Vulnerabilities > Double Free
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-13 | CVE-2025-4574 | In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption. | 6.5 |
| 2025-03-28 | CVE-2025-2925 | Double Free vulnerability in Hdfgroup Hdf5 A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. | 5.5 |
| 2025-03-27 | CVE-2023-52930 | Double Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential bit_17 double-free A userspace with multiple threads racing I915_GEM_SET_TILING to set the tiling to I915_TILING_NONE could trigger a double free of the bit_17 bitmask. | 7.8 |
| 2025-03-06 | CVE-2024-58055 | Double Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_tcm: Don't free command immediately Don't prematurely free the command. | 7.8 |
| 2025-02-27 | CVE-2024-57980 | Double Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvc_status_init() function fails to allocate the int_urb, it will free the dev->status pointer but doesn't reset the pointer to NULL. | 7.8 |
| 2025-02-26 | CVE-2022-49290 | Double Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mac80211: fix potential double free on mesh join While commit 6a01afcf8468 ("mac80211: mesh: Free ie data when leaving mesh") fixed a memory leak on mesh leave / teardown it introduced a potential memory corruption caused by a double free when rejoining the mesh: ieee80211_leave_mesh() -> kfree(sdata->u.mesh.ie); ... ieee80211_join_mesh() -> copy_mesh_setup() -> old_ie = ifmsh->ie; -> kfree(old_ie); This double free / kernel panics can be reproduced by using wpa_supplicant with an encrypted mesh (if set up without encryption via "iw" then ifmsh->ie is always NULL, which avoids this issue). | 7.8 |
| 2025-02-26 | CVE-2022-49384 | Double Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: md: fix double free of io_acct_set bioset Now io_acct_set is alloc and free in personality. | 7.8 |
| 2025-02-26 | CVE-2022-49391 | Double Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: remoteproc: mtk_scp: Fix a potential double free 'scp->rproc' is allocated using devm_rproc_alloc(), so there is no need to free it explicitly in the remove function. | 7.8 |
| 2025-02-26 | CVE-2022-49410 | Double Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential double free in create_var_ref() In create_var_ref(), init_var_ref() is called to initialize the fields of variable ref_field, which is allocated in the previous function call to create_hist_field(). | 7.8 |
| 2025-02-26 | CVE-2022-49455 | Double Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible double free in ocxl_file_register_afu info_release() will be called in device_unregister() when info->dev's reference count is 0. | 7.8 |