Vulnerabilities > Use After Free
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-05 | CVE-2024-50130 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: must hold reference on net namespace BUG: KASAN: slab-use-after-free in __nf_unregister_net_hook+0x640/0x6b0 Read of size 8 at addr ffff8880106fe400 by task repro/72= bpf_nf_link_release+0xda/0x1e0 bpf_link_free+0x139/0x2d0 bpf_link_release+0x68/0x80 __fput+0x414/0xb60 Eric says: It seems that bpf was able to defer the __nf_unregister_net_hook() after exit()/close() time. Perhaps a netns reference is missing, because the netns has been dismantled/freed already. bpf_nf_link_attach() does : link->net = net; But I do not see a reference being taken on net. Add such a reference and release it after hook unreg. Note that I was unable to get syzbot reproducer to work, so I do not know if this resolves this splat. | 7.8 |
| 2024-11-04 | CVE-2024-33029 | Use After Free vulnerability in Qualcomm products Memory corruption while handling the PDR in driver for getting the remote heap maps. | 6.7 |
| 2024-11-04 | CVE-2024-33033 | Use After Free vulnerability in Qualcomm products Memory corruption while processing IOCTL calls to unmap the buffers. | 7.8 |
| 2024-11-04 | CVE-2024-33068 | Use After Free vulnerability in Qualcomm products Transient DOS while parsing fragments of MBSSID IE from beacon frame. | 6.5 |
| 2024-11-04 | CVE-2024-38415 | Use After Free vulnerability in Qualcomm products Memory corruption while handling session errors from firmware. | 7.8 |
| 2024-11-04 | CVE-2024-38419 | Use After Free vulnerability in Qualcomm products Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node. | 7.8 |
| 2024-11-04 | CVE-2024-38421 | Use After Free vulnerability in Qualcomm products Memory corruption while processing GPU commands. | 7.8 |
| 2024-11-04 | CVE-2024-38424 | Use After Free vulnerability in Qualcomm products Memory corruption during GNSS HAL process initialization. | 7.8 |
| 2024-10-29 | CVE-2024-10488 | Use After Free vulnerability in Google Chrome Use after free in WebRTC in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2024-10-29 | CVE-2024-8590 | Use After Free vulnerability in Autodesk products A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. | 7.8 |