use-after-free

The Linux kernel received a targeted fix for a subtle but potentially disruptive race condition in the NFS daemon (nfsd) that could lead to memory being accessed after it was freed. Tracked as CVE-2026-22980, the issue centers on handling of the NFSv4 grace period end — specifically the...

A subtle misstep in nftables object handling created a classic kernel-level use‑after‑free that has since rippled through distributions and cloud images: an nft object or expression could point to a set in a different nft table, and when that table was removed the remaining dangling reference...

A subtle race in the Linux kernel’s Unix-domain socket garbage collector can let the kernel free socket buffers (skbs) while another path still holds a pointer to them, producing a classic use‑after‑free (UAF) that can crash or destabilize systems and — in theory — open the door to more serious...

A recently disclosed Linux-kernel vulnerability, tracked as CVE-2023-51042, exposes a fence-related use‑after‑free in the AMD GPU driver (amdgpu) that was fixed upstream in the 6.4.12 stable release; the bug can crash affected kernels or otherwise deny availability to systems that accept...

A subtle timing bug deep in the Linux writeback code — a use‑after‑free in wb_inode_writeback_end() — can let an attacker trigger a kernel panic or sustained denial‑of‑service by removing a disk while writeback bookkeeping is still racing to schedule bandwidth‑estimation work; the flaw is...

The Linux kernel fix for CVE-2025-38211 closes a subtle but dangerous lifetime-management bug in the RDMA iWCM (InfiniBand/RDMA Connection Management) stack: work objects allocated per cm_id could be used after they were freed, causing kernel memory corruption and deterministic crashes that...

A subtle race in the Linux wireless stack — tracked as CVE-2025-21979 — can let a queued wiphy work item run after its owning wiphy object has already been freed, producing a classic use-after-free that reliably threatens system availability and, in worst cases, integrity; the Linux kernel...

A subtle memory-management mistake in the Intel ISH HID driver has been assigned CVE-2025-21928 and fixed upstream — the bug is a classic use-after-free in ishtp_hid_remove() that can cause random system crashes shortly after the driver is removed and therefore represents a real availability...

A subtle sequence of PHP internals — an exception triggered inside a magic property setter combined with a null‑coalescing assignment — can produce a use‑after‑free in the engine’s shutdown path, leaving unpatched PHP 8.3 and 8.4 builds exposed to high‑impact crashes and, in some scenarios, the...

A critical race-condition bug in the Linux kernel’s MD (Multiple Devices) subsystem — tracked as CVE-2025-22126 — was fixed upstream after researchers identified a use‑after‑free (UAF) that can occur when the kernel iterates the global list of md devices. The fix addresses a subtle iterator /...

A newly disclosed Linux-kernel vulnerability, tracked as CVE‑2025‑21999, patches a use‑after‑free (UAF) race in the proc filesystem: a race between module removal (rmmod) and inode creation in proc_get_inode() could let the kernel dereference a freed module pointer and crash or corrupt kernel...

The RapidIO networking patch recorded as CVE-2025-21934 fixes a small but consequential memory-management mistake in the Linux kernel that, under certain failure conditions, could leave a RapidIO port structure pointing at freed memory — a classic use-after-free that translates into a...

The Linux kernel fix for CVE-2024-44986 addresses a real, low-level IPv6 use‑after‑free (UAF) condition in ip6_finish_output2(), but Microsoft’s MSRC wording about Azure Linux being “the product that includes the open‑source library and is therefore potentially affected” is a product‑scoped...

A use‑after‑free defect in the Linux kernel’s SMB client — tracked as CVE-2024-35869 — has been fixed upstream and back‑ported by major distributors after disclosure; the bug can cause reliable crashes and memory corruption when the client walks DFS referrals, mounts DFS targets, or performs DFS...

A small timing bug in the Mellanox (mlxsw) Spectrum ACL TCAM code can let background rehash work destroy a region still referenced by active filter entries, producing a classic kernel use‑after‑free that leads to crashes and sustained denial of service — the flaw is tracked as CVE‑2024‑35854 and...

A small, easily overlooked change in the Linux SMB client — a single check that skips sessions already tearing down — closed a deceptively dangerous use‑after‑free (UAF) bug in the CIFS/SMB debug path that could, in practice, let an attacker repeatedly deny availability or cause kernel...

A critical use‑after‑free flaw in PyTorch’s mobile interpreter — tracked as CVE‑2024‑31583 — was disclosed in April 2024 and patched in the v2.2.0 release; the bug allowed invalid bytecode indices to reach an unchecked array access in torch/csrc/jit/mobile/interpreter.cpp, producing a...

A subtle but serious race-condition bug in the Linux kernel’s ATA over Ethernet (AoE) driver—tracked as CVE-2024-26898—has been fixed after researchers found a premature release of a network device reference that can produce a use-after-free condition. The flaw lives inside the aoecmd_cfg_pkts()...

The Linux kernel has a newly recorded vulnerability — CVE-2025-68285 — that fixes a potential use-after-free in the Ceph client library (libceph) function have_mon_and_osd_map, closing a race that can let the kernel dereference already-freed map objects during Ceph session open. Background Ceph...

A subtle logic error in the Linux kernel’s Coresight ETR driver has been identified and fixed, and the fix has been assigned CVE-2025-68376. The bug is a classic use‑after‑free that can occur when the Embedded Trace Relay (ETR) buffer is resized while the device is active in sysfs mode; under...