CWE-415— Double Free
719 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-415page 14 of 15
- CVE-2025-62219HIGHCVSS 7.0EG 7.02025-11-11
Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.
- CVE-2025-62469HIGHCVSS 7.0EG 7.02025-12-09
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
- CVE-2025-65955MEDIUMCVSS 4.9EG 4.92025-12-02
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked wi…
- CVE-2025-68657MEDIUMCVSS 6.4EG 6.42026-01-12
Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, calls to hid_host_device_close() can free the same usb_transfer_t twice. The USB event callback and user code share the hid_iface_…
- CVE-2025-68968HIGHCVSS 7.8EG 7.82026-01-14
Double free vulnerability in the multi-mode input module. Impact: Successful exploitation of this vulnerability may affect the input function.
- CVE-2025-8058MEDIUMCVSS 5.9EG 0.02025-07-23
The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random mal…
- CVE-2025-8585MEDIUMCVSS 5.3EG 5.32025-08-05
A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Atta…
- CVE-2026-20026MEDIUMCVSS 5.8EG 5.82026-01-07
Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resu…
- CVE-2026-20415MEDIUMCVSS 5.5EG 5.52026-02-02
In imgsys, there is a possible memory corruption due to improper locking. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID:…
- CVE-2026-20832HIGHCVSS 7.8EG 7.82026-01-13
Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability
- CVE-2026-20861HIGHCVSS 7.8EG 7.82026-01-13
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
- CVE-2026-20863HIGHCVSS 7.0EG 7.02026-01-13
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
- CVE-2026-20867HIGHCVSS 7.8EG 7.82026-01-13
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
- CVE-2026-21530MEDIUMCVSS 6.7EG 6.72026-05-12
Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
- CVE-2026-21918HIGHCVSS 7.5EG 7.52026-01-15
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, w…
- CVE-2026-23068HIGHCVSS 7.8EG 7.82026-02-04
In the Linux kernel, the following vulnerability has been resolved: spi: spi-sprd-adi: Fix double free in probe error path The driver currently uses spi_alloc_host() to allocate the controller but registers it using devm_spi_register_con…
- CVE-2026-23098HIGHCVSS 8.8EG 7.82026-02-04
In the Linux kernel, the following vulnerability has been resolved: netrom: fix double-free in nr_route_frame() In nr_route_frame(), old_skb is immediately freed without checking if nr_neigh->ax25 pointer is NULL. Therefore, if nr_neigh-…
- CVE-2026-23162HIGHCVSS 7.8EG 7.82026-02-14
In the Linux kernel, the following vulnerability has been resolved: drm/xe/nvm: Fix double-free on aux add failure After a successful auxiliary_device_init(), aux_dev->dev.release (xe_nvm_release_dev()) is responsible for the kfree(nvm).…
- CVE-2026-23408HIGHCVSS 7.8EG 7.82026-04-01
In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix double free of ns_name in aa_replace_profiles() if ns_name is NULL after 1071 error = aa_unpack(udata, &lh, &ns_name); and if ent->ns_name contain…
- CVE-2026-23449HIGHCVSS 7.8EG 7.82026-04-03
In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: Fix double-free in teql_master_xmit Whenever a TEQL devices has a lockless Qdisc as root, qdisc_reset should be called using the seq_lock to avoid racin…
- CVE-2026-23918HIGHCVSS 8.8EG 8.82026-05-04
Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
- CVE-2026-25556MEDIUMCVSS 5.9EG 7.52026-02-06
MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly dr…
- CVE-2026-26163HIGHCVSS 7.8EG 7.82026-04-14
Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2026-26166HIGHCVSS 7.0EG 7.02026-04-14
Double free in Windows Shell allows an authorized attacker to elevate privileges locally.
- CVE-2026-26179HIGHCVSS 7.8EG 7.82026-04-14
Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2026-31053MEDIUMCVSS 6.2EG 6.22026-04-06
A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially…
- CVE-2026-31468HIGHCVSS 7.8EG 7.82026-04-22
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Fix double free in dma-buf feature The error path through vfio_pci_core_feature_dma_buf() ignores its own advice to only use dma_buf_put() after dma_buf_export…
- CVE-2026-31471HIGHCVSS 7.8EG 7.82026-04-22
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish mode_data after clone setup iptfs_clone_state() stores x->mode_data before allocating the reorder window. If that allocation fails, the code fr…
- CVE-2026-31475HIGHCVSS 7.8EG 7.82026-04-22
In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307: fix double free of devm_kzalloc() memory A previous change added NULL checks and cleanup for allocation failures in sma1307_setting_loaded(). However, th…
- CVE-2026-31489HIGHCVSS 7.8EG 7.82026-04-22
In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put in remove path meson_spicc_probe() registers the controller with devm_spi_register_controller(), so teardown already drops the controlle…
- CVE-2026-31506HIGHCVSS 7.8EG 7.82026-04-22
In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix double free of WoL irq We do not need to free wol_irq since it was instantiated with devm_request_irq(). So devres will free for us.
- CVE-2026-31507HIGHCVSS 7.8EG 7.82026-04-22
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer smc_rx_splice() allocates one smc_spd_priv per pipe_buffer and stores the pointer in pi…
- CVE-2026-31608CRITICALCVSS 9.8EG 9.82026-04-24
In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() smb_direct_flush_send_list() already calls smb_direct_free_sendmsg(), so we …
- CVE-2026-31609CRITICALCVSS 9.8EG 9.82026-04-24
In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() smbd_send_batch_flush() already calls smbd_free_send_io(), so we should not call it a…
- CVE-2026-31686HIGHCVSS 7.8EG 7.82026-04-27
In the Linux kernel, the following vulnerability has been resolved: mm/kasan: fix double free for kasan pXds kasan_free_pxd() assumes the page table is always struct page aligned. But that's not always the case for all architectures. E…
- CVE-2026-31730HIGHCVSS 7.8EG 7.82026-05-01
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: possible double-free of cctx->remote_heap fastrpc_init_create_static_process() may free cctx->remote_heap on the err_map path but does not clear the point…
- CVE-2026-31745HIGHCVSS 7.8EG 7.82026-05-01
In the Linux kernel, the following vulnerability has been resolved: reset: gpio: fix double free in reset_add_gpio_aux_device() error path When __auxiliary_device_add() fails, reset_add_gpio_aux_device() calls auxiliary_device_uninit(ade…
- CVE-2026-31759HIGHCVSS 7.8EG 7.82026-05-01
In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: fix double free in ulpi_register_interface() error path When device_register() fails, ulpi_register() calls put_device() on ulpi->dev. The device release cal…
- CVE-2026-31787HIGHCVSS 7.8EG 7.82026-04-30
In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmd_vm_ops defines .close (privcmd_close), but neither .may_split nor .open. When userspace does a partial munmap() on…
- CVE-2026-32069HIGHCVSS 7.8EG 7.82026-04-14
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- CVE-2026-32074HIGHCVSS 7.8EG 7.82026-04-14
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- CVE-2026-32170MEDIUMCVSS 6.7EG 6.72026-05-12
Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
- CVE-2026-32219HIGHCVSS 7.0EG 7.02026-04-14
Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
- CVE-2026-32848MEDIUMCVSS 4.7EG 4.72026-05-18
NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodev_op() within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the sam…
- CVE-2026-33811HIGHCVSS 7.5EG 7.52026-05-07
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.
- CVE-2026-33824CRITICALCVSS 9.8EG 9.82026-04-14
Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.
- CVE-2026-33838HIGHCVSS 7.8EG 7.82026-05-12
Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.
- CVE-2026-34341HIGHCVSS 7.0EG 7.02026-05-12
Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.
- CVE-2026-34867MEDIUMCVSS 5.6EG 5.62026-04-13
Double free vulnerability in the multi-mode input system. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-43007HIGHCVSS 7.8EG 7.82026-05-01
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Handle DBC deactivation if the owner went away When a DBC is released, the device sends a QAIC_TRANS_DEACTIVATE_FROM_DEV transaction to the host over the QAI…
Map vulnerabilities like CWE-415 to your infrastructure
EchelonGraph correlates every CVE — across CWE-415 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →