CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-23CG-3343-MMVH
Vulnerability from github – Published: 2022-05-14 03:25 – Updated: 2022-05-14 03:25In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, and SD 820A, untrusted pointer dereference in QSEE Syscall without proper validation can lead to access of blacklisted memory.
{
"affected": [],
"aliases": [
"CVE-2015-9113"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-18T14:29:00Z",
"severity": "CRITICAL"
},
"details": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, and SD 820A, untrusted pointer dereference in QSEE Syscall without proper validation can lead to access of blacklisted memory.",
"id": "GHSA-23cg-3343-mmvh",
"modified": "2022-05-14T03:25:49Z",
"published": "2022-05-14T03:25:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9113"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103671"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-23F8-9P2X-67MG
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_GetShapeBoundingBox() located in swfshape.c. It allows an attacker to cause Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2021-39591"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-20T16:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_GetShapeBoundingBox() located in swfshape.c. It allows an attacker to cause Denial of Service.",
"id": "GHSA-23f8-9p2x-67mg",
"modified": "2022-05-24T19:15:05Z",
"published": "2022-05-24T19:15:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39591"
},
{
"type": "WEB",
"url": "https://github.com/matthiaskramm/swftools/issues/135"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-23GF-35QH-V8HP
Vulnerability from github – Published: 2025-10-27 21:30 – Updated: 2025-10-28 18:30FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
{
"affected": [],
"aliases": [
"CVE-2025-61101"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-27T20:15:54Z",
"severity": "HIGH"
},
"details": "FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.",
"id": "GHSA-23gf-35qh-v8hp",
"modified": "2025-10-28T18:30:28Z",
"published": "2025-10-27T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61101"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/issues/19471"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/pull/19480"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/pull/19480/commits/fdd957408605d4a1766225630aafc7e6b7c3daf3"
},
{
"type": "WEB",
"url": "https://github.com/s1awwhy/BugList/blob/main/CVE-2025-61101.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-23J8-J8RC-C9HW
Vulnerability from github – Published: 2022-05-17 02:29 – Updated: 2022-05-17 02:29When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c.
{
"affected": [],
"aliases": [
"CVE-2017-11097"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-07T18:29:00Z",
"severity": "HIGH"
},
"details": "When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c.",
"id": "GHSA-23j8-j8rc-c9hw",
"modified": "2022-05-17T02:29:46Z",
"published": "2022-05-17T02:29:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11097"
},
{
"type": "WEB",
"url": "https://github.com/matthiaskramm/swftools/issues/24"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-23JC-MX6C-HH36
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.
{
"affected": [],
"aliases": [
"CVE-2010-3849"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-12-30T19:00:00Z",
"severity": "MODERATE"
},
"details": "The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.",
"id": "GHSA-23jc-mx6c-hh36",
"modified": "2022-05-13T01:23:36Z",
"published": "2022-05-13T01:23:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3849"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=644156"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa0e846494792e722d817b9d3d625a4ef4896c96"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2010/11/30/1"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43056"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43291"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2010/dsa-2126"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:257"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1023-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0213"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0298"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0375"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-23MM-FP65-W636
Vulnerability from github – Published: 2023-05-10 15:30 – Updated: 2024-04-04 03:58Null pointer dereference in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2022-29508"
],
"database_specific": {
"cwe_ids": [
"CWE-395",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-10T14:15:11Z",
"severity": "HIGH"
},
"details": "Null pointer dereference in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.",
"id": "GHSA-23mm-fp65-w636",
"modified": "2024-04-04T03:58:51Z",
"published": "2023-05-10T15:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29508"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-23QP-3C2M-XX6W
Vulnerability from github – Published: 2025-02-04 18:54 – Updated: 2025-02-06 18:03CWA-2025-001
Severity
Medium (Moderate + Likely)[^1]
Affected versions:
- wasmvm >= 2.2.0, < 2.2.2
- wasmvm >= 2.1.0, < 2.1.5
- wasmvm >= 2.0.0, < 2.0.6
- wasmvm < 1.5.8
Patched versions:
- wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2
Description of the bug
The vulnerability can be used to crash the chain. The underlying bug that causes this is present on both permissioned and premissionless chains, but it can only be triggered reliably with a malicious contract, so permissioned chains are much less likely to be affected.
(We'll add more detail once chains had a chance to upgrade.)
Patch
- 1.5: https://github.com/CosmWasm/wasmvm/commit/1151bc6df7d02d1889b8da37cf8510eaf4198eea
- 2.0: https://github.com/CosmWasm/wasmvm/commit/d4ff2adee44e6b9f7415a5dfbb3de745ab9b7678
- 2.1: https://github.com/CosmWasm/wasmvm/commit/8d44a286fabc793a2fba93752e58cd0fd5b88a2d
- 2.2: https://github.com/CosmWasm/wasmvm/commit/0aefa4c378457aeb3c07e7975b875be38872c56d
Applying the patch
The patch will be shipped in releases of wasmvm. You can update more or less as follows:
- Check the current wasmvm version:
go list -m github.com/CosmWasm/wasmvm - Bump the
github.com/CosmWasm/wasmvmdependency in your go.mod to one of the patched version depending on which minor version you are on;go mod tidy; commit. - If you use the static libraries
libwasmvm_muslc.aarch64.a/libwasmvm_muslc.x86_64.a, update them accordingly. - Check the updated wasmvm version:
go list -m github.com/CosmWasm/wasmvmand ensure you see 1.5.8, 2.0.6, 2.1.5 or 2.2.2. - Follow your regular practices to deploy chain upgrades.
While the fix for this issue is not consensus breaking, the patch contains another consensus breaking fix and requires a coordinated upgrade.
Acknowledgement
This issue was found by meadow101 who reported it to the Cosmos Bug Bounty Program on HackerOne.
If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.
Timeline
- 2024-11-25: Confio receives a report through the Cosmos bug bounty program maintained by Amulet.
- 2024-11-28: Confio security contributors confirm the report.
- 2024-11-28: Confio developed the patch internally.
- 2025-02-04: Patch gets released.
[^1]: following Amulet's Severity Classification Framework ACMv1.2: https://github.com/interchainio/security/blob/0295254e8645301ccb606d46108a45cede0a73e0/resources/CLASSIFICATION_MATRIX.md
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/CosmWasm/wasmvm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/CosmWasm/wasmvm/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/CosmWasm/wasmvm/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/CosmWasm/wasmvm/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2025-02-04T18:54:13Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "# CWA-2025-001\n\n**Severity**\n\nMedium (Moderate + Likely)[^1]\n\n**Affected versions:**\n\n- wasmvm \u003e= 2.2.0, \u003c 2.2.2\n- wasmvm \u003e= 2.1.0, \u003c 2.1.5\n- wasmvm \u003e= 2.0.0, \u003c 2.0.6\n- wasmvm \u003c 1.5.8\n\n**Patched versions:**\n\n- wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2\n\n## Description of the bug\n\nThe vulnerability can be used to crash the chain. The underlying bug that causes this is present on both permissioned and premissionless chains, but it can only be triggered _reliably_ with a malicious contract, so permissioned chains are much less likely to be affected.\n\n(We\u0027ll add more detail once chains had a chance to upgrade.)\n\n## Patch\n\n- 1.5: https://github.com/CosmWasm/wasmvm/commit/1151bc6df7d02d1889b8da37cf8510eaf4198eea\n- 2.0: https://github.com/CosmWasm/wasmvm/commit/d4ff2adee44e6b9f7415a5dfbb3de745ab9b7678\n- 2.1: https://github.com/CosmWasm/wasmvm/commit/8d44a286fabc793a2fba93752e58cd0fd5b88a2d\n- 2.2: https://github.com/CosmWasm/wasmvm/commit/0aefa4c378457aeb3c07e7975b875be38872c56d\n\n## Applying the patch\n\nThe patch will be shipped in releases of wasmvm. You can update more or less as follows:\n\n1. Check the current wasmvm version: `go list -m github.com/CosmWasm/wasmvm`\n2. Bump the `github.com/CosmWasm/wasmvm` dependency in your go.mod to one of the patched version\n depending on which minor version you are on; `go mod tidy`; commit.\n3. If you use the static libraries `libwasmvm_muslc.aarch64.a`/`libwasmvm_muslc.x86_64.a`, update them accordingly.\n4. Check the updated wasmvm version: `go list -m github.com/CosmWasm/wasmvm` and ensure you see 1.5.8, 2.0.6, 2.1.5 or 2.2.2.\n5. Follow your regular practices to deploy chain upgrades.\n\nWhile the fix for this issue is not consensus breaking, the patch contains another\nconsensus breaking fix and requires a coordinated upgrade.\n\n## Acknowledgement\n\nThis issue was found by meadow101 who reported it to the Cosmos Bug Bounty Program on HackerOne.\n\nIf you believe you have found a bug in the Interchain Stack or would like to contribute to the\nprogram by reporting a bug, please see \u003chttps://hackerone.com/cosmos\u003e.\n\n## Timeline\n\n- 2024-11-25: Confio receives a report through the Cosmos bug bounty program maintained by Amulet.\n- 2024-11-28: Confio security contributors confirm the report.\n- 2024-11-28: Confio developed the patch internally.\n- 2025-02-04: Patch gets released.\n\n[^1]: following Amulet\u0027s Severity Classification Framework ACMv1.2: https://github.com/interchainio/security/blob/0295254e8645301ccb606d46108a45cede0a73e0/resources/CLASSIFICATION_MATRIX.md",
"id": "GHSA-23qp-3c2m-xx6w",
"modified": "2025-02-06T18:03:00Z",
"published": "2025-02-04T18:54:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/CosmWasm/wasmvm/security/advisories/GHSA-23qp-3c2m-xx6w"
},
{
"type": "WEB",
"url": "https://github.com/CosmWasm/wasmvm/commit/0aefa4c378457aeb3c07e7975b875be38872c56d"
},
{
"type": "WEB",
"url": "https://github.com/CosmWasm/wasmvm/commit/1151bc6df7d02d1889b8da37cf8510eaf4198eea"
},
{
"type": "WEB",
"url": "https://github.com/CosmWasm/wasmvm/commit/8d44a286fabc793a2fba93752e58cd0fd5b88a2d"
},
{
"type": "WEB",
"url": "https://github.com/CosmWasm/wasmvm/commit/d4ff2adee44e6b9f7415a5dfbb3de745ab9b7678"
},
{
"type": "WEB",
"url": "https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2025-001.md"
},
{
"type": "PACKAGE",
"url": "https://github.com/CosmWasm/wasmvm"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3448"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "wasmvm: Malicious smart contract can crash the chain"
}
GHSA-23WH-Q78V-XXM4
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-06 18:32In the Linux kernel, the following vulnerability has been resolved:
tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit()
When trace_get_event_file() failed, gen_kretprobe_test will be assigned as the error code. If module kprobe_event_gen_test is removed now, the null pointer dereference will happen in kprobe_event_gen_test_exit(). Check if gen_kprobe_test or gen_kretprobe_test is error code or NULL before dereference them.
BUG: kernel NULL pointer dereference, address: 0000000000000012 PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 3 PID: 2210 Comm: modprobe Not tainted 6.1.0-rc1-00171-g2159299a3b74-dirty #217 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 RIP: 0010:kprobe_event_gen_test_exit+0x1c/0xb5 [kprobe_event_gen_test] Code: Unable to access opcode bytes at 0xffffffff9ffffff2. RSP: 0018:ffffc900015bfeb8 EFLAGS: 00010246 RAX: ffffffffffffffea RBX: ffffffffa0002080 RCX: 0000000000000000 RDX: ffffffffa0001054 RSI: ffffffffa0001064 RDI: ffffffffdfc6349c RBP: ffffffffa0000000 R08: 0000000000000004 R09: 00000000001e95c0 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000800 R13: ffffffffa0002420 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f56b75be540(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffff9ffffff2 CR3: 000000010874a006 CR4: 0000000000330ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __x64_sys_delete_module+0x206/0x380 ? lockdep_hardirqs_on_prepare+0xd8/0x190 ? syscall_enter_from_user_mode+0x1c/0x50 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd
{
"affected": [],
"aliases": [
"CVE-2022-49797"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T15:16:02Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit()\n\nWhen trace_get_event_file() failed, gen_kretprobe_test will be assigned\nas the error code. If module kprobe_event_gen_test is removed now, the\nnull pointer dereference will happen in kprobe_event_gen_test_exit().\nCheck if gen_kprobe_test or gen_kretprobe_test is error code or NULL\nbefore dereference them.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000012\nPGD 0 P4D 0\nOops: 0000 [#1] SMP PTI\nCPU: 3 PID: 2210 Comm: modprobe Not tainted\n6.1.0-rc1-00171-g2159299a3b74-dirty #217\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\nRIP: 0010:kprobe_event_gen_test_exit+0x1c/0xb5 [kprobe_event_gen_test]\nCode: Unable to access opcode bytes at 0xffffffff9ffffff2.\nRSP: 0018:ffffc900015bfeb8 EFLAGS: 00010246\nRAX: ffffffffffffffea RBX: ffffffffa0002080 RCX: 0000000000000000\nRDX: ffffffffa0001054 RSI: ffffffffa0001064 RDI: ffffffffdfc6349c\nRBP: ffffffffa0000000 R08: 0000000000000004 R09: 00000000001e95c0\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000800\nR13: ffffffffa0002420 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f56b75be540(0000) GS:ffff88813bc00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffff9ffffff2 CR3: 000000010874a006 CR4: 0000000000330ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __x64_sys_delete_module+0x206/0x380\n ? lockdep_hardirqs_on_prepare+0xd8/0x190\n ? syscall_enter_from_user_mode+0x1c/0x50\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"id": "GHSA-23wh-q78v-xxm4",
"modified": "2025-11-06T18:32:44Z",
"published": "2025-05-01T15:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49797"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3a41c0f2a5c3bf72b4c4e9dd4b1025378201e332"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bb70fcae4115d24b7e8cee17a6da8b1943f546bb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e0d75267f59d7084e0468bd68beeb1bf9c71d7c0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fd0efd4f7bfe611a8339ba01bc2ac3c33e79159d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-23WV-Q9M5-HQ8Q
Vulnerability from github – Published: 2025-05-09 09:33 – Updated: 2025-11-12 21:31In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
The variable d->name, returned by devm_kasprintf(), could be NULL. A pointer check is added to prevent potential NULL pointer dereference. This is similar to the fix in commit 3027e7b15b02 ("ice: Fix some null pointer dereference issues in ice_ptp.c").
This issue is found by our static analysis tool
{
"affected": [],
"aliases": [
"CVE-2025-37881"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-09T07:16:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()\n\nThe variable d-\u003ename, returned by devm_kasprintf(), could be NULL.\nA pointer check is added to prevent potential NULL pointer dereference.\nThis is similar to the fix in commit 3027e7b15b02\n(\"ice: Fix some null pointer dereference issues in ice_ptp.c\").\n\nThis issue is found by our static analysis tool",
"id": "GHSA-23wv-q9m5-hq8q",
"modified": "2025-11-12T21:31:03Z",
"published": "2025-05-09T09:33:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37881"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/052fb65335befeae8500e88d69ea022266baaf6d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/36d68151712e525450f0fbb3045e7110f0d9b610"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/61006ca381b4d65d2b8ca695ea8da1ce18d6dee3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8c75f3e6a433d92084ad4e78b029ae680865420f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a777ccfb9ba8d43f745e41b69ba39d4a506a081e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c8d4faf452a627f9b09c3a5c366133a19e5b7a28"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cfa7984f69359761b07a7831c1258c0fde1e0389"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d26a6093d52904cacdbb75424c323c19b443a890"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-23X3-5G9F-QHXQ
Vulnerability from github – Published: 2022-05-14 01:56 – Updated: 2025-04-20 03:49The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.
{
"affected": [],
"aliases": [
"CVE-2017-17123"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-04T08:29:00Z",
"severity": "MODERATE"
},
"details": "The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.",
"id": "GHSA-23x3-5g9f-qhxq",
"modified": "2025-04-20T03:49:23Z",
"published": "2022-05-14T01:56:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17123"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201811-17"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22509"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=4581a1c7d304ce14e714b27522ebf3d0188d6543"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4581a1c7d304ce14e714b27522ebf3d0188d6543"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.