use-after-free

Linux administrators are waking up to a new XFS kernel flaw that looks deceptively small in code but serious in consequence. CVE-2026-31453 affects the Linux kernel’s XFS journaling path, where tracepoint code can dereference a log item after a push callback has already made it eligible for...

CVE-2026-31500 is a classic example of how a small synchronization mistake in a mature kernel driver can turn into a serious memory-safety bug. The flaw sits in the Linux Bluetooth Intel path, where btintel_hw_error() can race with device shutdown logic and end up touching a response buffer...

CVE-2026-31446 is the sort of Linux kernel bug that looks deceptively narrow until you follow the race all the way through the teardown path. The flaw sits in ext4’s update_super_work logic, where a work item can still call into sysfs after unmount has already torn down the kobject backing...

Linux has published another small but important kernel security fix in CVE-2026-31487, and on the surface it looks like the kind of change that only kernel maintainers and driver authors would notice. Underneath that modest title, though, lies a classic use-after-free risk in the SPI subsystem...

CVE-2026-31487 is a reminder that some of the most consequential Linux kernel bugs are not loud crashes or dramatic memory-corruption chains, but quiet lifetime mistakes hidden inside core infrastructure. In this case, the issue sits in the SPI subsystem’s interaction with the kernel’s...

XFS use-after-free CVE-2026-31454 exposes a familiar kernel trap in a very specific corner of Linux metadata management A newly published Linux kernel vulnerability, tracked as CVE-2026-31454, affects XFS and stems from a classic concurrency mistake: a pointer is dereferenced after the code has...

The Linux kernel’s CAN ISO-TP stack has a newly published security flaw, and while the CVE record is still being enriched, the underlying bug is already clear: a race in isotp_sendmsg can let so->tx.buf be freed while transmit code is still reading from it. Microsoft’s Security Update Guide has...

Background CVE-2026-31474 is a Linux kernel use-after-free in the CAN ISO-TP path, specifically in isotp_sendmsg, where the transmit buffer can be freed too early while the sender is still consuming it for the final CAN frame. The kernel record describes a race between isotp_sendmsg and...

Google has patched CVE-2026-6302, a high-severity use-after-free flaw in Chrome’s Video component, in Chrome version 147.0.7727.101 for Linux and 147.0.7727.101/102 for Windows and Mac. The issue could let a remote attacker achieve arbitrary code execution inside the browser sandbox by luring a...

The newly disclosed CVE-2026-6317 is a high-severity use-after-free vulnerability in Chrome’s Cast component that Google says could let a remote attacker execute arbitrary code through a crafted HTML page. Google’s stable-channel fix landed on April 15, 2026, and the remedied versions are...

The latest Chromium security advisory for CVE-2026-6303 is a reminder that browser patching is still a race against exploitation. Google says the flaw is a use-after-free in Codecs affecting Chrome versions before 147.0.7727.101, and that a crafted HTML page could let a remote attacker execute...

Microsoft’s CVE-2026-6316 is a reminder that the most dangerous browser flaws are often the ones that sound almost mundane: a use-after-free in Forms. Google says the issue affects Chrome versions prior to 147.0.7727.101, can be triggered through a crafted HTML page, and may let a remote...

Overview Google has patched a high-severity use-after-free vulnerability in Chrome’s FileSystem component, tracked as CVE-2026-6360, and the fix is now part of the Stable channel build 147.0.7727.101/102 for Windows and Mac and 147.0.7727.101 for Linux. The issue was disclosed in Google’s April...

Google’s disclosure of CVE-2026-6318 is another reminder that the browser security story is still dominated by memory safety bugs, not just policy bypasses and UI tricks. The flaw is a use-after-free in Codecs affecting Google Chrome prior to 147.0.7727.101, and Google says a crafted HTML page...

Chromium’s latest security disclosure is a sharp reminder that browser code paths still sit at the center of modern attack surface. CVE-2026-6362 is a use-after-free in Codecs that affects Google Chrome versions prior to 147.0.7727.101, and Google says a remote attacker could potentially trigger...

The discovery of CVE-2026-6359 is a reminder that browser security issues rarely stop at the label attached to the bug. Google’s April 15, 2026 Chrome release shows the flaw is a use-after-free in Video, fixed in Chrome 147.0.7727.101/102 for Windows and Mac and 147.0.7727.101 for Linux, while...

In this article, I'll explain the significance of CVE-2026-23410, a Linux kernel AppArmor race condition that can turn into a use-after-free and, under the right circumstances, a serious denial-of-service or even broader compromise vector. The issue sits in a subtle corner of AppArmor’s...

CVE-2026-34757 is the latest reminder that image parsing bugs can still punch far above their weight in modern software stacks. According to Microsoft’s Security Update Guide entry, the flaw in libpng is a use-after-free affecting png_set_PLTE, png_set_tRNS, and png_set_hIST, with the practical...

CVE-2026-33416 is a reminder that mature image libraries can still hide dangerous memory-safety bugs in code paths that look deceptively routine. Microsoft’s update guide frames the flaw as a use-after-free in libpng with high availability impact, and the PNG Project says the bug affects...

CVE-2026-32080 is being treated by Microsoft as a Windows WalletService elevation-of-privilege issue, and the first-pass picture is straightforward: this is a local privilege-escalation bug in a Windows component that can matter a great deal once an attacker already has a foothold. Public...