use-after-free

A subtle race in the Linux wireless stack — tracked as CVE-2025-21979 — can let a queued wiphy work item run after its owning wiphy object has already been freed, producing a classic use-after-free that reliably threatens system availability and, in worst cases, integrity; the Linux kernel...

A subtle memory-management mistake in the Intel ISH HID driver has been assigned CVE-2025-21928 and fixed upstream — the bug is a classic use-after-free in ishtp_hid_remove() that can cause random system crashes shortly after the driver is removed and therefore represents a real availability...

A subtle sequence of PHP internals — an exception triggered inside a magic property setter combined with a null‑coalescing assignment — can produce a use‑after‑free in the engine’s shutdown path, leaving unpatched PHP 8.3 and 8.4 builds exposed to high‑impact crashes and, in some scenarios, the...

A critical race-condition bug in the Linux kernel’s MD (Multiple Devices) subsystem — tracked as CVE-2025-22126 — was fixed upstream after researchers identified a use‑after‑free (UAF) that can occur when the kernel iterates the global list of md devices. The fix addresses a subtle iterator /...

A newly disclosed Linux-kernel vulnerability, tracked as CVE‑2025‑21999, patches a use‑after‑free (UAF) race in the proc filesystem: a race between module removal (rmmod) and inode creation in proc_get_inode() could let the kernel dereference a freed module pointer and crash or corrupt kernel...

The RapidIO networking patch recorded as CVE-2025-21934 fixes a small but consequential memory-management mistake in the Linux kernel that, under certain failure conditions, could leave a RapidIO port structure pointing at freed memory — a classic use-after-free that translates into a...

The Linux kernel fix for CVE-2024-44986 addresses a real, low-level IPv6 use‑after‑free (UAF) condition in ip6_finish_output2(), but Microsoft’s MSRC wording about Azure Linux being “the product that includes the open‑source library and is therefore potentially affected” is a product‑scoped...

A use‑after‑free defect in the Linux kernel’s SMB client — tracked as CVE-2024-35869 — has been fixed upstream and back‑ported by major distributors after disclosure; the bug can cause reliable crashes and memory corruption when the client walks DFS referrals, mounts DFS targets, or performs DFS...

A small timing bug in the Mellanox (mlxsw) Spectrum ACL TCAM code can let background rehash work destroy a region still referenced by active filter entries, producing a classic kernel use‑after‑free that leads to crashes and sustained denial of service — the flaw is tracked as CVE‑2024‑35854 and...

A small, easily overlooked change in the Linux SMB client — a single check that skips sessions already tearing down — closed a deceptively dangerous use‑after‑free (UAF) bug in the CIFS/SMB debug path that could, in practice, let an attacker repeatedly deny availability or cause kernel...

A critical use‑after‑free flaw in PyTorch’s mobile interpreter — tracked as CVE‑2024‑31583 — was disclosed in April 2024 and patched in the v2.2.0 release; the bug allowed invalid bytecode indices to reach an unchecked array access in torch/csrc/jit/mobile/interpreter.cpp, producing a...

A subtle but serious race-condition bug in the Linux kernel’s ATA over Ethernet (AoE) driver—tracked as CVE-2024-26898—has been fixed after researchers found a premature release of a network device reference that can produce a use-after-free condition. The flaw lives inside the aoecmd_cfg_pkts()...

The Linux kernel has a newly recorded vulnerability — CVE-2025-68285 — that fixes a potential use-after-free in the Ceph client library (libceph) function have_mon_and_osd_map, closing a race that can let the kernel dereference already-freed map objects during Ceph session open. Background Ceph...

A subtle logic error in the Linux kernel’s Coresight ETR driver has been identified and fixed, and the fix has been assigned CVE-2025-68376. The bug is a classic use‑after‑free that can occur when the Embedded Trace Relay (ETR) buffer is resized while the device is active in sysfs mode; under...

A newly assigned CVE, CVE-2025-68372, documents a use-after-free (UAF) race in the Linux kernel’s Network Block Device (NBD) driver that can result in worker-thread access to freed configuration memory. The fix is small but important: the NBD code now defers the final configuration put — calling...

A subtle race in the Linux kernel's AF_UNIX code that allowed a kernel function to follow a freed pointer has been patched — the fix closes a null-pointer / use-after-free window in unix_stream_sendpage that could be triggered by carefully crafted local socket operations and file-descriptor...

A recently assigned CVE, CVE-2025-68324, patches a classic kernel glitch in the Linux IMM parallel-port SCSI driver that allowed a use-after-free to occur when a delayed work item was still pending as the driver instance was torn down — the fix adds a synchronous cancellation to ensure the...

A newly assigned CVE, CVE-2025-40328, documents a use-after-free (UAF) in the Linux kernel's SMB client implementation that could lead to memory corruption and instability on systems running affected kernel versions. The bug arises from a narrow race between reference-count manipulation and list...

A critical use‑after‑free defect has been publicly disclosed in the HDF5 library: CVE‑2025‑2913 identifies a flaw in src/H5FL.c (function H5FL__blk_gc_list) that can dereference freed metadata under specific local conditions, creating a realistic denial‑of‑service and memory‑corruption risk for...

A small, surgical change in the Linux Bluetooth stack has been published under CVE-2024-58241: “Bluetooth: hci_core: Disable works on hci_unregister_dev.” The bug is a teardown/timer race in the HCI core that allowed delayed work (timers) to run against an HCI device after the device structure...