use-after-free

The Linux kernel has a newly recorded vulnerability — CVE-2025-68285 — that fixes a potential use-after-free in the Ceph client library (libceph) function have_mon_and_osd_map, closing a race that can let the kernel dereference already-freed map objects during Ceph session open. Background Ceph...

A subtle logic error in the Linux kernel’s Coresight ETR driver has been identified and fixed, and the fix has been assigned CVE-2025-68376. The bug is a classic use‑after‑free that can occur when the Embedded Trace Relay (ETR) buffer is resized while the device is active in sysfs mode; under...

A newly assigned CVE, CVE-2025-68372, documents a use-after-free (UAF) race in the Linux kernel’s Network Block Device (NBD) driver that can result in worker-thread access to freed configuration memory. The fix is small but important: the NBD code now defers the final configuration put — calling...

A subtle race in the Linux kernel's AF_UNIX code that allowed a kernel function to follow a freed pointer has been patched — the fix closes a null-pointer / use-after-free window in unix_stream_sendpage that could be triggered by carefully crafted local socket operations and file-descriptor...

A recently assigned CVE, CVE-2025-68324, patches a classic kernel glitch in the Linux IMM parallel-port SCSI driver that allowed a use-after-free to occur when a delayed work item was still pending as the driver instance was torn down — the fix adds a synchronous cancellation to ensure the...

A newly assigned CVE, CVE-2025-40328, documents a use-after-free (UAF) in the Linux kernel's SMB client implementation that could lead to memory corruption and instability on systems running affected kernel versions. The bug arises from a narrow race between reference-count manipulation and list...

A critical use‑after‑free defect has been publicly disclosed in the HDF5 library: CVE‑2025‑2913 identifies a flaw in src/H5FL.c (function H5FL__blk_gc_list) that can dereference freed metadata under specific local conditions, creating a realistic denial‑of‑service and memory‑corruption risk for...

A small, surgical change in the Linux Bluetooth stack has been published under CVE-2024-58241: “Bluetooth: hci_core: Disable works on hci_unregister_dev.” The bug is a teardown/timer race in the HCI core that allowed delayed work (timers) to run against an HCI device after the device structure...

A recently disclosed use‑after‑free defect in the GRUB2 bootloader — tracked as CVE‑2025‑61662 — stems from a missing unregister call in the gettext module and can lead to grub crashes and denial‑of‑service on affected systems. Background / Overview GRUB (GRand Unified Bootloader) is the de...

The Linux kernel has a newly recorded vulnerability, CVE-2025-40338, that fixes a use‑after‑free risk in the ASoC Intel AVS audio stack where a single allocated name pointer was shared between components — the remedy duplicates the name and updates the initialization order to prevent component...

Microsoft has recorded a local elevation-of-privilege bug in the Brokering File System (BFS) under the identifier CVE-2025-62569, a use‑after‑free (UAF) condition that Microsoft and multiple vulnerability trackers classify as a high‑severity, local-only threat requiring a low‑privilege starting...

Microsoft’s advisory for CVE-2025-62557 confirms a memory‑corruption flaw in Microsoft Office that can be weaponized for local remote‑code‑execution (RCE) scenarios — a use‑after‑free (UAF) in Office’s document parsing that, if chained successfully, allows attacker code to run with the...

A subtle timer omission in the Linux Bluetooth management stack has been assigned CVE-2025-40284 and fixed upstream — the bug left a delayed mesh-transmit completion timer running after the host device (hdev) was removed, creating a use-after-free crash that could hang or take down affected...

The Linux kernel recently received a targeted patch addressing a use‑after‑free in the Transparent Inter‑Process Communication (TIPC) subsystem: CVE‑2025‑40280 — “tipc: Fix use‑after‑free in tipc_mon_reinit_self”. The bug, reported by syzbot and flagged by KASAN traces, arises because...

A kernel-level use-after-free (UAF) defect in the VMware graphics driver drm/vmwgfx has been assigned CVE‑2025‑40111 and fixed upstream; the problem stems from a resource from an arena allocator escaping the validation cleanup path, which can leave a freed node reachable in a duplicates...

The Linux kernel disclosure tracked as CVE-2024-49945 fixes a subtle but meaningful resource-management bug in the Network Controller Sideband Interface (NCSI) driver: the kernel was freeing an NCSI device structure while a scheduled work item could still run against it, creating a classic...

The Linux kernel has a newly cataloged use‑after‑free in the zswap compression path—tracked as CVE‑2025‑21693—that can be triggered when a CPU is hot‑unplugged while compression or decompression is still using per‑CPU resources, allowing those resources to be freed under active use and producing...

The Linux kernel fix for CVE-2025-21786 corrects a subtle but dangerous ordering error in the workqueue cleanup path that created a use-after-free window: the patch moves the code that drops the workqueue pool reference (pwq) so it happens only after the rescuer thread has been detached from the...

A use-after-free bug in the Btrfs filesystem implementation has been patched in the Linux kernel under CVE-2024-50217, a high-severity flaw that can be triggered by a local attacker mounting specially crafted images and that can cause a sustained or persistent denial-of-service by corrupting...

A small but important kernel patch fixing CVE-2025-40223 closes a race that could produce a use‑after‑free (UAF) in the MOST USB driver’s disconnect path, converting a KASAN‑reported crash into a deterministic and safe device release sequence and removing redundant device reference adjustments...