The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch.
Tag: Use-After-Free
ASA-2019-00658 – Linux kernel: Mounting a crafted btrfs filesystem image can lead to a use-after-free through syncfs system call
Mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.
ASA-2019-00657 – Linux kernel: Use-after-free vulnerability when deleting a file from a recently unmounted specially crafted ext4 filesystem
A flaw was found in the Linux kernel's ext4_unlink function. An attacker could corrupt memory or escalate privileges when deleting a file from a recently unmounted specially crafted ext4 filesystem, including local, USB, and iSCSI.
ASA-2019-00646 – Electron: Chromium WebAudio Use-After-Free Vulnerability
A vulnerability has been discovered in Chrome which affects all software based on Chromium, including Electron. Use-after-free in WebAudio in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ASA-2019-00636 – Linux kernel: Use-after-free in aa_audit_rule_init()
There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.
ASA-2019-00630 – Linux kernel: Wrong locking causes race conditions on streaming stop in vivid driver
An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem).
ASA-2019-00562 – VMware ESXi, Workstation, Fusion, Remote Console and Horizon Client: Use-after-free vulnerability in the virtual sound device
ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. A local attacker with non-administrative access on the guest machine may exploit this issue to execute code on the host.
ASA-2019-00553 – Linux kernel: Use-after-free in Binder driver
There is a use-after-free of the wait member in the binder_thread struct in the binder driver at /drivers/android/binder.c.