Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-56000

Summary
Assigner-suse
Assigner Org ID-404e59f5-483d-4b8a-8e7a-e67604dd8afb
Published At-08 Jul, 2026 | 07:36
Updated At-08 Jul, 2026 | 12:42
Rejected At-
Credits

xorg-x11-server / xwayland GLX contextTags Use-After-Free in CommonMakeCurrent()

Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into potentially reallocated memory.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:suse
Assigner Org ID:404e59f5-483d-4b8a-8e7a-e67604dd8afb
Published At:08 Jul, 2026 | 07:36
Updated At:08 Jul, 2026 | 12:42
Rejected At:
▼CVE Numbering Authority (CNA)
xorg-x11-server / xwayland GLX contextTags Use-After-Free in CommonMakeCurrent()

Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into potentially reallocated memory.

Affected Products
Vendor
X.Org FoundationX.Org
Product
xorg-x11-server
Package Name
xorg-x11-server
Repo
https://gitlab.freedesktop.org/xorg/xserver/
Default Status
unaffected
Versions
Affected
  • From 0 before 21.1.24 (rpm)
Vendor
X.Org FoundationX.Org
Product
xwayland
Package Name
xwayland
Repo
https://gitlab.freedesktop.org/xorg/xserver/
Default Status
unaffected
Versions
Affected
  • From 0 before 24.1.13 (rpmver)
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use after free
Type: CWE
CWE ID: CWE-416
Description: CWE-416 Use after free
Metrics
VersionBase scoreBase severityVector
4.09.0CRITICAL
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Version: 4.0
Base score: 9.0
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-234CAPEC-234 Hijacking a privileged process
CAPEC ID: CAPEC-234
Description: CAPEC-234 Hijacking a privileged process
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Anonymous working with Trend Micro Zero Day Initiative.
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://gitlab.freedesktop.org/xorg/xserver/-/commit/2779affbdb4354e894f490e56f962527d6125043
patch
https://www.openwall.com/lists/oss-security/2026/07/08/2
vendor-advisory
Hyperlink: https://gitlab.freedesktop.org/xorg/xserver/-/commit/2779affbdb4354e894f490e56f962527d6125043
Resource:
patch
Hyperlink: https://www.openwall.com/lists/oss-security/2026/07/08/2
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:meissner@suse.de
Published At:08 Jul, 2026 | 09:16
Updated At:09 Jul, 2026 | 19:47

Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into potentially reallocated memory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.0CRITICAL
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
N/A
Type: Secondary
Version: 4.0
Base score: 9.0
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

X.Org Foundation
x.org
>>x_server>>Versions before 21.2.24(exclusive)
cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
X.Org Foundation
x.org
>>xwayland>>Versions before 24.1.13(exclusive)
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Secondarymeissner@suse.de
CWE ID: CWE-416
Type: Secondary
Source: meissner@suse.de
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://gitlab.freedesktop.org/xorg/xserver/-/commit/2779affbdb4354e894f490e56f962527d6125043meissner@suse.de
Patch
https://www.openwall.com/lists/oss-security/2026/07/08/2meissner@suse.de
Mailing List
Patch
Third Party Advisory
Hyperlink: https://gitlab.freedesktop.org/xorg/xserver/-/commit/2779affbdb4354e894f490e56f962527d6125043
Source: meissner@suse.de
Resource:
Patch
Hyperlink: https://www.openwall.com/lists/oss-security/2026/07/08/2
Source: meissner@suse.de
Resource:
Mailing List
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1822Records found

CVE-2020-0423
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.51% / 39.93%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 13:07
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-androiddebian_linuxAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-667
Improper Locking
CVE-2021-1048
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-1.05% / 60.39%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:05
Updated-23 Oct, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-13||Apply updates per vendor instructions.

In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel

Action-Not Available
Vendor-n/aAndroidGoogle LLC
Product-androidAndroidKernel
CWE ID-CWE-416
Use After Free
CVE-2024-57995
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.22% / 12.46%
||
7 Day CHG~0.00%
Published-27 Feb, 2025 | 02:07
Updated-11 May, 2026 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() In ath12k_mac_assign_vif_to_vdev(), if arvif is created on a different radio, it gets deleted from that radio through a call to ath12k_mac_unassign_link_vif(). This action frees the arvif pointer. Subsequently, there is a check involving arvif, which will result in a read-after-free scenario. Fix this by moving this check after arvif is again assigned via call to ath12k_mac_assign_link_vif(). Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2024-58034
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.22% / 12.75%
||
7 Day CHG~0.00%
Published-27 Feb, 2025 | 20:00
Updated-11 May, 2026 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()

In the Linux kernel, the following vulnerability has been resolved: memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() As of_find_node_by_name() release the reference of the argument device node, tegra_emc_find_node_by_ram_code() releases some device nodes while still in use, resulting in possible UAFs. According to the bindings and the in-tree DTS files, the "emc-tables" node is always device's child node with the property "nvidia,use-ram-code", and the "lpddr2" node is a child of the "emc-tables" node. Thus utilize the for_each_child_of_node() macro and of_get_child_by_name() instead of of_find_node_by_name() to simplify the code. This bug was found by an experimental verification tool that I am developing. [krzysztof: applied v1, adjust the commit msg to incorporate v2 parts]

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2024-58072
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.19% / 8.57%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 15:54
Updated-12 May, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wifi: rtlwifi: remove unused check_buddy_priv

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: remove unused check_buddy_priv Commit 2461c7d60f9f ("rtlwifi: Update header file") introduced a global list of private data structures. Later on, commit 26634c4b1868 ("rtlwifi Modify existing bits to match vendor version 2013.02.07") started adding the private data to that list at probe time and added a hook, check_buddy_priv to find the private data from a similar device. However, that function was never used. Besides, though there is a lock for that list, it is never used. And when the probe fails, the private data is never removed from the list. This would cause a second probe to access freed memory. Remove the unused hook, structures and members, which will prevent the potential race condition on the list and its corruption during a second probe when probe fails.

Action-Not Available
Vendor-Siemens AGLinux Kernel Organization, Inc
Product-linux_kernelLinuxSIMATIC S7-1500 TM MFP - GNU/Linux subsystem
CWE ID-CWE-416
Use After Free
CVE-2020-16119
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-6.3||MEDIUM
EPSS-0.42% / 34.27%
||
7 Day CHG~0.00%
Published-14 Jan, 2021 | 01:10
Updated-16 Sep, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DCCP CCID structure use-after-free

Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.

Action-Not Available
Vendor-Linux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kernelLinux kernel
CWE ID-CWE-416
Use After Free
CVE-2024-49982
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.26% / 17.34%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 18:02
Updated-23 May, 2026 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
aoe: fix the potential use-after-free problem in more places

In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put() instead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs into use-after-free. Then Nicolai Stange found more places in aoe have potential use-after-free problem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe() and aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push packet to tx queue. So they should also use dev_hold() to increase the refcnt of skb->dev. On the other hand, moving dev_put() to tx() causes that the refcnt of skb->dev be reduced to a negative value, because corresponding dev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(), probe(), and aoecmd_cfg_rsp(). This patch fixed this issue.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2022-22058
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.16% / 5.23%
||
7 Day CHG~0.00%
Published-26 Sep, 2022 | 16:35
Updated-21 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8909wsd439_firmwarewcn3660_firmwaresd439qca6574au_firmwareqca6310wcd9330_firmwaresd429_firmwaremsm8996au_firmwaremdm9650_firmwaremsm8996ausd845qca6574a_firmwarequalcomm215_firmwaremdm9206qualcomm215sd660wsa8810_firmwareqca6320qca6595auapq8096au_firmwarewcn3660apq8053sd835_firmwareapq8017qca6420mdm9640mdm9628_firmwarewcn3980wcn3680_firmwareaqt1000_firmwareqca6574_firmwarewcd9326wsa8810sdx20_firmwarewcn3998_firmwaremsm8937qca9379_firmwareaqt1000qca9377qca6335sd820qca6696mdm9206_firmwareqca6574asd845_firmwaresd429qca6595au_firmwaresdw2500_firmwareqca9379qca6574sd450_firmwarewcn3990_firmwaresd855apq8009_firmwarewcd9330wcn3620sd670wcd9340_firmwareapq8009w_firmwaresd632_firmwareqca4020_firmwaremdm9640_firmwarewsa8815qca6564asdm429w_firmwareqca6320_firmwaremdm9607qcn7606_firmwaresd670_firmwareqcs605_firmwaresd855_firmwareqca6564au_firmwaremsm8917qca6564a_firmwaresa415m_firmwarewcn3680bmdm9607_firmwarewcn3660bsd835mdm9150sd820_firmwareapq8053_firmwareqca6175aqca6335_firmwarewcd9341_firmwareqcs603qca6564auqcs603_firmwarewcn3680b_firmwaremsm8953sd632sd660_firmwarewcn3610_firmwaresdxr1_firmwaresd710_firmwaremdm9626mdm9626_firmwareqca4020sa415msdw2500msm8937_firmwaresd450qca6584_firmwarewcd9335_firmwareqca6310_firmwareqcn7606mdm9250_firmwarewcn3620_firmwareqca6430_firmwaresdm429wapq8096aumdm9250qca6696_firmwareqca6174a_firmwarewcd9326_firmwareapq8017_firmwaresdx20csrb31024_firmwareqca9367_firmwarepm8937_firmwarewcn3998wcn3615_firmwarewcd9341qca6175a_firmwareqcn7605_firmwareqca6174aqcs605pm8937wcn3660b_firmwaremsm8909w_firmwarewsa8815_firmwarewcd9335wcn3615csrb31024qcn7605mdm9628qca6430qca9377_firmwaremsm8953_firmwaresd710wcn3990wcn3680msm8917_firmwarewcn3610wcn3980_firmwareqca9367mdm9150_firmwaremdm9650apq8009qca6574ausdxr1wcd9340sdx24sdx24_firmwareapq8009wqca6584qca6420_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2023-3610
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-7.8||HIGH
EPSS-0.26% / 17.37%
||
7 Day CHG~0.00%
Published-21 Jul, 2023 | 20:48
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in Linux kernel's netfilter: nf_tables component

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered. We recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, Inc
Product-linux_kerneldebian_linuxKernel
CWE ID-CWE-416
Use After Free
CVE-2020-1382
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-5.75% / 92.23%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:54
Updated-04 Aug, 2024 | 06:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1381.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 Version 2004 for x64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-416
Use After Free
CVE-2020-12657
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.71% / 49.44%
||
7 Day CHG~0.00%
Published-05 May, 2020 | 06:01
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-416
Use After Free
CVE-2020-1381
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.96% / 57.57%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:54
Updated-04 Aug, 2024 | 06:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1382.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 Version 2004 for x64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-416
Use After Free
CVE-2024-0155
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.20% / 10.24%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 13:00
Updated-08 Jan, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to application crash or execution of arbitrary code.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryDell Digital Delivery (D3)digital_delivery
CWE ID-CWE-416
Use After Free
CVE-2022-1976
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.23% / 13.65%
||
7 Day CHG~0.00%
Published-31 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kernelkernel
CWE ID-CWE-416
Use After Free
CVE-2022-20325
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.10% / 1.16%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 15:27
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Media, there is a possible code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-186473060

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2023-35685
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.64%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 17:35
Updated-31 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2025-54912
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.47% / 37.71%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 17:01
Updated-20 Feb, 2026 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows BitLocker Elevation of Privilege Vulnerability

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022windows_11_22h2windows_11_24h2windows_10_22h2windows_10_1607windows_10_21h2windows_11_23h2windows_server_2008windows_server_2012windows_server_2016windows_server_2019windows_server_2025windows_server_2022_23h2windows_10_1809Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2020-12303
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 28.71%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:07
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-converged_security_and_manageability_enginetrusted_execution_technologyIntel(R) CSME, Intel(R) TXE
CWE ID-CWE-416
Use After Free
CVE-2022-1786
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.00% / 59.00%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 18:45
Updated-03 Aug, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.

Action-Not Available
Vendor-n/aNetApp, Inc.Linux Kernel Organization, Inc
Product-linux_kernelh500sh410s_firmwareh700s_firmwareh410c_firmwareh300s_firmwareh500s_firmwareh410sh410ch300sh700skernel
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE ID-CWE-416
Use After Free
CVE-2025-54102
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.42% / 33.78%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 17:00
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability

Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022windows_11_22h2windows_11_24h2windows_10_22h2windows_10_1607windows_10_21h2windows_11_23h2windows_server_2016windows_server_2019windows_server_2025windows_server_2022_23h2windows_10_1809Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 1607Windows Server 2019Windows Server 2022Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2016Windows 10 Version 1809
CWE ID-CWE-416
Use After Free
CVE-2025-53768
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 21.50%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-22 Feb, 2026 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xbox IStorageService Elevation of Privilege Vulnerability

Use after free in Xbox allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_10_1607windows_10_22h2windows_10_1809windows_11_25h2Windows 10 Version 1607Windows 11 Version 24H2Windows 11 Version 23H2Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 25H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2025-54092
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 23.44%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 17:01
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022windows_11_22h2windows_11_24h2windows_10_22h2windows_10_21h2windows_11_23h2windows_server_2019windows_server_2025windows_server_2022_23h2windows_10_1809Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2020-11120
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.19% / 8.77%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback, data buffer may not be valid and will lead to use after free scenario' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, APQ8098, Bitra, Kamorta, MSM8917, MSM8953, MSM8998, QCM2150, QCS405, QCS605, QM215, Rennell, Saipan, SDM429, SDM439, SDM450, SDM632, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-kamorta_firmwareqcm2150_firmwaremsm8953sdm450sdm632_firmwareapq8098_firmwaresdm450_firmwaremsm8998_firmwaresdm632qcm2150sdm439sm8250_firmwaresdm429qcs405sm7150_firmwaresm6150qm215sm7150msm8917sxr2130qcs605_firmwaresm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellbitraapq8098rennell_firmwareqm215_firmwareqcs605msm8953_firmwareapq8096au_firmwaresaipan_firmwaresm6150_firmwaremsm8917_firmwarebitra_firmwaremsm8998sdm429_firmwaresm8150sm8250kamortasaipanSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2020-11124
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.23% / 13.39%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 06:25
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCS404, QCS405, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6155p_firmwareqcs610sdm660qcs404_firmwaremdm9607_firmwaresm8250_firmwaresc8180x_firmwareqcs405sm7150_firmwaresa8155p_firmwaresm6150mdm9607sm7150sa6155pqcs610_firmwaresxr2130sc8180xqcs404sm8150_firmwaresxr2130_firmwareqcs405_firmwarerennellrennell_firmwaresdx55sa8155psaipan_firmwaresm6150_firmwaresm8250sm8150sdx55_firmwarenicobar_firmwaresaipansdm660_firmwarenicobarSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-416
Use After Free
CVE-2023-35380
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-3.95% / 89.26%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-09 Jul, 2025 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows Server 2022Windows 10 Version 1507Windows 10 Version 1607Windows 11 version 22H2Windows Server 2008 Service Pack 2Windows Server 2019Windows Server 2008 Service Pack 2Windows 10 Version 22H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows Server 2016
CWE ID-CWE-416
Use After Free
CVE-2020-11129
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.22% / 12.77%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 06:25
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to memory use-after-free' in Snapdragon Consumer IOT, Snapdragon Mobile in Bitra, Kamorta, QCS605, Saipan, SDM710, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sxr2130saipan_firmwaresm8250kamorta_firmwaresdm710bitra_firmwaresxr2130_firmwaresdm710_firmwarekamortabitrasm8250_firmwaresaipanqcs605qcs605_firmwareSnapdragon Consumer IOT, Snapdragon Mobile
CWE ID-CWE-416
Use After Free
CVE-2023-35382
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-5.84% / 92.35%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-01 Jan, 2025 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_22h2windows_11_21h2windows_10_22h2windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2
CWE ID-CWE-416
Use After Free
CVE-2020-10838
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.88%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 17:20
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. PROCA allows a use-after-free and arbitrary code execution. The Samsung ID is SVE-2019-16132 (February 2020).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-416
Use After Free
CVE-2023-35666
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.09% / 0.61%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 20:09
Updated-26 Sep, 2024 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-416
Use After Free
CVE-2020-11239
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.21% / 10.90%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 05:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up properly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580qca9377_firmwareqpm5679_firmwaresm6250p_firmwarepmd9607_firmwareqca8337qdm5579qfs2608_firmwareqfs2530qpm8870_firmwareqln1030pm6125qat5522_firmwarewcn3950_firmwarepm8150aqdm5670qca6595au_firmwareqpm5541_firmwareqpa5581_firmwaresa6155pm7150lqcc1110_firmwarepm8998_firmwareqpa8821sd_455_firmwareapq8076wtr5975_firmwareqcs6125_firmwarepm456_firmwareqpa5580_firmwaresa415mwcn3998wcd9371_firmwarewcn3950sm4125sd720gmdm9206_firmwareqsw8573_firmwarewcn3660bsd450_firmwareqfe4320qsw8574_firmwaresd460_firmwaresmb2351_firmwarepm8953_firmwareqpa4360_firmwarewcn3998_firmwareqfe2520_firmwareapq8009w_firmwarepm855papq8053_firmwareqca6420pm6150aqpm6670_firmwareqca9367_firmwarepm660_firmwarepm8150bsa8155_firmwareqfe2101qca6430qat3522pmr735awcd9306_firmwarewcd9340sdm830_firmwaresd765gsdr660qfs2630_firmwaresdr865mdm9250_firmwareqdm5620_firmwaresmb1358qca6696_firmwareqln5020wcd9371smb1350pmm855au_firmwaresm4350_firmwaresd_8cxwtr3950pm6350qdm5621qfe3340qtc800sqat3514_firmwaresd660sd865_5g_firmwarepm640p_firmwaresd660_firmwarewcn6750_firmwareqat5516_firmwarepm6150lsd450pm855l_firmwareqtc410swcn3991qpa8801sdm429wpm8150l_firmwareqat5533_firmwaresdx55m_firmwareqpa8673_firmwarepm6150smb1354_firmwaresd670_firmwareqca6574sd632_firmwareqfs2630qpa8842sdr052_firmwarepmm8996auwcd9380qualcomm215qln4640qcs410qpm5579_firmwaresmb1380_firmwareqfe4309_firmwarepmk8350_firmwaresmb1381pm855p_firmwaresd690_5g_firmwarepm7250qca9379_firmwarewtr4905qpa8803sdx24_firmwaresd439_firmwareqdm2301wcd9340_firmwarewsa8815wcn6850qfe2101_firmwareqdm5621_firmwareqdm2301_firmwaremsm8937_firmwareqpm6375sd_8c_firmwaresd835wcn3980_firmwaresd730pm660l_firmwarepm6250_firmwarewcn6740_firmwarepm8008pm8350b_firmwareqtm525_firmwarepme605_firmwarepme605apq8064au_firmwareqpm5621_firmwareqln1021aq_firmwareqcs603rsw8577qpa6560_firmwareqpa8802_firmwareqln4640_firmwareqfe4308_firmwareqpm5621qpm6582sd670pm8009_firmwareapq8009wqfe4303qfs2580_firmwarepm8150lpmi8998_firmwareqcs610_firmwaresa6145ppm660a_firmwarepm215ar8031qpm5577wtr2965sdm630_firmwaresd820_firmwareqca6391_firmwarepmx20_firmwarepm8150pmi8937_firmwarewcd9370_firmwareqat3516_firmwaresdx55apq8053csra6640pm8350bhsqat3555_firmwarepmi8994qpa8803_firmwarewcn3660qca9379pm855bsmb2351qln1031qsm8250_firmwareqpm5870pm8909wsa8830pm660qet6110_firmwareqdm5579_firmwareqpm6325pm6125_firmwareqbt1500qpa5581csrb31024mdm9650sd_636pmx24_firmwarefsm10055_firmwareqbt1500_firmwareqpm5870_firmwarepmk8001qet6100pmm855aumdm9250qca6420_firmwaresmb1394_firmwareapq8009_firmwaresd690_5gsmb1396pm7150asd675_firmwarepm8350qca6564qpa4361_firmwarepm8350c_firmwareqpa5461_firmwareqca6426wcn3990_firmwareqca9377qpm5641qpa5373_firmwaresdw2500_firmwarewcd9385_firmwareqdm5650_firmwareqpa4340_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwarewtr2955rgr7640au_firmwarepm7250_firmwaresdr845_firmwareqdm5620qln1021aqsmb1380pmk8002_firmwareqsw6310_firmwaresa8155qln1031_firmwareqdm4650_firmwaresdx55_firmwarepmm6155au_firmwareqat5533wcn3615sm7250p_firmwarewcn3610_firmwarepm8940qpm6670qsm7250_firmwarepm7150l_firmwarewcd9306qca6584auqpm4641qat5515_firmwarepm855qpm8830_firmwaresd429pm8250qca9367sdm630mdm9655_firmwareqdm4643qfs2530_firmwaresa415m_firmwarepmx55qpm4641_firmwarewcn3988_firmwaresd205sd429_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresdr735_firmwarepm8953qat5515qpm5677qat3514wcd9326wcd9335pm6350_firmwarepm8004_firmwaresdr8150_firmwarepm439qtc800h_firmwarepmk7350_firmwareqpm5620qpm4630qca6390wcd9375sd750g_firmwareaqt1000sm6250_firmwareqln4642msm8917_firmwareqpm5677_firmwaresdx20_firmwarewsa8815_firmwaresd888_5g_firmwarepmi8937pm8998pmk7350sdw3100qpm8820_firmwaresmr525_firmwarewtr3925_firmwareqfe4301_firmwareapq8017qln1020_firmwareqpm6621_firmwarepm670a_firmwareqcm6125_firmwarepmx55_firmwarewtr2955_firmwareqbt1000_firmwareqfe4373fc_firmwaresd865_5gpm8150_firmwaresmb1398_firmwareqpm8830pmm8996au_firmwareqat5522pm8150cpmr735bsd665_firmwareqpa4360pmk8003_firmwareqpa4361qpm4640_firmwaremdm9206qpm5577_firmwareqdm5679_firmwarepm8350csmr525qca6310_firmwareqfe4305_firmwarepm6150l_firmwarepmr525pm8150a_firmwareqca6574_firmwarewtr3950_firmwareqln1036aq_firmwaresd665pm6150a_firmwarepm6150_firmwaresd765pmx20pmd9607qca6574a_firmwareqpm4630_firmwareqat3555apq8009qpa5461wtr2965_firmwarepm670_firmwarecsrb31024_firmwareqfs2608qln1036aqqtc801sqpm5641_firmwaresd710pm8008_firmwaresdx20m_firmwareqpm6621pmr735a_firmwarepmw3100pmx50qca6564_firmwaresdr8250sd768gqln1030_firmwaresmb1350_firmwarewcn6740pmw3100_firmwarepm8004pm640lmsm8940pmk8002apq8096au_firmwaresdw2500sd845sdm830smb1357qcs410_firmwareqpa5580qpm5579fsm10055qfe2550qcs610pmi8996qpm5620_firmwareqdm2307qca6431_firmwareqpa8802qpm6585_firmwareqat3519qbt2000_firmwarepm855a_firmwareqtc800hsdr8250_firmwareqca6335msm8917csra6620_firmwareqcs605_firmwareqln1020sd_675_firmwarewtr3905qdm5671csra6640_firmwarepmc1000hqpm4650_firmwareqat3518sd632sdr425_firmwaresmr526_firmwareqpa5460pm640a_firmwarewgr7640_firmwareqdm2305_firmwareqpm5670_firmwaresd710_firmwareqca4020qdm5652qca6574au_firmwareqpm8870wcd9375_firmwareqpm5679qbt2000sa6155_firmwaremsm8909wsdx20mpmx50_firmwareqpa8675_firmwaresdr735gqpa5460_firmwarewcn3999pm8940_firmwareqdm3301_firmwarepm8996qsm7250qcs6125sd662_firmwareqcc1110qcs405smb1360qualcomm215_firmwarersw8577_firmwareqdm2308_firmwarefsm10056_firmwarepm439_firmwareqca4020_firmwareqca6436sa6155pwcn6851qcs603_firmwareqpa6560msm8937sdr675_firmwarewcn3660_firmwarewcd9341pmi8952qdm4643_firmwaremdm9655pm8937_firmwareqca6431sm7350_firmwareqet4100_firmwaresd750gqfe4320_firmwareqdm3302wcn3910_firmwareqpm5657qpm5875_firmwarewsa8830_firmwaresd855_firmwareqdm5650wcn3988wtr3925sdr052smb1390sdw3100_firmwareqet4100wcn3610qpa8686_firmwareqpm6585qca8337_firmwaresda429w_firmwarewcd9380_firmwaresmb1355qln4650qtc800t_firmwarewcd9330msm8996au_firmwaresdr735g_firmwarepm8350bhs_firmwarewgr7640qat5568qet5100qdm5671_firmwareqpa8801_firmwareqca6564auqtm527_firmwarewcn6856_firmwarepm8005_firmwaremsm8940_firmwareqet4101_firmwarepm7250bqln4642_firmwarepmk8001_firmwaresmb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwarepm8996_firmwareqet4200aq_firmwaresdx50m_firmwaresdr735smb1395pm660lar8151smr526wtr5975qca6430_firmwarepmk8003qtc801s_firmwarewcd9335_firmwareqat3522_firmwarewcn3980pm7350c_firmwareqca6335_firmwareqsw8573qcs605qbt1000wcn3910qca6320mdm9650_firmwaresmb1394qca6426_firmwarepm8350_firmwarewcn3660b_firmwarewcn3680qfe4309pm8009qpa8675sdr051_firmwarewcd9330_firmwaresdx55mpm670aqca6421_firmwarewtr3905_firmwareqfe4373fcmsm8953qat3518_firmwarepmi8998qfe2520qsw8574sd821_firmwarear8031_firmwarewcn3680_firmwarepm855lwcn6851_firmwareqdm5670_firmwarepm7150a_firmwarepm8150b_firmwareqfe4302sd_636_firmwarepmc1000h_firmwareqca6564a_firmwareqdm2310_firmwarepm670sd210_firmwareqdm5677pm8005qsm8250pm855_firmwareqdm2302pmm6155ausdxr1pm855b_firmwareapq8096auqcs405_firmwareqpm6582_firmwareqpm6375_firmwarepm640l_firmwarepmi8996_firmwareqln4650_firmwareqpm5875qet5100msa8155psd675sd439qet4101pm8952qat3516pm670lqpm5658ar8035_firmwareqpm5658_firmwarewcn3991_firmwareqdm5652_firmwarepmm8155au_firmwaresdr051qln5030pm4125fsm10056pmi632qpa2625_firmwarepm456pm8350bh_firmwarecsra6620pmr735b_firmwareqet5100_firmwareqpa5373qpm4621smb1360_firmwareqet6100_firmwarepm670l_firmwaresdr660gsd765g_firmwareqpa8686smb1358_firmwareqca6390_firmwaresd730_firmwarewcd9370sdr425pmr525_firmwareqca6584au_firmwareapq8076_firmwareqfe3340_firmwarear8151_firmwarepmi632_firmwaresd_8cx_firmwareqpm5541qat5516sd662qpa8821_firmwareqfe4308sdr660g_firmwarepm8350bhapq8037pm3003aqca6320_firmwarewcn3680b_firmwareqca6595auwcn3999_firmwareqca6436_firmwareqtc800tsm7350smb1354qca6564au_firmwareqdm2305sa6155p_firmwareqca6310qpm8820pm8937qpm2630qln5020_firmwaresa515m_firmwaresdxr2_5gsmb1398sd821sa6145p_firmwaresdr675sm6250apq8017_firmwarewsa8810_firmwaresmb231sd765_firmwareqdm5677_firmwareqet4200aqqca6174a_firmwarewcd9385qpm6325_firmwareqdm2302_firmwareqat3550_firmwarepmm8155auqln5040_firmwarepm4125_firmwarear8035apq8064auqpa8673qdm2310qfe2550_firmwaremsm8953_firmwareqln5030_firmwarepm8952_firmwaresda429wsd210wcn3620_firmwareqfe4302_firmwaresd820smb1396_firmwarewcn6850_firmwarewcn3620wsa8835_firmwareqca6564apmx24qet6110pmi8952_firmwareqln5040qpm8895sdr845qpm5670wcn3990sd_675qtm527pmk8350sdx24qdm3302_firmwarepmi8994_firmwarepm8350bqdm2307_firmwaremsm8909w_firmwarewsa8835msm8996ausdm429w_firmwareqpm5657_firmwaresd888_5gsm6250prgr7640aupm855asdr660_firmwarepm8909_firmwareqca6574apm8916_firmwaresmb1390_firmwareqca6174aqfe4303_firmwareqpm4640wcn6750pm8956_firmwarepm7350cqet5100m_firmwareqpm4650qtm525sa515mwtr6955sd855sm4125_firmwareqfe4305wtr6955_firmwarepm640psd768g_firmwaresdr865_firmwarepm8250_firmwaresd460qca6391sdxr1_firmwaresmb1351smb1357_firmwareaqt1000_firmwarepm215_firmwaremsm8920qpm8895_firmwarepm660aqpa4340sdx50mpm640asdr8150sdx20pm8916msm8920_firmwareqdm4650smb1395_firmwaresd_455pmd9655qca6574ausa8155p_firmwaresd205_firmwareqsw6310wcd9341_firmwareqcm6125wsa8810qtc410s_firmwareqpm2630_firmwaresmb231_firmwareqat5568_firmwareqdm2308qat3550wtr4905_firmwarewcn6856qdm5679sd_8cwcn3680bsd835_firmwarepm3003a_firmwareqca6696qfe4301qtc800s_firmwaresm4350sd845_firmwaresmb1381_firmwareqpa2625apq8037_firmwaresm7250psd720g_firmwareqpm4621_firmwarepm8956pm6250Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2023-3390
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-7.8||HIGH
EPSS-0.87% / 54.79%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 20:02
Updated-13 Feb, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in Linux kernel's netfilter subsystem

A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.

Action-Not Available
Vendor-Linux Kernel Organization, IncNetApp, Inc.
Product-linux_kernelh500sh410sh410ch300sh700sLinux Kernel
CWE ID-CWE-416
Use After Free
CVE-2023-53311
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.56%
||
7 Day CHG~0.00%
Published-16 Sep, 2025 | 16:11
Updated-11 May, 2026 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput During unmount process of nilfs2, nothing holds nilfs_root structure after nilfs2 detaches its writer in nilfs_detach_log_writer(). Previously, nilfs_evict_inode() could cause use-after-free read for nilfs_root if inodes are left in "garbage_list" and released by nilfs_dispose_list at the end of nilfs_detach_log_writer(), and this bug was fixed by commit 9b5a04ac3ad9 ("nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()"). However, it turned out that there is another possibility of UAF in the call path where mark_inode_dirty_sync() is called from iput(): nilfs_detach_log_writer() nilfs_dispose_list() iput() mark_inode_dirty_sync() __mark_inode_dirty() nilfs_dirty_inode() __nilfs_mark_inode_dirty() nilfs_load_inode_block() --> causes UAF of nilfs_root struct This can happen after commit 0ae45f63d4ef ("vfs: add support for a lazytime mount option"), which changed iput() to call mark_inode_dirty_sync() on its final reference if i_state has I_DIRTY_TIME flag and i_nlink is non-zero. This issue appears after commit 28a65b49eb53 ("nilfs2: do not write dirty data after degenerating to read-only") when using the syzbot reproducer, but the issue has potentially existed before. Fix this issue by adding a "purging flag" to the nilfs structure, setting that flag while disposing the "garbage_list" and checking it in __nilfs_mark_inode_dirty(). Unlike commit 9b5a04ac3ad9 ("nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()"), this patch does not rely on ns_writer to determine whether to skip operations, so as not to break recovery on mount. The nilfs_salvage_orphan_logs routine dirties the buffer of salvaged data before attaching the log writer, so changing __nilfs_mark_inode_dirty() to skip the operation when ns_writer is NULL will cause recovery write to fail. The purpose of using the cleanup-only flag is to allow for narrowing of such conditions.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2021-1029
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.72%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034677

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-53132
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.46% / 36.81%
||
7 Day CHG+0.03%
Published-12 Aug, 2025 | 17:10
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_10_22h2windows_10_1607windows_server_2019windows_11_24h2windows_server_2025windows_10_21h2windows_10_1809windows_server_2008windows_server_2022_23h2windows_server_2022windows_server_2012windows_10_1507windows_server_2016windows_11_22h2Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2023-52795
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.24% / 15.24%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 15:31
Updated-11 May, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
vhost-vdpa: fix use after free in vhost_vdpa_probe()

In the Linux kernel, the following vulnerability has been resolved: vhost-vdpa: fix use after free in vhost_vdpa_probe() The put_device() calls vhost_vdpa_release_dev() which calls ida_simple_remove() and frees "v". So this call to ida_simple_remove() is a use after free and a double free.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-415
Double Free
CWE ID-CWE-416
Use After Free
CVE-2021-0684
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.12% / 2.00%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 14:11
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-179839665

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2020-11234
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.20% / 10.29%
||
7 Day CHG~0.00%
Published-07 Apr, 2021 | 07:55
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting in a Use After Free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfe3100qfe2080fc_firmwareqca9377_firmwareqfs2580qpm5679_firmwaremdm9640_firmwarepmd9607_firmwareqfe4455fc_firmwareqca8337qfs2530qln1030pm6125qat5522_firmwarewcn3950_firmwarepm8150aqdm5670qca6595au_firmwareqpm5541_firmwaresa6155pm7150lqcc1110_firmwarepm8998_firmwareqpa8821wtr5975_firmwareqpa5580_firmwaremsm8108wcn3998wcd9371_firmwaremsm8108_firmwarewcn3950mdm9206_firmwareqsw8573_firmwarewcn3660bsd450_firmwareqfe4320qsw8574_firmwaresmb2351_firmwarepm8953_firmwareqpa4360_firmwarewcn3998_firmwareqfe2520_firmwareapq8009w_firmwarepm855papq8053_firmwareqca6420wtr4605_firmwareqca9367_firmwarepm660_firmwarepm8150bsa8155_firmwareqfe2101qca6430qat3522qfe4455fcwcd9340sdm830_firmwaresd765gsdr660msm8209_firmwaresdr865mdm9250_firmwareqdm5620_firmwaresmb1358qca6696_firmwareqln5020wcd9371sd870_firmwaresmb1350pmm855au_firmwarewtr3950qfe3340qdm5621qtc800sqat3514_firmwaresd660sd712pm640p_firmwaresd660_firmwareqcn7606_firmwareqat5516_firmwaresd450pm855l_firmwareqtc410swcn3991qpa8801sdm429wpm8150l_firmwareqat5533_firmwaresdx55m_firmwaresdxr25gqpa8673_firmwarepm6150sd670_firmwareqca6574sd632_firmwareqpa8842sdr052_firmwarepmm8996auwcd9380qualcomm215qpm5579_firmwaresmb1380_firmwareqfe4309_firmwaresmb1381pm855p_firmwareqfe3100_firmwarepm7250qca9379_firmwarewtr4905qpa8803sdx24_firmwaresd439_firmwaresdxr25g_firmwarepmd9645qdm2301wcd9340_firmwarewsa8815qfe2101_firmwareqca6584_firmwareqdm2301_firmwareqdm5621_firmwareqpm6375sd835wcn3980_firmwaresd730qfe3320_firmwarepm660l_firmwarepm8008qtm525_firmwarepme605_firmwarepme605sd678_firmwareapq8064au_firmwareqpm5621_firmwareqln1021aq_firmwareqcs603rsw8577qpa6560_firmwareqpa8802_firmwareqfe4308_firmwareqpm5621qpm6582sd670pm8009_firmwareapq8009wqfe4303qfs2580_firmwareqcn7605_firmwarepm8150lpmi8998_firmwarepm660a_firmwarepm215ar8031qpm5577wtr2965sdm630_firmwaresa2150pqca6391_firmwaresd820_firmwarepmx20_firmwarepm8150pmi8937_firmwarewcd9370_firmwareqat3516_firmwaresdx55apq8053csra6640qat3555_firmwarepmi8994qpa8803_firmwarewcn3660qca9379pm855bsmb2351qln1031qcn7606pm8909pm660qet6110_firmwareqpm6325pm6125_firmwareqbt1500mdm9628_firmwaremdm9650pmx24_firmwareqbt1500_firmwarepmk8001pmm855aumdm9250qca6420_firmwareapq8009_firmwarepm7150asd675_firmwareqpa4361_firmwareqca6426wcn3990_firmwareqca9377qpa5373_firmwaresdw2500_firmwarewcd9385_firmwareqdm5650_firmwareqpa4340_firmwarewcd9326_firmwarewhs9410wcn3615_firmwarewtr2955rgr7640au_firmwarepm7250_firmwaresdr845_firmwareqdm5620qln1021aqsmb1380pmk8002_firmwareqsw6310_firmwaresa8155qca6584qln1031_firmwaresdx55_firmwareqat5533wcn3615sm7250p_firmwarewcn3610_firmwareqsm7250_firmwarepm7150l_firmwareqca6584aumsm8208qat5515_firmwarepm855qpm8830_firmwaresd429pm8250qca9367qfe2082fc_firmwaresdm630mdm9607_firmwaremdm9655_firmwareqfs2530_firmwarepmx55sd205sd429_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwarepm8953qat5515qpm5677qat3514wcd9326wcd9335pm8004_firmwaresdr8150_firmwarepm439qtc800h_firmwareqca6390wcd9375aqt1000qln4642msm8917_firmwareqpm5677_firmwaresdx20_firmwarewsa8815_firmwarewtr3925_firmwarepmi8937pm8998sdw3100smr525_firmwareqfe4301_firmwareapq8017qln1020_firmwarepm670a_firmwarepmx55_firmwarewtr2955_firmwareqbt1000_firmwareqfe4373fc_firmwareqca6595pm8150_firmwareqpm8830pmm8996au_firmwareqat5522pm8150csd665_firmwareqpa4360qpa4361mdm9206qpm5577_firmwareqdm5679_firmwaresmr525qca6310_firmwareqfe4305_firmwarepmr525pm8150a_firmwareqca6574_firmwarewtr3950_firmwareqln1036aq_firmwaresd665pm6150_firmwareqca6175asd765pmx20pmd9607qca6574a_firmwareqat3555apq8009qfe2082fcsd8c_firmwarewtr2965_firmwarepm670_firmwareqln1036aqqtc801sqfe3320sd710mdm9607pm8008_firmwareqln1035bd_firmwaresdx20m_firmwarepmw3100pmx50sdr8250sd768gqln1030_firmwaresmb1350_firmwarepmw3100_firmwarepm8004pm640lpmk8002sdw2500apq8096au_firmwaresd845sdm830smb1357qca6175a_firmwareqpa5580qpm5579qfe2550pmi8996qca6431_firmwareqpa8802wcd9360_firmwareqpm6585_firmwareqat3519qbt2000_firmwarepm855a_firmwareqtc800hsdr8250_firmwareqca6335msm8917csra6620_firmwareqcs605_firmwareqln1020wtr3905qdm5671csra6640_firmwarepmc1000hqpm4650_firmwareqat3518sd8csd632smr526_firmwaremdm9628pm640a_firmwareqpa5460wgr7640_firmwareqdm2305_firmwareqpm5670_firmwaresd710_firmwareqca4020qdm5652qca6574au_firmwarewcd9375_firmwareqpm5679qbt2000sa6155_firmwaremsm8909wwcd9360sdx20mpmx50_firmwarewhs9410_firmwareqpa5460_firmwarewcn3999qdm3301_firmwarepm8996qsm7250qcc1110qcs405smb1360qualcomm215_firmwareqfe3440fcrsw8577_firmwarepm439_firmwareqca4020_firmwareqca6436sa6155pqcs603_firmwareqpa6560wcn3660_firmwarewcd9341pmi8952mdm9655pm8937_firmwareqca6431qet4100_firmwareqfe4320_firmwaresd855_firmwareqdm5650wtr3925qfe2080fcsdr052smb1390sdw3100_firmwaremsm8208_firmwareqet4100wcn3610msm8608mdm9640qpa8686_firmwareqpm6585qca8337_firmwarewcd9380_firmwaresmb1355qln4650qtc800t_firmwarewcd9330msm8996au_firmwarewgr7640csr6030qet5100qdm5671_firmwareqpa8801_firmwareqca6564ausd636pm8005_firmwareqet4101_firmwarepm7250bqln4642_firmwarepmk8001_firmwaresmb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwarepm8996_firmwareqet4200aq_firmwaresdx50m_firmwaresmb1395smb358spm660lsmb358s_firmwarear8151smr526wtr5975qca6174qca6430_firmwareqtc801s_firmwarewcd9335_firmwareqat3522_firmwarewcn3980qca6335_firmwareqsw8573qcs605qbt1000qca6320mdm9650_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680qfe4309pm8009sdr051_firmwarewcd9330_firmwaresdx55mpm670aqca6421_firmwarewtr3905_firmwareqfe4373fcmsm8953qat3518_firmwarepmi8998qfe2520qsw8574sd821_firmwarear8031_firmwarewcn3680_firmwarepm855lqdm5670_firmwaresd8655gpm7150a_firmwarepm8150b_firmwareqfe4302pmc1000h_firmwareqca6564a_firmwarepmd9645_firmwaresd870pm670sd210_firmwareqdm5677pm8005pm855_firmwareqdm2302sdxr1pm855b_firmwareapq8096auqca6595_firmwareqcs405_firmwareqpm6582_firmwareqpm6375_firmwarepm640l_firmwarepmi8996_firmwareqln4650_firmwareqet5100msa8155psd675wtr4605sd439qet4101qat3516pm670lqpm5658ar8035_firmwareqpm5658_firmwarewcn3991_firmwareqdm5652_firmwareqfe4465fcsd678sdr051qln5030pmi632qpa2625_firmwareqfe2081fc_firmwaresmb1360_firmwarecsra6620qet5100_firmwareqpa5373pm670l_firmwaresdr660gsd765g_firmwareqpa8686smb1358_firmwareqca6390_firmwareqca6174_firmwaresd730_firmwarewcd9370pmr525_firmwareqca6584au_firmwareqfe3340_firmwarear8151_firmwarepmi632_firmwareqcn7605qpm5541qat5516qpa8821_firmwareqfe4308sdr660g_firmwarepm3003aqca6320_firmwarewcn3680b_firmwareqca6595auwcn3999_firmwareqca6436_firmwareqtc800tqca6564au_firmwareqdm2305sa6155p_firmwareqca6310pm8937qfe2081fcqln5020_firmwaresa515m_firmwaresd821sd712_firmwareapq8017_firmwarewsa8810_firmwaresmb231sd765_firmwareqdm5677_firmwareqet4200aqqca6174a_firmwarewcd9385qpm6325_firmwareqdm2302_firmwareqat3550_firmwareqln5040_firmwarear8035apq8064auqpa8673qfe2550_firmwareqln5030_firmwaremsm8953_firmwaresd210wcn3620_firmwareqfe4302_firmwaresd820wcn3620csr6030_firmwareqca6564apmx24qet6110pmi8952_firmwareqln5040qpm8895sdr845qpm5670wcn3990qfe3440fc_firmwaresdx24pmi8994_firmwaremsm8909w_firmwaremsm8996ausdm429w_firmwarergr7640auqln1035bdpm855asdr660_firmwarepm8909_firmwareqca6574apm8916_firmwaresmb1390_firmwareqca6174aqfe4303_firmwareqet5100m_firmwareqpm4650qtm525sa515msa2150p_firmwaresd855sd8cxqfe4305pm640psd768g_firmwaresdr865_firmwaremsm8209qfe4465fc_firmwarepm8250_firmwaresmb1351qca6391sd8cx_firmwaresdxr1_firmwaresmb1357_firmwareaqt1000_firmwarepm215_firmwareqpm8895_firmwarepm660aqpa4340sdx50mpm640asdr8150sdx20pm8916smb1395_firmwarepmd9655qca6574ausa8155p_firmwaresd205_firmwareqsw6310sd8655g_firmwarewcd9341_firmwarewsa8810qtc410s_firmwaresmb231_firmwarewtr4905_firmwareqat3550qdm5679wcn3680bsd835_firmwarepm3003a_firmwareqca6696qfe4301qtc800s_firmwaresmb1381_firmwaresd845_firmwaremsm8608_firmwareqpa2625sm7250psd636_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2023-3389
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-7.8||HIGH
EPSS-0.72% / 49.93%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 19:33
Updated-05 Mar, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use after free in io_uring in the Linux Kernel

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, IncCanonical Ltd.
Product-linux_kernelubuntu_linuxdebian_linuxKernel
CWE ID-CWE-416
Use After Free
CVE-2023-52509
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.24% / 15.33%
||
7 Day CHG~0.00%
Published-02 Mar, 2024 | 21:52
Updated-11 May, 2026 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ravb: Fix use-after-free issue in ravb_tx_timeout_work()

In the Linux kernel, the following vulnerability has been resolved: ravb: Fix use-after-free issue in ravb_tx_timeout_work() The ravb_stop() should call cancel_work_sync(). Otherwise, ravb_tx_timeout_work() is possible to use the freed priv after ravb_remove() was called like below: CPU0 CPU1 ravb_tx_timeout() ravb_remove() unregister_netdev() free_netdev(ndev) // free priv ravb_tx_timeout_work() // use priv unregister_netdev() will call .ndo_stop() so that ravb_stop() is called. And, after phy_stop() is called, netif_carrier_off() is also called. So that .ndo_tx_timeout() will not be called after phy_stop().

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2020-11175
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.20% / 10.05%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 10:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009W, MSM8909W, QCS605, QM215, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6350, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm6350sa6155p_firmwaresm7250sxr2130p_firmwaresda640sm6125sdm640sdx50msdm845sm7250_firmwaresa8155_firmwaresdx55m_firmwaresm8250_firmwaresm6125_firmwaresm6350_firmwaresa8155p_firmwaremsm8909w_firmwareqm215sdm710apq8009wsdm710_firmwaresxr1120sda670_firmwaresa6155sa6155psdm670sda640_firmwareqcs605_firmwaresxr2130sdx50m_firmwaresdm670_firmwaresm8150_firmwaresxr2130_firmwaresdx55msxr2130psda670sm7225qm215_firmwareqcs605sda855sdx55sa8155psm8250sm8150p_firmwaresm7250p_firmwaresm7225_firmwaresm8150sdm1000_firmwaresa8155sm7250psxr1130_firmwaresdx55_firmwaresdm640_firmwaresa6155_firmwaresxr1120_firmwaresda855_firmwaremsm8909wsdm1000apq8009w_firmwaresxr1130sm8150psdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2020-0242
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.24% / 15.55%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 19:27
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151643722

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-667
Improper Locking
CVE-2016-8655
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-11.13% / 95.45%
||
7 Day CHG~0.00%
Published-08 Dec, 2016 | 08:08
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, Inc
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2025-53150
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 21.50%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Digital Media Elevation of Privilege Vulnerability

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2023-33118
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.52%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Automotive Audio

Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm8550_firmwareqcs410_firmwaresa6150p_firmwaresd865_5gsw5100pqca6595qcs610_firmwarewcd9335wcd9370qca8081_firmwareqca6696wcd9340_firmwarewcd9341_firmwarewcd9395_firmwareqcc710_firmwarewcn6740_firmwarefastconnect_6700snapdragon_768g_5g_mobile_platform_firmwaresa4150pqca8337wcd9395snapdragon_460_mobile_platformqca6574au_firmwareqam8295pwcd9341qca6574auwcd9390snapdragon_x12_lte_modemwsa8810_firmwarecsra6640wcn3660b_firmwarefastconnect_6800_firmwaresnapdragon_695_5g_mobile_platformsnapdragon_4_gen_1_mobile_platform_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psnapdragon_778g\+_5g_mobile_platformqcc710snapdragon_480\+_5g_mobile_platform_firmwaresnapdragon_695_5g_mobile_platform_firmwarefastconnect_6900snapdragon_765g_5g_mobile_platformvideo_collaboration_vc1_platformqfw7114wcd9385_firmwaresnapdragon_x55_5g_modem-rf_systemqam8255p_firmwaresnapdragon_888_5g_mobile_platform_firmwaresnapdragon_685_4g_mobile_platformsnapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845sa6155psnapdragon_768g_5g_mobile_platformwsa8810qam8650pvideo_collaboration_vc5_platform_firmwaresnapdragon_8\+_gen_2_mobile_platformqca6595ausm7315_firmwarewcd9326_firmwaresa6155p_firmwarewsa8840qcs8550_firmwaresnapdragon_870_5g_mobile_platform_firmwareqfw7124_firmwareqcn9012snapdragon_8_gen_2_mobile_platformwcn3910_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresm4125_firmwarewcn3910wcd9370_firmwaresnapdragon_750g_5g_mobile_platform_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_660_mobile_platformwcn3660bqca6574aqca6174asa8195pwcd9340qcs8250_firmwareqcm2290qcm6490sm8550p_firmwareqcm8550wcn3988snapdragon_460_mobile_platform_firmwareqca6574snapdragon_x75_5g_modem-rf_systemsnapdragon_870_5g_mobile_platformqcn9011wsa8845hsa6150pwcd9326qcs410qcm2290_firmwaresa8155p_firmwaresa8155pwsa8830snapdragon_662_mobile_platformsm8550psa6145psnapdragon_765_5g_mobile_platformsa8255p_firmwareflight_rb5_5g_platform_firmwarear8035qrb5165m_firmwareqcm4325robotics_rb5_platformqcn6224qca6698aqwcn3950_firmwareqrb5165nfastconnect_6200wcn3680bsa8145p_firmwaresm7325p_firmwaresnapdragon_888\+_5g_mobile_platformsa8150p_firmwaresmart_audio_400_platformsnapdragon_w5\+_gen_1_wearable_platformfastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990snapdragon_680_4g_mobile_platform_firmwareqcs6490qcs8250snapdragon_750g_5g_mobile_platformfastconnect_6200_firmwarewsa8830_firmwareqcn6224_firmwarewsa8845_firmwaresd660_firmwarear8035_firmwareqrb5165msnapdragon_888_5g_mobile_platformsnapdragon_w5\+_gen_1_wearable_platform_firmwaresa4150p_firmwaresd888_firmwaresnapdragon_662_mobile_platform_firmwarewsa8815_firmwaresa8195p_firmwareqca8337_firmwareqcm4290snapdragon_x12_lte_modem_firmwaresnapdragon_680_4g_mobile_platformsg8275p_firmwareqca9377_firmwareqcm6490_firmwaresm7250p_firmwaresm4125flight_rb5_5g_platformwcn3950snapdragon_xr2_5g_platformqca6797aq_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_765g_5g_mobile_platform_firmwaresnapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_780g_5g_mobile_platformsa8295p_firmwaresa4155p_firmwaresm7250psnapdragon_780g_5g_mobile_platform_firmwareqcn6274_firmwaresd888qcn9011_firmwaresw5100_firmwaresnapdragon_765_5g_mobile_platform_firmwarewcn6740fastconnect_6800qfw7114_firmwareqca6595_firmwareqcs7230fastconnect_7800_firmwaresnapdragon_685_4g_mobile_platform_firmwaresnapdragon_782g_mobile_platform_firmwarefastconnect_6900_firmwarewcd9380sa6145p_firmwareqam8255psnapdragon_xr2_5g_platform_firmwaresnapdragon_4_gen_1_mobile_platformsa8150psnapdragon_778g_5g_mobile_platformsnapdragon_auto_5g_modem-rf_firmwaresnapdragon_865\+_5g_mobile_platformsw5100video_collaboration_vc3_platformsnapdragon_865_5g_mobile_platform_firmwareqam8295p_firmwarewcn3990_firmwaresm7315qca6698aq_firmwareqcs2290wcd9385qcs2290_firmwarewcn3615sa8255pqcs7230_firmwareqcs4290wcd9390_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwaresnapdragon_865\+_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platformsg8275psnapdragon_auto_5g_modem-rfwcn3615_firmwarecsra6640_firmwaresnapdragon_xr2\+_gen_1_platformqca6174a_firmwaresm7325pqam8650p_firmwarevideo_collaboration_vc5_platformqcs6490_firmwarewcd9335_firmwarewcn3980_firmwareqcn6274qrb5165n_firmwareqfw7124snapdragon_480_5g_mobile_platform_firmwarewsa8835qca6595au_firmwareqca6391_firmwarewsa8840_firmwaresw5100p_firmwaresnapdragon_782g_mobile_platformqca6696_firmwareqcs4290_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwareqca6574_firmwarewsa8815csra6620qca8081sd660sg4150pqam8775pqca6797aqqca9377qcm4325_firmwareqca6574a_firmwareqcm4290_firmwaresnapdragon_480\+_5g_mobile_platformwcd9375_firmwareqca6391qualcomm_215_mobile_platformqcn9012_firmwaresmart_audio_400_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresg4150p_firmwaresnapdragon_480_5g_mobile_platformsnapdragon_8_gen_2_mobile_platform_firmwarecsra6620_firmwaresa8295probotics_rb5_platform_firmwareqcs8550fastconnect_7800qam8775p_firmwaresd865_5g_firmwarequalcomm_215_mobile_platform_firmwarewcd9375wcn3988_firmwaresa8145psnapdragon_888\+_5g_mobile_platform_firmwarewsa8835_firmwaresnapdragon_660_mobile_platform_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_690_5g_mobile_platform_firmwarewcn3680b_firmwareqcs610Snapdragon
CWE ID-CWE-416
Use After Free
CVE-2020-0357
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.12% / 2.17%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:53
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150225569

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-667
Improper Locking
CVE-2025-53151
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.43% / 35.16%
||
7 Day CHG+0.03%
Published-12 Aug, 2025 | 17:10
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2019windows_server_2025windows_10_22h2windows_server_2022_23h2windows_11_22h2windows_server_2022windows_10_21h2windows_11_23h2windows_10_1809Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2023-33114
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.12% / 2.12%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use after free in Neural Processing Unit

Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6431sw5100pqcs410_firmwaresa6150p_firmwaresd660_firmwaresd865_5gqca6595qcs610_firmwarewcd9335sxr2130_firmwarewcd9370snapdragon_675_mobile_platform_firmwarear8035_firmwareqca6696snapdragon_730_mobile_platform_firmwaresnapdragon_x50_5g_modem-rf_systemqrb5165mwcd9341_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwaresa4150p_firmwaresnapdragon_730_mobile_platformqca6426snapdragon_662_mobile_platform_firmwarefastconnect_6700qcs6125_firmwarewcn3610snapdragon_768g_5g_mobile_platform_firmwaresa4150pwsa8815_firmwaresa8195p_firmwareqca8337_firmwareqca8337qca6426_firmwaresnapdragon_680_4g_mobile_platformsnapdragon_460_mobile_platformar8031qca6574au_firmwaresm7250p_firmwareqam8295psm4125wcd9341qca6574ausnapdragon_855_mobile_platformflight_rb5_5g_platformwcn3950wsa8810_firmwaresd730_firmwaresnapdragon_xr2_5g_platformcsra6640qcs6125wcn3660b_firmwaresnapdragon_765g_5g_mobile_platform_firmwaresd730snapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_730g_mobile_platform_firmwarefastconnect_6800_firmwaresa8295p_firmwaresa4155p_firmwaresnapdragon_720g_mobile_platformsm6250_firmwaresm7250pvideo_collaboration_vc1_platform_firmwaresa4155pqcm6125_firmwarec-v2x_9150qcn9011_firmwaresw5100_firmwaresnapdragon_765_5g_mobile_platform_firmwarefastconnect_6800315_5g_iot_modem_firmwareqca6595_firmwaresnapdragon_685_4g_mobile_platform_firmwarefastconnect_6900snapdragon_765g_5g_mobile_platformvideo_collaboration_vc1_platformwcd9385_firmware315_5g_iot_modemqca6421fastconnect_6900_firmwaresnapdragon_x55_5g_modem-rf_systemwcd9380sa6145p_firmwaresnapdragon_732g_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwaresa8150psnapdragon_665_mobile_platform_firmwaresnapdragon_685_4g_mobile_platformsa6155pqca6421_firmwareqcm6125snapdragon_auto_5g_modem-rf_firmwaresnapdragon_768g_5g_mobile_platformwsa8810video_collaboration_vc5_platform_firmwaresnapdragon_865\+_5g_mobile_platformsw5100qca6595auaqt1000video_collaboration_vc3_platformsnapdragon_865_5g_mobile_platform_firmwarec-v2x_9150_firmwaresa6155p_firmwarewcd9326_firmwareqam8295p_firmwaresd855qca6431_firmwarewcn3990_firmwaresnapdragon_870_5g_mobile_platform_firmwareqca6698aq_firmwareqca6436_firmwaresnapdragon_wear_4100\+_platform_firmwareqcn9012wcd9385wcn3910_firmwarewcn3610_firmwaresnapdragon_678_mobile_platformsm4125_firmwaresnapdragon_720g_mobile_platform_firmwaresnapdragon_855\+\/860_mobile_platform_firmwareqca6420snapdragon_865\+_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platformwcn3910qca6430wcd9370_firmwaresdx55_firmwaresnapdragon_auto_5g_modem-rfsnapdragon_750g_5g_mobile_platform_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_660_mobile_platformwcn3660bqca6574asxr2130sa8195pcsra6640_firmwareqcs8250_firmwaresnapdragon_xr2\+_gen_1_platformvideo_collaboration_vc5_platformsnapdragon_855_mobile_platform_firmwareqca6420_firmwareaqt1000_firmwarewcn3988qcs6490_firmwaresd855_firmwarewcd9335_firmwareqrb5165n_firmwareqca6436qca6574snapdragon_460_mobile_platform_firmwarewcn3980_firmwareqca6595au_firmwareqca6391_firmwarewsa8835qca6430_firmwaresnapdragon_870_5g_mobile_platformqcn9011sw5100p_firmwaresnapdragon_732g_mobile_platformqca6696_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwaresa6150pqca6574_firmwarewcd9326qcs410sa8155p_firmwarecsra6620sd660wsa8815sa8155psnapdragon_675_mobile_platformwsa8830snapdragon_662_mobile_platformsa6145psnapdragon_765_5g_mobile_platformflight_rb5_5g_platform_firmwaresnapdragon_665_mobile_platformar8035qca6574a_firmwaresdx55snapdragon_750g_5g_mobile_platformqrb5165m_firmwaresnapdragon_678_mobile_platform_firmwarewcd9375_firmwarerobotics_rb5_platformqca6391qcn9012_firmwaresmart_audio_400_platform_firmwareqca6698aqwcn3950_firmwaresm6250qrb5165ncsra6620_firmwaresa8295probotics_rb5_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwarefastconnect_6200wcn3680bsa8145p_firmwaresd865_5g_firmwaresnapdragon_730g_mobile_platformwcd9375sa8150p_firmwaresmart_audio_400_platformsnapdragon_855\+\/860_mobile_platformsnapdragon_w5\+_gen_1_wearable_platformwcn3988_firmwarefastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwaresa8145pwcn3990snapdragon_wear_4100\+_platformwsa8835_firmwaresnapdragon_680_4g_mobile_platform_firmwaresnapdragon_660_mobile_platform_firmwareqcs6490qcs8250wcn3980snapdragon_690_5g_mobile_platform_firmwarefastconnect_6200_firmwarear8031_firmwarewsa8830_firmwarewcn3680b_firmwareqcs610Snapdragon
CWE ID-CWE-416
Use After Free
CVE-2020-0434
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.16% / 5.28%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 18:46
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Pixel's use of the Catpipe library, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150730508

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33120
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.52%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Audio

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429w_firmwaresnapdragon_x20_lte_modemqcm8550_firmwaresd865_5gapq8017qcs410_firmwaresa6150p_firmwaresnapdragon_429_mobile_platform_firmwaresw5100psxr1120qca6595snapdragon_xr1_platformqcs610_firmwarewcd9335wcd9370qca8081_firmwaresnapdragon_x50_5g_modem-rf_systemqca6696wcd9340_firmwarewcd9341_firmwarewcd9395_firmwaresnapdragon_730_mobile_platformqcc710_firmwareqca6426wcn6740_firmwarefastconnect_6700wcn3610snapdragon_768g_5g_mobile_platform_firmwaresa4150pqca8337qca6426_firmwarewcd9395snapdragon_460_mobile_platformsnapdragon_auto_4g_modemsmart_display_200_platformqca6574au_firmwareqca6564_firmwareqam8295pwcd9341sd626_firmwareqca6574auwcd9390snapdragon_x12_lte_modemwsa8810_firmwaresd730_firmwarewsa8845h_firmwarecsra6640msm8209_firmwaresnapdragon_835_mobile_pc_platform_firmwarewcn3660b_firmwaresd730snapdragon_730g_mobile_platform_firmwarefastconnect_6800_firmwaresd835_firmwaresdx20msnapdragon_695_5g_mobile_platformsnapdragon_4_gen_1_mobile_platform_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psnapdragon_778g\+_5g_mobile_platformsnapdragon_210_processor_firmwareqcm6125_firmwarec-v2x_9150snapdragon_wear_3100_platformqcc710msm8108snapdragon_480\+_5g_mobile_platform_firmwaresxr1120_firmwaresnapdragon_695_5g_mobile_platform_firmwaresnapdragon_x5_lte_modem_firmwarerobotics_rb3_platform315_5g_iot_modem_firmwarefastconnect_6900snapdragon_765g_5g_mobile_platformvideo_collaboration_vc1_platformsnapdragon_wear_2100_platform_firmwareqfw7114wcd9385_firmwareqca6421315_5g_iot_modemsnapdragon_x55_5g_modem-rf_systemqca6310qam8255p_firmwaresa8155_firmwarewcd9360snapdragon_888_5g_mobile_platform_firmwareqca6335mdm9250snapdragon_685_4g_mobile_platformsnapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845sa6155pqca6421_firmwareqcm6125mdm9230qca6564au_firmwaresnapdragon_768g_5g_mobile_platformwsa8810qam8650pvideo_collaboration_vc5_platform_firmwaresnapdragon_8\+_gen_2_mobile_platformqca6595ausm7315_firmwarewcd9326_firmwaresa6155p_firmwarewsa8840mdm9640_firmwaremdm9230_firmwareqcs8550_firmwaresd835snapdragon_870_5g_mobile_platform_firmwareqfw7124_firmwareqca6436_firmwaresnapdragon_wear_4100\+_platform_firmwareqcn9012mdm9650_firmwarequalcomm_205_mobile_platformwcd9371_firmwaresnapdragon_8_gen_2_mobile_platformwcn3910_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresm4125_firmwaresnapdragon_855\+\/860_mobile_platform_firmwaresnapdragon_212_mobile_platform_firmwareqca6420qca6174_firmwarewcn3910apq8064au_firmwarewcd9370_firmwarecsrb31024qca9367snapdragon_wear_3100_platform_firmwaresnapdragon_845_mobile_platformmdm9250_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_750g_5g_mobile_platform_firmwaresnapdragon_660_mobile_platformwcn3660bqca6574awcn3620_firmwareqca6174aqca6584_firmwaresa8195pwcd9340qcs8250_firmwareqcm2290snapdragon_820_automotive_platform_firmwareqca6335_firmwareqcm6490snapdragon_wear_2500_platformsm8550p_firmwareqcm8550snapdragon_x20_lte_modem_firmwarewcn3988snapdragon_460_mobile_platform_firmwareqca6574snapdragon_x75_5g_modem-rf_systemsd675_firmwareqca6430_firmwaresnapdragon_870_5g_mobile_platformqcn9011wsa8845hsa6150pwcd9326qcs410qcm2290_firmwaresa8155p_firmwareqca6564asa8155pwsa8830snapdragon_675_mobile_platformsnapdragon_662_mobile_platformsm8550psa6145pqcn9074_firmwarevision_intelligence_400_platform_firmwaresnapdragon_765_5g_mobile_platformsa8255p_firmwareflight_rb5_5g_platform_firmwaresmart_audio_200_platform_firmwaresnapdragon_665_mobile_platformar8035msm8996auqca6564sa6155qrb5165m_firmwarewcn3620snapdragon_678_mobile_platform_firmwareqcm4325robotics_rb5_platformsnapdragon_208_processor_firmwareqcn6224snapdragon_x5_lte_modemapq8064ausmart_display_200_platform_firmwareqca6698aqwcn3950_firmwaresm6250qrb5165nsmart_audio_200_platformfastconnect_6200snapdragon_710_mobile_platformsd670sm7325p_firmwarewcn3680bsa8145p_firmwaresnapdragon_730g_mobile_platformwcd9360_firmwaresnapdragon_888\+_5g_mobile_platformsmart_audio_400_platformsnapdragon_855\+\/860_mobile_platformsa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformfastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990sd670_firmwaresnapdragon_680_4g_mobile_platform_firmwareqcs6490qcs8250snapdragon_750g_5g_mobile_platformfastconnect_6200_firmwarear8031_firmwarewsa8830_firmwareqcn6224_firmwareqca6431wsa8845_firmwaresd660_firmwaremdm9330_firmwaresnapdragon_auto_4g_modem_firmwarevision_intelligence_200_platformsxr2130_firmwaresnapdragon_675_mobile_platform_firmwarear8035_firmwaresnapdragon_730_mobile_platform_firmwaremdm9630qrb5165msnapdragon_888_5g_mobile_platformsnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6320sa4150p_firmwaremsm8608_firmwaresd888_firmwaremsm8209snapdragon_662_mobile_platform_firmwareqca6564auqcs6125_firmwareqcn9074wsa8815_firmwaresa8195p_firmwareqca8337_firmwaresnapdragon_x12_lte_modem_firmwareqcm4290vision_intelligence_100_platformsnapdragon_680_4g_mobile_platformmsm8608ar8031sg8275p_firmwareqca9377_firmwareqcm6490_firmwaresnapdragon_1200_wearable_platform_firmwaresm7250p_firmwarewcn3680_firmwaresm4125snapdragon_855_mobile_platformrobotics_rb3_platform_firmwarewcn3950flight_rb5_5g_platformsnapdragon_xr2_5g_platformsnapdragon_429_mobile_platformqcs6125qca6797aq_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_765g_5g_mobile_platform_firmwaresnapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_670_mobile_platform_firmwaresnapdragon_780g_5g_mobile_platformsnapdragon_710_mobile_platform_firmwaresa8295p_firmwaresd_675_firmwaresa4155p_firmwaresnapdragon_720g_mobile_platformvision_intelligence_200_platform_firmwaresm7250pcsrb31024_firmwaresa8155sm6250_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_845_mobile_platform_firmwareqca6584ausd888qca6320_firmwareqcn6274_firmwareqcn9011_firmwaresw5100_firmwaresnapdragon_765_5g_mobile_platform_firmwarewcn6740qca6310_firmwaresd626fastconnect_6800qfw7114_firmwareqcs7230snapdragon_685_4g_mobile_platform_firmwareqca6595_firmwarefastconnect_7800_firmwarewcd9371mdm9630_firmwaresnapdragon_782g_mobile_platform_firmwarefastconnect_6900_firmwareapq8017_firmwarewcd9380sa6145p_firmwareqam8255psa6155_firmwaresnapdragon_732g_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwaresnapdragon_4_gen_1_mobile_platformsa8150psnapdragon_778g_5g_mobile_platformsnapdragon_665_mobile_platform_firmwaresnapdragon_x24_lte_modemmsm8996au_firmwaresnapdragon_835_mobile_pc_platformsnapdragon_auto_5g_modem-rf_firmwaresnapdragon_865\+_5g_mobile_platformsw5100video_collaboration_vc3_platformaqt1000snapdragon_865_5g_mobile_platform_firmwarec-v2x_9150_firmwareqam8295p_firmwaresd855snapdragon_212_mobile_platformqca6431_firmwarewcd9330_firmwareqca6174wcn3990_firmwaresm7315qca6698aq_firmwareqcs2290sdx20m_firmwareqca6564a_firmwarewcd9385qcs2290_firmwaremsm8909w_firmwarewcn3615qca9367_firmwarewcd9330wcn3610_firmwarewcn3680snapdragon_678_mobile_platformsa8255pqcs7230_firmwaresnapdragon_720g_mobile_platform_firmwareqcs4290wcd9390_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwaresnapdragon_865\+_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platformqca6430sg8275pmdm9650sdx55_firmwaresnapdragon_auto_5g_modem-rfsnapdragon_208_processorwcn3615_firmwaresnapdragon_210_processorsxr21309206_lte_modem_firmwaremsm8108_firmwaresnapdragon_wear_2500_platform_firmwarecsra6640_firmwarevision_intelligence_100_platform_firmwaresnapdragon_xr2\+_gen_1_platformqca6174a_firmwaresm7325pqam8650p_firmwarevideo_collaboration_vc5_platformsnapdragon_855_mobile_platform_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresdm429wsd855_firmwarewcd9335_firmwaremdm9640qca6436qrb5165n_firmwaresnapdragon_1200_wearable_platformsnapdragon_x24_lte_modem_firmwarewcn3980_firmwareqca6391_firmwarewsa8835wsa8840_firmwareqcn6274snapdragon_480_5g_mobile_platform_firmwareqfw7124qca6595au_firmwaresw5100p_firmwaresnapdragon_732g_mobile_platformsnapdragon_782g_mobile_platformqca6696_firmwareqcs4290_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwarequalcomm_205_mobile_platform_firmwareqca6574_firmwarecsra6620qca8081sd660mdm9628wsa8815sg4150pqam8775pqca9377qca6797aqmdm9628_firmwareqcm4325_firmwarevision_intelligence_400_platform9206_lte_modemqca6574a_firmwaresdx55qcm4290_firmwaresnapdragon_480\+_5g_mobile_platformsd675wcd9375_firmwareqca6391qualcomm_215_mobile_platformsmart_audio_400_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwareqcn9012_firmwaresg4150p_firmwaresnapdragon_480_5g_mobile_platformqca6584snapdragon_670_mobile_platformcsra6620_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresa8295psnapdragon_xr1_platform_firmwareqcs8550robotics_rb5_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwarefastconnect_7800qam8775p_firmwaresd865_5g_firmwarequalcomm_215_mobile_platform_firmwarewcd9375snapdragon_wear_2100_platformwcn3988_firmwaresa8145psd_675snapdragon_wear_4100\+_platformsnapdragon_888\+_5g_mobile_platform_firmwarewsa8835_firmwaresnapdragon_660_mobile_platform_firmwaresnapdragon_x75_5g_modem-rf_system_firmwaremdm9330qca6584au_firmwaresnapdragon_820_automotive_platformwcn3980msm8909wwcn3680b_firmwareqcs610Snapdragon
CWE ID-CWE-416
Use After Free
CVE-2023-33029
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.11% / 1.59%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in DSP Service

Memory corruption in DSP Service during a remote call from HLOS to DSP.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwaresw5100pqcs410_firmwaresa6150p_firmwareqca6595qcs610_firmwarewcd9335wcd9370qca8081_firmwareqca6696wcd9340_firmwarewcd9341_firmwarewcd9395_firmwareqcn6024qcc710_firmwarewcn6740_firmwaresa4150psm7325-ae_firmwarewsa8832_firmwareqca8337qdu1110wcd9395qca6574au_firmwarewcn785x-5qam8295pwcd9341qca6574auwcd9390snapdragon_x12_lte_modemwsa8810_firmwarewsa8845h_firmwarecsra6640sm6375_firmwareqcn6024_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psm8350ssg2115pqcc710sm6375sm8450_firmwarevideo_collaboration_vc1_platformqru1032_firmwareqfw7114wcd9385_firmwareqam8255p_firmwaresnapdragon_ar2_gen_1_platform_firmwareqcs4490snapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845sa6155pwsa8810qam8650pqdu1000_firmwarevideo_collaboration_vc5_platform_firmwaresnapdragon_8\+_gen_2_mobile_platformsm8350-acqca6595ausm7315_firmwareqdu1010sm7325_firmwaresa6155p_firmwarewsa8840qcs8550_firmwareqdu1210_firmwareqfw7124_firmwareqcn9012qcs4490_firmwaresnapdragon_8_gen_2_mobile_platformsm4450snapdragon_7c\+_gen_3_compute_firmwareapq8009wcd9370_firmwareqdu1110_firmwareqdu1000qca6574asm7325-aeqca6174asa8195pwcd9340qcs8250_firmwareqdu1210sm6225qcm6490sm8550p_firmwarewcn3998_firmwarewcn3988qcn9024qca6574sm7325-afsnapdragon_x75_5g_modem-rf_systemsxr2230p_firmwareqcn9011qcn9024_firmwarewsa8845hsa6150pqcs410sa8155p_firmwaresa8155pwsa8830sm8550psa6145psa8255p_firmwareflight_rb5_5g_platform_firmwarewcn785x-1_firmwarear8035qrb5165m_firmwareqcm4325robotics_rb5_platformqcn6224sm8475_firmwareqca6698aqssg2125p_firmwarewcn3950_firmwareqrb5165nwcn685x-1sa8145p_firmwaresm7325p_firmwareqdx1011sa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformvideo_collaboration_vc3_platform_firmwareqcs6490qcs8250wsa8830_firmwareqcn6224_firmwarewsa8845_firmwarewsa8832ar8035_firmwaresm8475apq8009_firmwareqrb5165msnapdragon_w5\+_gen_1_wearable_platform_firmwaresa4150p_firmwaresd888_firmwaresm6225_firmwaresm7325-af_firmwarewsa8815_firmwaresa8195p_firmwareqca8337_firmwaresnapdragon_x12_lte_modem_firmwaresm7325sg8275p_firmwareqca9377_firmwareqcm6490_firmwaresm8350-ac_firmwareqcm4490_firmwareqru1032wcn785x-5_firmwareflight_rb5_5g_platformwcn3950snapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_7c\+_gen_3_computesm4350_firmwaresm7350-ab_firmwarewcn3991sa8295p_firmwaresa4155p_firmwareqcn6274_firmwaresd888qcn9011_firmwareqru1062_firmwaresw5100_firmwarewcn685x-5wcn6740qru1062sm6225-ad_firmwareqfw7114_firmwareqca6595_firmwareqcs7230wcd9380sa6145p_firmwareqam8255psxr2230psa8150psm7350-absnapdragon_auto_5g_modem-rf_firmwaresm8350_firmwaresxr1230psm6225-adsm4350-acsw5100video_collaboration_vc3_platformwcn3991_firmwareqam8295p_firmwaresm7315qca6698aq_firmwarewcd9385sa8255pqcs7230_firmwaresxr1230p_firmwarewcd9390_firmwarewcn6750sg8275pwcn6750_firmwareqdx1011_firmwaresnapdragon_auto_5g_modem-rfssg2125pqru1052qcm4490csra6640_firmwaresm4350qca6174a_firmwaresm7325pqam8650p_firmwarewcn3998video_collaboration_vc5_platformqcs6490_firmwaresm8450snapdragon_x65_5g_modem-rf_systemwcd9335_firmwarewcn3980_firmwareqcn6274qrb5165n_firmwareqfw7124wsa8835qca6595au_firmwareqca6391_firmwarewsa8840_firmwareqdu1010_firmwaresw5100p_firmwaresm4450_firmwaresnapdragon_ar2_gen_1_platformqca6696_firmwarewcd9380_firmwareqca6574_firmwarewsa8815csra6620qca8081sg4150psd_8_gen1_5gsm4375qam8775pqca6797aqqca9377sm4375_firmwareqcm4325_firmwareqca6574a_firmwaresd_8_gen1_5g_firmwarewcd9375_firmwareqca6391wcn785x-1qcn9012_firmwaresg4150p_firmwareqru1052_firmwaresnapdragon_8_gen_2_mobile_platform_firmwarecsra6620_firmwaresa8295probotics_rb5_platform_firmwareqcs8550qam8775p_firmwarewcd9375wcn685x-5_firmwarewcn3988_firmwaresa8145psm4350-ac_firmwarewsa8835_firmwaressg2115p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980qdx1010wcn685x-1_firmwareqcs610Snapdragon
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 36
  • 37
  • Next
Details not found