use-after-free

CVE-2026-46323 was published by NVD on June 9, 2026, after kernel.org assigned a Linux kernel networking flaw in Generic Receive Offload where zerocopy socket buffers could be merged incorrectly, creating a use-after-free risk in kernel memory handling. The bug is not a Windows vulnerability...

Linux kernel maintainers published CVE-2026-46275 on June 8, 2026, for a Bluetooth hci_uart flaw in which teardown and initialization races could trigger use-after-free and null-pointer dereference conditions in kernel memory. The bug is not a Windows vulnerability, but it matters to...

CVE-2026-43059 is a high-severity Linux kernel Bluetooth management vulnerability, published by NVD on May 5, 2026 and modified on May 22, that can trigger list corruption and use-after-free behavior in affected kernels before patched stable releases. It is not a Windows Bluetooth flaw, but...

CVE-2026-11163 is a Chrome on Android use-after-free flaw in the browser’s Messages component, disclosed June 4, 2026, fixed before version 149.0.7827.53, and described as allowing a remote attacker to potentially escape the sandbox through a crafted HTML page. The oddity is not the memory bug...

CVE-2026-10967 is a high-severity use-after-free vulnerability in Chrome’s SurfaceCapture component on Android, disclosed on June 4, 2026, affecting Google Chrome versions before 149.0.7827.53 and potentially allowing a renderer-compromise attacker to escape the browser sandbox through a crafted...

Google Chrome for Android versions earlier than 149.0.7827.53 are affected by CVE-2026-10959, a high-severity use-after-free flaw in the browser’s Input component disclosed on June 4, 2026, that can let a remote attacker execute code inside Chrome’s sandbox through a crafted HTML page. The bug...

Google disclosed CVE-2026-10953 on June 4, 2026, as a high-severity use-after-free flaw in Chrome’s Core code on Android before version 149.0.7827.53, where a compromised renderer process could use a crafted HTML page to attempt a browser sandbox escape. The short version is simple: this is not...

CVE-2026-10923 is a high-severity Google Chrome for Android vulnerability published by NVD on June 4, 2026, affecting Chrome versions before 149.0.7827.53 and describing a WebAppInstalls use-after-free flaw that could allow arbitrary code execution through a malicious file. The short version is...

Google published CVE-2026-11188 on June 4, 2026, describing a medium-severity use-after-free flaw in Chrome’s USB component on Android before version 149.0.7827.53 that could let a remote attacker attempt a sandbox escape through a crafted HTML page. The interesting part is not that Chrome has...

Google’s CVE-2026-11131 is a Chrome-on-Android Autofill use-after-free flaw disclosed June 4, 2026, affecting versions before 149.0.7827.53 and describing a renderer-compromise-to-sandbox-escape path through a crafted HTML page. That is the plain version; the interesting version is messier. A...

Google assigned CVE-2026-11080 to a medium-severity use-after-free flaw in Android WebView, disclosed June 4, 2026, affecting Google Chrome on Android before version 149.0.7827.53 and potentially allowing remote heap corruption through a crafted HTML page. The vulnerability is not the loudest...

On June 4, 2026, Chrome published CVE-2026-11012, a use-after-free flaw in Chrome for Android’s Serial component fixed before version 149.0.7827.53 that could let an attacker who had already compromised the renderer attempt a sandbox escape through a crafted HTML page. The awkward part is not...

Microsoft disclosed CVE-2026-48583 on June 9, 2026, as a Windows Kernel elevation-of-privilege vulnerability rated Important with a 7.8 CVSS score, allowing an authorized local attacker to raise privileges through a use-after-free flaw in the kernel. That is the plain-English risk: this is not a...

CVE-2026-46187 is a newly published Linux kernel vulnerability, disclosed by kernel.org on May 28, 2026, that fixes a use-after-free race in the RSI Wi-Fi driver when a kernel thread exits itself before external shutdown code tries to stop it. The bug is narrow, driver-specific, and still...

CVE-2026-46180 is a newly published Linux kernel vulnerability disclosed by kernel.org and listed by NVD on May 28, 2026, affecting the Broadcom brcmfmac Wi-Fi driver through a potential use-after-free race while stopping a watchdog kernel task. It is not a Windows vulnerability, but it matters...

CVE-2026-46111 is a Linux kernel Bluetooth vulnerability published by NVD on May 28, 2026, after kernel.org assigned it to a use-after-free bug in hci_conn during create_big_sync handling for Bluetooth BIG synchronization. The flaw is not yet scored by NVD, which means administrators are staring...

CVE-2026-46241 is a Linux kernel vulnerability published by NVD on May 28, 2026, affecting the spi: mpc52xx controller path, where failed controller registration could leave interrupts active and create a possible use-after-free and resource leak. The flaw is not the kind of headline-grabbing...

Linux kernel CVE-2026-46219 was published by NVD on May 28, 2026, for a use-after-free flaw in the Freescale MPC52xx SPI controller driver, fixed by reordering cleanup during device unbind so queued work is cancelled only after interrupts are disabled. This is not the sort of bug that should...

CVE-2026-46090, published by NVD on May 27, 2026, is a Linux kernel flaw in ALSA’s snd-aloop loopback audio driver where a race during format-change stopping can leave the playback path holding a stale capture-stream pointer. The bug is not a headline-grabbing remote-code-execution story, and...

CVE-2026-45996, published by NVD on May 27, 2026, is a Linux kernel vulnerability in the i.MX SPI controller driver where unbinding the device could leave driver code using controller data already freed during deregistration. That sounds narrow, and in one sense it is. But it is also the sort of...