa8835_firmwaresc8180x-aaabwsa8810sc8180x-aaab_firmwareqcs6490sc7180-ac_firmwaresc8180xp-acaf_firmwarefastconnect_6200_firmwarewsa8830_firmwarevideo_collaboration_vc3_platformaqt1000Snapdragon
CWE ID-CWE-416
Use After Free
CVE-2025-27063
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.87%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 05:28
Updated-28 Jan, 2026 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Video

Memory corruption during video playback when video session open fails with time out error.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9326_firmwareqrb5165n_firmwareqca6696_firmwarewsa8832snapdragon_4_gen_2_mobile_platform_firmwarewcn3910sa6155psnapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmwaresnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)_firmwaresa8150p_firmwaresnapdragon_888_5g_mobile_platformrobotics_rb5_platform_firmwarewcn3680b_firmwarefastconnect_6900_firmwaresnapdragon_888_5g_mobile_platform_firmwaressg2115pwcn3950snapdragon_480_5g_mobile_platform_firmwarewcd9385sxr1230p_firmwareqcn9011wsa8835_firmwarewcn3980_firmwaresnapdragon_7c\+_gen_3_computecsra6620sa8295p_firmwaresnapdragon_768g_5g_mobile_platform_\(sm7250-ac\)_firmwaresnapdragon_xr2_5g_platformqcm5430flight_rb5_5g_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)_firmwaresm7325psnapdragon_680_4g_mobile_platform_firmwaresa6150psa4155p_firmwaresnapdragon_w5\+_gen_1_wearable_platformsnapdragon_xr2_5g_platform_firmwaresw5100p_firmwaresnapdragon_662_mobile_platform_firmwaresnapdragon_4_gen_2_mobile_platformqca6574_firmwareqcm6125_firmwareqca6595au_firmwareqca6688aq_firmwareqcs610_firmwareqcm6490snapdragon_ar1_gen_1_platform_\"luna1\"wcd9335_firmwaresnapdragon_695_5g_mobile_platform_firmwaresa4155pcsra6620_firmwarewcd9380_firmwarerobotics_rb2_platform_firmwaressg2115p_firmwaresnapdragon_ar1_gen_1_platform_firmwareqcm5430_firmwareflight_rb5_5g_platformsnapdragon_778g_5g_mobile_platformwcn3615wcn6740snapdragon_680_4g_mobile_platformsnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)fastconnect_6800wcn6740_firmwaresnapdragon_ar2_gen_1_platform_firmwaresnapdragon_7c\+_gen_3_compute_firmwareqcm6490_firmwareqca6696csra6640snapdragon_480_5g_mobile_platformwcd9341_firmwareqcs8250wcn3680bwsa8832_firmwareqcs6490robotics_rb2_platformsnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_685_4g_mobile_platform_\(sm6225-ad\)wcd9375_firmwarerobotics_rb5_platformqam8295pfastconnect_6200_firmwarewcn3990sd660_firmwaresxr1230pvideo_collaboration_vc5_platform_firmwaresnapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_870_5g_mobile_platform_\(sm8250-ac\)fastconnect_7800wcn3615_firmwarewsa8810_firmwareqcs8250_firmwaresnapdragon_765_5g_mobile_platform_\(sm7250-aa\)snapdragon_690_5g_mobile_platform_firmwareqcn9011_firmwarewcd9370_firmwarevideo_collaboration_vc5_platformcsra6640_firmwarefastconnect_7800_firmwareqca6574a_firmwaresnapdragon_695_5g_mobile_platformsnapdragon_ar1_gen_1_platform_\"luna1\"_firmwaresxr2230pqcm2290_firmwarewcd9335video_collaboration_vc1_platform_firmwareqcs2290qcn9012snapdragon_x55_5g_modem-rf_system_firmwarevideo_collaboration_vc3_platformqrb5165nqca6698aqsa8150pqcs7230wcd9380wcd9326qcs410_firmwaresnapdragon_660_mobile_platform_firmwareqca6391_firmwaresnapdragon_460_mobile_platform_firmwaressg2125p_firmwaresnapdragon_765_5g_mobile_platform_\(sm7250-aa\)_firmwarefastconnect_6200sa8295psnapdragon_660_mobile_platformsa6155p_firmwaresd865_5gwcn3990_firmwaresnapdragon_460_mobile_platformqcs6125_firmwareqcs6490_firmwareqcn9012_firmwareqcs6125wcd9370qca6698aq_firmwaresnapdragon_xr2\+_gen_1_platformwsa8830_firmwaresnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)wcn3988wsa8815_firmwarewsa8830qualcomm_215_mobile_platform_firmwareqam8295p_firmwaresa8145p_firmwaresa4150p_firmwaresnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)qcs2290_firmwaresnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)snapdragon_ar1_gen_1_platformqcs7230_firmwaresa6145p_firmwaresa8155p_firmwaressg2125pqca6595wcd9341qcs410qca6574au_firmwareqcs610snapdragon_690_5g_mobile_platformsw5100_firmwarewcd9385_firmwarequalcomm_215_mobile_platformqca6595_firmwareqca6574auwcn3660bqca6595aufastconnect_6700wsa8815qcm2290fastconnect_6700_firmwaresa8195p_firmwaresd660snapdragon_782g_mobile_platform_\(sm7325-af\)_firmwarefastconnect_6800_firmwaresnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmwaresnapdragon_x55_5g_modem-rf_systemsnapdragon_782g_mobile_platform_\(sm7325-af\)video_collaboration_vc1_platformsm7250psw5100qca6574asxr2230p_firmwaresnapdragon_865_5g_mobile_platform_firmwaresa8195psnapdragon_768g_5g_mobile_platform_\(sm7250-ac\)wsa8835qcm6125sa6150p_firmwareqrb5165m_firmwarewcn3980video_collaboration_vc3_platform_firmwarewcd9375sa4150psnapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmwaresnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)_firmwaresnapdragon_765g_5g_mobile_platform_\(sm7250-ab\)snapdragon_w5\+_gen_1_wearable_platform_firmwarewcn3910_firmwarewcn3950_firmwareqca6574snapdragon_4_gen_1_mobile_platformwcn3660b_firmwaresa6145psnapdragon_662_mobile_platformfastconnect_6900qcs5430sa8155psnapdragon_765g_5g_mobile_platform_\(sm7250-ab\)_firmwarewcn3988_firmwaresm7250p_firmwareqcs5430_firmwaresm7325p_firmwareqca6688aqsnapdragon_865_5g_mobile_platformsnapdragon_ar2_gen_1_platformqca6391wsa8810sa8145pqrb5165msw5100psd865_5g_firmwareSnapdragon
CWE ID-CWE-416
Use After Free
CVE-2025-27476
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.69% / 71.62%
||
7 Day CHG-0.04%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Digital Media Elevation of Privilege Vulnerability

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_10_21h2windows_server_2019windows_10_22h2windows_server_2025windows_11_22h2windows_10_1809windows_server_2022_23h2windows_11_24h2Windows Server 2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 22H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2Windows Server 2019
CWE ID-CWE-416
Use After Free
CVE-2025-27056
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.47%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 12:49
Updated-21 Jul, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in DSP Service

Memory corruption during sub-system restart while processing clean-up to free up resources.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn7750_firmwaresw5100_firmwarewcn7860sxr2330p_firmwarewcn7880snapdragon_8_gen_3_mobilewsa8830_firmwaresw5100wsa8845wsa8832_firmwaresm8750p_firmwaresnapdragon_w5\+_gen_1_wearable_firmwarewcd9378_firmwarewcn7861wcd9380_firmwarefastconnect_7800_firmwarewcd9395snapdragon_8_gen_3_mobile_firmwarewcd9380sw5100psm8750psm8750sw5100p_firmwarewcd9378sxr2330pwsa8830wcn7881fastconnect_7800wsa8840_firmwarewsa8845hwsa8845_firmwarewcn7750wcd9390wsa8835sm8735_firmwarewcn7880_firmwarewcn7881_firmwarewsa8840wcd9390_firmwarewsa8835_firmwaresm8735snapdragon_w5\+_gen_1_wearablesm8750_firmwarewcd9395_firmwarewcn7861_firmwarewsa8832qmp1000wsa8845h_firmwareqmp1000_firmwarewcn7860_firmwareSnapdragon
CWE ID-CWE-416
Use After Free
CVE-2025-27031
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.72%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 05:53
Updated-20 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Bluetooth HOST

memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_6900_firmwarewsa8845_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcd9375qcs5430qcs5430_firmwarevideo_collaboration_vc3_platformwsa8835qcm5430_firmwarefastconnect_6700wsa8845wsa8840wsa8845h_firmwarefastconnect_7800fastconnect_7800_firmwaresnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)_firmwaresnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)wsa8830wsa8835_firmwarefastconnect_6900snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)_firmwarewcd9385wcd9385_firmwareqcm6490_firmwareqcm6490video_collaboration_vc3_platform_firmwarewsa8840_firmwaresc8380xpqcs6490wcd9370_firmwarewcd9370wsa8845hsc8380xp_firmwarefastconnect_6700_firmwareqcs6490_firmwaresnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)wcd9375_firmwarewcd9380_firmwareqcm5430wsa8830_firmwarewcd9380snapdragon_7c\+_gen_3_computeSnapdragon
CWE ID-CWE-416
Use After Free
CVE-2025-27730
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.69% / 71.62%
||
7 Day CHG-0.04%
Published-08 Apr, 2025 | 17:24
Updated-13 Feb, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Digital Media Elevation of Privilege Vulnerability

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_10_21h2windows_server_2019windows_10_22h2windows_server_2025windows_11_22h2windows_10_1809windows_server_2022_23h2windows_11_24h2Windows Server 2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 22H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2Windows Server 2019
CWE ID-CWE-415
Double Free
CWE ID-CWE-416
Use After Free
CVE-2025-27037
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.29%
||
7 Day CHG~0.00%
Published-24 Sep, 2025 | 15:33
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Camera Driver

Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3988_firmwaresw5100snapdragon_xr2_5g_platformfastconnect_6900wcn3680bqca6696_firmwaresnapdragon_x55_5g_modem-rf_systemqca6436wsa8830_firmwaresnapdragon_870_5g_mobile_platform_\(sm8250-ac\)qcn9074_firmwarefastconnect_7800sa8145pwcd9380_firmwaresa8155pwsa8830sa8195p_firmwaresd865_5g_firmwareqca6391qca6696sa8195psa8295p_firmwareqca6391_firmwaresnapdragon_xr2_5g_platform_firmwareqca6574au_firmwaresa8145p_firmwaresa6150p_firmwaresa6155p_firmwaresw5100pfastconnect_6800qca6426wsa8810_firmwarewcd9380snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)snapdragon_x55_5g_modem-rf_system_firmwareqca6574auqcn9074wcn3980_firmwaresnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmwaresa8295pwcn3680b_firmwaresa8150p_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_865_5g_mobile_platformsa8150pwsa8835sw5100p_firmwareqam8295p_firmwareqca6426_firmwaresa6145psa6155psa6145p_firmwareqam8295pwsa8835_firmwarewcn3660b_firmwarewsa8815_firmwaresd865_5gfastconnect_6900_firmwarefastconnect_6800_firmwaresxr2130_firmwarewcn3988wsa8810snapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmwaresnapdragon_865_5g_mobile_platform_firmwarewcn3980sxr2130sa6150pqca6436_firmwaresnapdragon_8_gen_1_mobile_platformsw5100_firmwarefastconnect_7800_firmwaresa8155p_firmwarewcn3660bwsa8815Snapdragon
CWE ID-CWE-416
Use After Free
CVE-2025-27077
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.29%
||
7 Day CHG~0.00%
Published-24 Sep, 2025 | 15:33
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Automotive Software platform based on QNX

Memory corruption while processing message in guest VM.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6698aqsrv1h_firmwaresa8540p_firmwaresa8650p_firmwaresa8255pqamsrv1m_firmwareqca6574ausa8775p_firmwaresrv1m_firmwareqam8620p_firmwaresa8770p_firmwareqamsrv1h_firmwareqam8255p_firmwaresa8295pqca6696_firmwareqca6797aq_firmwareqam8775p_firmwaresa8255p_firmwareqam8255pqam8775pqam8295p_firmwaresa7255p_firmwaresa7775psrv1msa8540psa8770pqca6688aq_firmwareqca6595_firmwareqam8295pqca6595ausa9000psa8620p_firmwaresa8650pqca6797aqqamsrv1mqca6696qam8620psa8295p_firmwaresrv1l_firmwaresrv1hqca6688aqqca6595au_firmwareqca6574au_firmwareqam8650p_firmwaresa9000p_firmwaresa7775p_firmwaresrv1lqca6595qam8650psa7255psa8620pqca6698aq_firmwaresa8775pqamsrv1hSnapdragon
CWE ID-CWE-416
Use After Free
CVE-2025-27467
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.69% / 71.62%
||
7 Day CHG-0.04%
Published-08 Apr, 2025 | 17:23
Updated-08 Jul, 2025 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Digital Media Elevation of Privilege Vulnerability

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_10_21h2windows_server_2019windows_10_22h2windows_server_2025windows_11_22h2windows_10_1809windows_server_2022_23h2windows_11_24h2Windows 10 Version 1809Windows 11 Version 23H2Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows Server 2025 (Server Core installation)Windows 11 version 22H2Windows 10 Version 22H2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows Server 2025
CWE ID-CWE-416
Use After Free
CVE-2025-26594
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.12%
||
7 Day CHG+0.01%
Published-25 Feb, 2025 | 15:53
Updated-06 Nov, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
X.org: xwayland: use-after-free of the root cursor

A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.

Action-Not Available
Vendor-tigervncRed Hat, Inc.X.Org Foundation
Product-tigervncenterprise_linuxx_serverxwaylandRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • ...
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • Next
Details not found