Unknown
CVE-2025-40091
In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix too early devlink_free() in ixgbe_remove() Since ixgbe_adapter is embedded in devlink, calling devlink_free() prematur…
Tag: Use-After-Free
All CVEs associated with "Use-After-Free". Page 9/58 • 6956 CVEs.
Subscribe CVEs: RSS for “Use-After-Free” · RSS (High+Critical only)
About “Use-After-Free”
A curated feed of “Use-After-Free”-related CVEs appears below. We currently track 6956 CVEs for this tag (all time). In the last 365 days, 1453 were published. Average CVSS is 7.9 (all time; 7.6 over 365d), and 79% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer.
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-10-30
High
CVE-2025-62230
A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources…
High
CVE-2025-62229
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to…
2025-10-29
High
CVE-2025-11465
Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellu…
2025-10-28
High
CVE-2025-53814
A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can pr…
Critical
CVE-2025-12380
Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escap…
Unknown
CVE-2025-40070
In the Linux kernel, the following vulnerability has been resolved: pps: fix warning in pps_register_cdev when register device fail Similar to previous commit 2a934fdb01db ("media: v4l2-dev: fix er…
Unknown
CVE-2025-40064
In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in __pnet_find_base_ndev(). syzbot reported use-after-free of net_device in __pnet_find_base_ndev(), whic…
Unknown
CVE-2025-40061
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race in do_task() when draining When do_task() exhausts its iteration budget (!ret), it sets the state to TASK_STAT…
Unknown
CVE-2025-40044
In the Linux kernel, the following vulnerability has been resolved: fs: udf: fix OOB read in lengthAllocDescs handling When parsing Allocation Extent Descriptor, lengthAllocDescs comes from on-disk…
Medium
CVE-2025-40039
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix race condition in RPC handle list access The 'sess->rpc_handle_list' XArray manages RPC handles within a ksmbd session…
Unknown
CVE-2025-40037
In the Linux kernel, the following vulnerability has been resolved: fbdev: simplefb: Fix use after free in simplefb_detach_genpds() The pm_domain cleanup can not be devres managed as it uses struct…
2025-10-27
Medium
CVE-2025-12205
A vulnerability was detected in Kamailio 5.5. The affected element is the function sr_push_yy_state of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results…
2025-10-24
Unknown
CVE-2025-40018
In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp befo…
2025-10-23
High
CVE-2025-12105
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are abo…
2025-10-22
Unknown
CVE-2023-53692
In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline Syzbot found the following issue: loop0: detected capacit…
Unknown
CVE-2022-50568
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: fix f_hidg lifetime vs cdev The embedded struct cdev does not have its lifetime correctly tied to the enclosi…
Unknown
CVE-2022-50563
In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in run_timer_softirq() When dm_resume() and dm_destroy() are concurrent, it will lead to UAF, as follows: BUG:…
Unknown
CVE-2022-50560
In the Linux kernel, the following vulnerability has been resolved: drm/meson: explicitly remove aggregate driver at module unload time Because component_master_del wasn't being called when unloadi…
2025-10-20
Unknown
CVE-2025-40012
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix warning in smc_rx_splice() when calling get_page() smc_lo_register_dmb() allocates DMB buffers with kzalloc(), which…
Medium
CVE-2025-11677
Use After Free in WebSocket server implementation in lws_handshake_server in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that h…
2025-10-18
Unknown
CVE-2025-40003
In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work The origin code calls cancel_delayed_work() in ocelot_stats_d…
Unknown
CVE-2025-40002
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix use-after-free in tb_dp_dprx_work The original code relies on cancel_delayed_work() in tb_dp_dprx_stop(), which…
Unknown
CVE-2025-40001
In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue During the detaching of Marvell's SAS/SATA controller, the original code c…
2025-10-16
Medium
CVE-2025-62504
Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-after-free vulnerability in the Lua filter. When a Lua script executing…
High
CVE-2025-62491
A Use-After-Free (UAF) vulnerability exists in the QuickJS engine's standard library when iterating over the global list of unhandled rejected promises (ts->rejected_promise_list). * The function…
High
CVE-2025-62490
In quickjs, in js_print_object, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not side-effect free. An attacker-defined…
2025-10-15
Unknown
CVE-2025-40000
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() There is a bug observed when rtw89_core_tx_kick_off_and_wait…
Unknown
CVE-2025-39996
In the Linux kernel, the following vulnerability has been resolved: media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove The original code uses cancel_delayed_work() in f…
Unknown
CVE-2025-39995
In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state->timer is a cyclic timer that schedules w…
Unknown
CVE-2025-39994
In the Linux kernel, the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000_release The original code uses cancel_delayed_work() in xc5000_release(), whic…
Unknown
CVE-2025-39993
In the Linux kernel, the following vulnerability has been resolved: media: rc: fix races with imon_disconnect() Syzbot reports a KASAN issue as below: BUG: KASAN: use-after-free in __create_pipe in…
Unknown
CVE-2025-39984
In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi->skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skb_reset_mac_h…
Unknown
CVE-2025-39983
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue This fixes the following UAF caused by not properly locking hdev when proces…
Unknown
CVE-2025-39982
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_acl_create_conn_sync where a connec…
Unknown
CVE-2025-39981
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmt_pending being freed while still being…
Unknown
CVE-2025-39978
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() This code calls kfree_rcu(new_node, rcu) and then dereferences "…
Unknown
CVE-2025-39977
In the Linux kernel, the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race: T1…
High
CVE-2025-39966
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput() doesn't actually call file_operations release() synchronously, it puts…
High
CVE-2025-54279
Animate versions 23.0.13, 24.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss…
2025-10-14
High
CVE-2025-61802
Substance3D - Stager versions 3.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
High
CVE-2025-61801
Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requir…
High
CVE-2025-54281
Adobe Framemaker versions 2020.9, 2022.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t…
High
CVE-2025-59290
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
High
CVE-2025-59243
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-59238
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
High
CVE-2025-59236
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-59234
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
High
CVE-2025-59227
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
High
CVE-2025-59226
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
High
CVE-2025-59225
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-59224
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-59223
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-59222
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
High
CVE-2025-59221
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
High
CVE-2025-59202
Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally.
High
CVE-2025-59189
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
High
CVE-2025-58738
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
High
CVE-2025-58737
Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.
High
CVE-2025-58736
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
High
CVE-2025-58735
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
High
CVE-2025-58734
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
High
CVE-2025-58733
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
High
CVE-2025-58732
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
High
CVE-2025-58731
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
High
CVE-2025-58730
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
High
CVE-2025-58728
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
Medium
CVE-2025-58719
Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
High
CVE-2025-58718
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
High
CVE-2025-55693
Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
High
CVE-2025-55691
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
High
CVE-2025-55690
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
High
CVE-2025-55689
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
High
CVE-2025-55688
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
High
CVE-2025-55686
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
High
CVE-2025-55685
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
High
CVE-2025-55684
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
High
CVE-2025-55678
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
High
CVE-2025-55335
Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
High
CVE-2025-55331
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
High
CVE-2025-55326
Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network.
High
CVE-2025-53768
Use after free in Xbox allows an authorized attacker to elevate privileges locally.
High
CVE-2025-53150
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
High
CVE-2025-50175
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
High
CVE-2025-50174
Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.
Critical
CVE-2025-49708
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.
High
CVE-2025-48004
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
Critical
CVE-2025-11719
Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability was fixed in Firefox…
Critical
CVE-2025-11708
Use-after-free in MediaTrackGraphImpl::GetInstance(). This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.
2025-10-13
High
CVE-2025-62170
rAthena is an open-source cross-platform MMORPG server. A use-after-free vulnerability exists in the RODEX functionality of rAthena's map-server in versions prior to commit af2f3ba. An unauthenticate…
2025-10-11
High
CVE-2025-58299
Use After Free (UAF) vulnerability in the storage management module. Successful exploitation of this vulnerability may affect availability.
High
CVE-2025-58287
Use After Free (UAF) vulnerability in the office service. Successful exploitation of this vulnerability may affect service confidentiality.
2025-10-10
Medium
CVE-2025-52885
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the Stru…
High
CVE-2025-23280
NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalation of privile…
High
CVE-2025-61864
A use after free vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal e…
2025-10-07
High
CVE-2023-53673
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: call disconnect callback before deleting conn In hci_cs_disconnect, we do hci_conn_del even if disconnectio…
Medium
CVE-2023-53658
In the Linux kernel, the following vulnerability has been resolved: spi: bcm-qspi: return error if neither hif_mspi nor mspi is available If neither a "hif_mspi" nor "mspi" resource is present, the…
High
CVE-2023-53645
In the Linux kernel, the following vulnerability has been resolved: bpf: Make bpf_refcount_acquire fallible for non-owning refs This patch fixes an incorrect assumption made in the original bpf_ref…
High
CVE-2023-53638
In the Linux kernel, the following vulnerability has been resolved: octeon_ep: cancel queued works in probe error path If it fails to get the devices's MAC address, octep_probe exits while leaving…
High
CVE-2023-53636
In the Linux kernel, the following vulnerability has been resolved: clk: microchip: fix potential UAF in auxdev release callback Similar to commit 1c11289b34ab ("peci: cpu: Fix use-after-free in ad…
High
CVE-2023-53629
In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix use after free in midcomms commit While working on processing dlm message in softirq context I experienced the follo…
High
CVE-2022-50552
In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's run_work may be racing with the elevator switch when r…
High
CVE-2022-50542
In the Linux kernel, the following vulnerability has been resolved: media: si470x: Fix use-after-free in si470x_int_in_callback() syzbot reported use-after-free in si470x_int_in_callback() [1]. Th…
High
CVE-2022-50536
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data In tcp_bpf_send_verdict() redirection, the eval variable is…
2025-10-06
High
CVE-2025-59734
It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion <2. When a STOR chunk is present, a subsequent FOBJ chunk will be saved in ctx->s…
2025-10-04
High
CVE-2023-53613
In the Linux kernel, the following vulnerability has been resolved: dax: Fix dax_mapping_release() use after free A CONFIG_DEBUG_KOBJECT_RELEASE test of removing a device-dax region provider (like…
High
CVE-2023-53608
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() The finalization of nilfs_segctor_thread() can race w…
High
CVE-2023-53587
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Sync IRQ works before buffer destruction If something was written to the buffer just before destruction, it may be p…
High
CVE-2023-53572
In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: use _safe list iterator to avoid a use after free This loop is freeing "clk" so it needs to use list_for_each_entr…
Medium
CVE-2023-53566
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: fix null deref on element insertion There is no guarantee that rb_prev() will not return NULL in nft_r…
High
CVE-2023-53560
In the Linux kernel, the following vulnerability has been resolved: tracing/histograms: Add histograms to hist_vars if they have referenced variables Hist triggers can have referenced variables wit…
High
CVE-2023-53559
In the Linux kernel, the following vulnerability has been resolved: ip_vti: fix potential slab-use-after-free in decode_session6 When ip_vti device is set to the qdisc of the sfb type, the cb field…
High
CVE-2023-53556
In the Linux kernel, the following vulnerability has been resolved: iavf: Fix use-after-free in free_netdev We do netif_napi_add() for all allocated q_vectors[], but potentially do netif_napi_del()…
High
CVE-2023-53552
In the Linux kernel, the following vulnerability has been resolved: drm/i915: mark requests for GuC virtual engines to avoid use-after-free References to i915_requests may be trapped by userspace i…
High
CVE-2023-53544
In the Linux kernel, the following vulnerability has been resolved: cpufreq: davinci: Fix clk use after free The remove function first frees the clks and only then calls cpufreq_unregister_driver()…
High
CVE-2023-53537
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free for cached IPU bio xfstest generic/019 reports a bug: kernel BUG at mm/filemap.c:1619! RIP: 00…
High
CVE-2023-53536
In the Linux kernel, the following vulnerability has been resolved: blk-crypto: make blk_crypto_evict_key() more robust If blk_crypto_evict_key() sees that the key is still in-use (due to a bug) or…
High
CVE-2022-50507
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate data run offset This adds sanity checks for data run offset. We should make sure data run offset is legit befo…
High
CVE-2022-50499
In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: Fix double free in dvb_register_device() In function dvb_register_device() -> dvb_register_media_device() -> dvb…
High
CVE-2022-50492
In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix use-after-free on probe deferral The bridge counter was never reset when tearing down the DRM device so that stale p…