Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-416
Total 3445 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-16884 4 Canonical, Debian, Linux and 1 more 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more 2023-02-12 6.7 MEDIUM 8.0 HIGH
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
CVE-2018-10879 4 Canonical, Debian, Linux and 1 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2023-02-12 6.1 MEDIUM 7.8 HIGH
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.
CVE-2018-14625 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2023-02-12 4.4 MEDIUM 7.0 HIGH
A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.
CVE-2018-10876 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2023-02-12 4.9 MEDIUM 5.5 MEDIUM
A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.
CVE-2013-0170 5 Canonical, Fedoraproject, Opensuse and 2 more 11 Ubuntu Linux, Fedora, Opensuse and 8 more 2023-02-12 6.8 MEDIUM N/A
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
CVE-2010-4169 4 Fedoraproject, Linux, Opensuse and 1 more 6 Fedora, Linux Kernel, Opensuse and 3 more 2023-02-12 4.9 MEDIUM N/A
Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call.
CVE-2014-0203 2 Linux, Oracle 2 Linux Kernel, Linux 2023-02-12 4.9 MEDIUM 5.5 MEDIUM
The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call.
CVE-2014-0131 3 Linux, Opensuse, Suse 3 Linux Kernel, Evergreen, Linux Enterprise Server 2023-02-12 2.9 LOW N/A
Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.
CVE-2021-3750 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2023-02-12 4.6 MEDIUM 8.2 HIGH
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.
CVE-2021-3640 5 Canonical, Debian, Fedoraproject and 2 more 20 Ubuntu Linux, Debian Linux, Fedora and 17 more 2023-02-12 6.9 MEDIUM 7.0 HIGH
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.
CVE-2020-25670 4 Debian, Fedoraproject, Linux and 1 more 23 Debian Linux, Fedora, Linux Kernel and 20 more 2023-02-12 7.2 HIGH 7.8 HIGH
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.
CVE-2020-25671 4 Debian, Fedoraproject, Linux and 1 more 23 Debian Linux, Fedora, Linux Kernel and 20 more 2023-02-12 7.2 HIGH 7.8 HIGH
A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.
CVE-2020-27820 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2023-02-12 4.7 MEDIUM 4.7 MEDIUM
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).
CVE-2019-3896 2 Linux, Redhat 5 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2023-02-12 7.2 HIGH 7.8 HIGH
A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).
CVE-2018-10902 4 Canonical, Debian, Linux and 1 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2023-02-12 4.6 MEDIUM 7.8 HIGH
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.
CVE-2016-9576 1 Linux 1 Linux Kernel 2023-02-12 7.2 HIGH 7.8 HIGH
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.
CVE-2016-8655 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2023-02-12 7.2 HIGH 7.8 HIGH
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
CVE-2016-6828 1 Linux 1 Linux Kernel 2023-02-12 4.9 MEDIUM 5.5 MEDIUM
The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.
CVE-2016-6833 2 Debian, Qemu 2 Debian Linux, Qemu 2023-02-12 2.1 LOW 4.4 MEDIUM
Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.
CVE-2016-4994 1 Gimp 1 Gimp 2023-02-12 6.8 MEDIUM 7.8 HIGH
Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.