use-after-free

The Linux kernel fix for CVE-2024-44986 addresses a real, low-level IPv6 use‑after‑free (UAF) condition in ip6_finish_output2(), but Microsoft’s MSRC wording about Azure Linux being “the product that includes the open‑source library and is therefore potentially affected” is a product‑scoped...

A use‑after‑free defect in the Linux kernel’s SMB client — tracked as CVE-2024-35869 — has been fixed upstream and back‑ported by major distributors after disclosure; the bug can cause reliable crashes and memory corruption when the client walks DFS referrals, mounts DFS targets, or performs DFS...

A small timing bug in the Mellanox (mlxsw) Spectrum ACL TCAM code can let background rehash work destroy a region still referenced by active filter entries, producing a classic kernel use‑after‑free that leads to crashes and sustained denial of service — the flaw is tracked as CVE‑2024‑35854 and...

A small, easily overlooked change in the Linux SMB client — a single check that skips sessions already tearing down — closed a deceptively dangerous use‑after‑free (UAF) bug in the CIFS/SMB debug path that could, in practice, let an attacker repeatedly deny availability or cause kernel...

A critical use‑after‑free flaw in PyTorch’s mobile interpreter — tracked as CVE‑2024‑31583 — was disclosed in April 2024 and patched in the v2.2.0 release; the bug allowed invalid bytecode indices to reach an unchecked array access in torch/csrc/jit/mobile/interpreter.cpp, producing a...

A subtle but serious race-condition bug in the Linux kernel’s ATA over Ethernet (AoE) driver—tracked as CVE-2024-26898—has been fixed after researchers found a premature release of a network device reference that can produce a use-after-free condition. The flaw lives inside the aoecmd_cfg_pkts()...

The Linux kernel has a newly recorded vulnerability — CVE-2025-68285 — that fixes a potential use-after-free in the Ceph client library (libceph) function have_mon_and_osd_map, closing a race that can let the kernel dereference already-freed map objects during Ceph session open. Background Ceph...

A subtle logic error in the Linux kernel’s Coresight ETR driver has been identified and fixed, and the fix has been assigned CVE-2025-68376. The bug is a classic use‑after‑free that can occur when the Embedded Trace Relay (ETR) buffer is resized while the device is active in sysfs mode; under...

A newly assigned CVE, CVE-2025-68372, documents a use-after-free (UAF) race in the Linux kernel’s Network Block Device (NBD) driver that can result in worker-thread access to freed configuration memory. The fix is small but important: the NBD code now defers the final configuration put — calling...

A subtle race in the Linux kernel's AF_UNIX code that allowed a kernel function to follow a freed pointer has been patched — the fix closes a null-pointer / use-after-free window in unix_stream_sendpage that could be triggered by carefully crafted local socket operations and file-descriptor...

A recently assigned CVE, CVE-2025-68324, patches a classic kernel glitch in the Linux IMM parallel-port SCSI driver that allowed a use-after-free to occur when a delayed work item was still pending as the driver instance was torn down — the fix adds a synchronous cancellation to ensure the...

A newly assigned CVE, CVE-2025-40328, documents a use-after-free (UAF) in the Linux kernel's SMB client implementation that could lead to memory corruption and instability on systems running affected kernel versions. The bug arises from a narrow race between reference-count manipulation and list...

A critical use‑after‑free defect has been publicly disclosed in the HDF5 library: CVE‑2025‑2913 identifies a flaw in src/H5FL.c (function H5FL__blk_gc_list) that can dereference freed metadata under specific local conditions, creating a realistic denial‑of‑service and memory‑corruption risk for...

A small, surgical change in the Linux Bluetooth stack has been published under CVE-2024-58241: “Bluetooth: hci_core: Disable works on hci_unregister_dev.” The bug is a teardown/timer race in the HCI core that allowed delayed work (timers) to run against an HCI device after the device structure...

A recently disclosed use‑after‑free defect in the GRUB2 bootloader — tracked as CVE‑2025‑61662 — stems from a missing unregister call in the gettext module and can lead to grub crashes and denial‑of‑service on affected systems. Background / Overview GRUB (GRand Unified Bootloader) is the de...

The Linux kernel has a newly recorded vulnerability, CVE-2025-40338, that fixes a use‑after‑free risk in the ASoC Intel AVS audio stack where a single allocated name pointer was shared between components — the remedy duplicates the name and updates the initialization order to prevent component...

Microsoft has recorded a local elevation-of-privilege bug in the Brokering File System (BFS) under the identifier CVE-2025-62569, a use‑after‑free (UAF) condition that Microsoft and multiple vulnerability trackers classify as a high‑severity, local-only threat requiring a low‑privilege starting...

Microsoft’s advisory for CVE-2025-62557 confirms a memory‑corruption flaw in Microsoft Office that can be weaponized for local remote‑code‑execution (RCE) scenarios — a use‑after‑free (UAF) in Office’s document parsing that, if chained successfully, allows attacker code to run with the...

A subtle timer omission in the Linux Bluetooth management stack has been assigned CVE-2025-40284 and fixed upstream — the bug left a delayed mesh-transmit completion timer running after the host device (hdev) was removed, creating a use-after-free crash that could hang or take down affected...

The Linux kernel recently received a targeted patch addressing a use‑after‑free in the Transparent Inter‑Process Communication (TIPC) subsystem: CVE‑2025‑40280 — “tipc: Fix use‑after‑free in tipc_mon_reinit_self”. The bug, reported by syzbot and flagged by KASAN traces, arises because...