Vulnerabilities > Use After Free
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-21 | CVE-2024-26582 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-after-free in process_rx_list when we try to read from the partially-read skb. | 7.8 |
2024-02-20 | CVE-2023-52438 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc->vma pointer isn't safe as it can race with munmap(). As of commit dd2283f2605e ("mm: mmap: zap pages with read mmap_sem in munmap") the mmap lock is downgraded after the vma has been isolated. I was able to reproduce this issue by manually adding some delays and triggering page reclaiming through the shrinker's debug sysfs. | 7.8 |
2024-02-20 | CVE-2024-24793 | A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. | 8.1 |
2024-02-20 | CVE-2024-24794 | A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. | 8.1 |
2024-02-15 | CVE-2024-20729 | Use After Free vulnerability in Adobe products Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-02-15 | CVE-2024-20731 | Use After Free vulnerability in Adobe products Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-02-15 | CVE-2024-20734 | Use After Free vulnerability in Adobe products Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-02-09 | CVE-2024-23322 | Use After Free vulnerability in Envoyproxy Envoy Envoy is a high-performance edge/middle/service proxy. | 7.5 |
2024-02-09 | CVE-2024-25443 | Use After Free vulnerability in Hugin Project Hugin 2022.0.0 An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image. | 7.8 |
2024-02-08 | CVE-2024-1312 | Use After Free vulnerability in multiple products A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. | 4.7 |