CWE-416
Use After Free
VariantStableLikelihood: High
Description
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (1,404)
page 27 of 71| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-34332 | Hig | 0.52 | 8.0 | 0.00 | May 12, 2026 | Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network. | |
| CVE-2017-5074 | Hig | 0.52 | 8.0 | 0.00 | Oct 27, 2017 | A use after free in Chrome Apps in Google Chrome prior to 59.0.3071.86 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, related to Bluetooth. | |
| CVE-2006-4997 | Hig | 0.52 | 7.5 | 0.35 | Oct 10, 2006 | The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference). | |
| CVE-2026-41095 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-40419 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-40418 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-40408 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-40382 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-40359 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |
| CVE-2026-35418 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-34638 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |
| CVE-2026-34338 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-34337 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-34333 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-34330 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-33840 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-33835 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-43374 | Hig | 0.51 | 7.8 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix percpu use-after-free in remove_nh_grp_entry When removing a nexthop from a group, remove_nh_grp_entry() publishes the new group via rcu_assign_pointer() then immediately frees the removed entry's percpu stats with free_percpu(). However, the synchronize_net() grace period in the caller remove_nexthop_from_groups() runs after the free. RCU readers that entered before the publish still see the old group and can dereference the freed stats via nh_grp_entry_stats_inc() -> get_cpu_ptr(nhge->stats), causing a use-after-free on percpu memory. Fix by deferring the free_percpu() until after synchronize_net() in the caller. Removed entries are chained via nh_list onto a local deferred free list. After the grace period completes and all RCU readers have finished, the percpu stats are safely freed. | |
| CVE-2026-43370 | Hig | 0.51 | 7.8 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free race in VM acquire Replace non-atomic vm->process_info assignment with cmpxchg() to prevent race when parent/child processes sharing a drm_file both try to acquire the same VM after fork(). (cherry picked from commit c7c573275ec20db05be769288a3e3bb2250ec618) | |
| CVE-2026-43339 | Hig | 0.51 | 7.8 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UaF in addrconf_permanent_addr() The mentioned helper try to warn the user about an exceptional condition, but the message is delivered too late, accessing the ipv6 after its possible deletion. Reorder the statement to avoid the possible UaF; while at it, place the warning outside the idev->lock as it needs no protection. |