Vulnerabilities > Double Free

DATE CVE VULNERABILITY TITLE RISK
2024-02-20 CVE-2023-52439 Double Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ------------------------------------------------------- uio_unregister_device uio_open idev = idr_find() device_unregister(&idev->dev) put_device(&idev->dev) uio_device_release get_device(&idev->dev) kfree(idev) uio_free_minor(minor) uio_release put_device(&idev->dev) kfree(idev) ------------------------------------------------------- In the core-1 uio_unregister_device(), the device_unregister will kfree idev when the idev->dev kobject ref is 1.
local
low complexity
linux CWE-415
7.8
2024-02-20 CVE-2024-23809 A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111).
network
low complexity
CWE-415
critical
9.8
2024-01-12 CVE-2024-21606 Double Free vulnerability in Juniper Junos
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed. This issue affects Juniper Networks Junos OS on SRX Series: * All versions earlier than 20.4R3-S8; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3.
network
low complexity
juniper CWE-415
7.5
2024-01-08 CVE-2023-1032 Double Free vulnerability in multiple products
The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c.
local
low complexity
linux canonical CWE-415
5.5
2024-01-08 CVE-2022-2588 Double Free vulnerability in multiple products
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
local
low complexity
linux canonical CWE-415
7.8
2024-01-02 CVE-2023-28583 Double Free vulnerability in Qualcomm products
Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address.
local
low complexity
qualcomm CWE-415
7.8
2023-12-31 CVE-2023-52284 Double Free vulnerability in Bytecodealliance Webassembly Micro Runtime 1.2.3
Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled.
local
low complexity
bytecodealliance CWE-415
5.5
2023-12-21 CVE-2023-4256 Double Free vulnerability in multiple products
Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c.
local
low complexity
broadcom fedoraproject CWE-415
5.5
2023-12-14 CVE-2023-49937 Double Free vulnerability in Schedmd Slurm
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x.
network
low complexity
schedmd CWE-415
critical
9.8
2023-12-13 CVE-2023-41678 Double Free vulnerability in Fortinet Fortios and Fortipam
A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.
network
low complexity
fortinet CWE-415
8.8