Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-2G8G-2643-4335

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-16 03:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

cpuidle: Skip governor when only one idle state is available

On certain platforms (PowerNV systems without a power-mgt DT node), cpuidle may register only a single idle state. In cases where that single state is a polling state (state 0), the ladder governor may incorrectly treat state 1 as the first usable state and pass an out-of-bounds index. This can lead to a NULL enter callback being invoked, ultimately resulting in a system crash.

[ 13.342636] cpuidle-powernv : Only Snooze is available [ 13.351854] Faulting instruction address: 0x00000000 [ 13.376489] NIP [0000000000000000] 0x0 [ 13.378351] LR [c000000001e01974] cpuidle_enter_state+0x2c4/0x668

Fix this by adding a bail-out in cpuidle_select() that returns state 0 directly when state_count <= 1, bypassing the governor and keeping the tick running.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45968"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:13Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpuidle: Skip governor when only one idle state is available\n\nOn certain platforms (PowerNV systems without a power-mgt DT node),\ncpuidle may register only a single idle state. In cases where that\nsingle state is a polling state (state 0), the ladder governor may\nincorrectly treat state 1 as the first usable state and pass an\nout-of-bounds index. This can lead to a NULL enter callback being\ninvoked, ultimately resulting in a system crash.\n\n[   13.342636] cpuidle-powernv : Only Snooze is available\n[   13.351854] Faulting instruction address: 0x00000000\n[   13.376489] NIP [0000000000000000] 0x0\n[   13.378351] LR  [c000000001e01974] cpuidle_enter_state+0x2c4/0x668\n\nFix this by adding a bail-out in cpuidle_select() that returns state 0\ndirectly when state_count \u003c= 1, bypassing the governor and keeping the\ntick running.",
  "id": "GHSA-2g8g-2643-4335",
  "modified": "2026-06-16T03:30:33Z",
  "published": "2026-05-27T15:33:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45968"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4da2b897283c39980d6ae09dc1560fcd937879e5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5c577ac939bca486cb02069505cfe47a5312ce02"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5d103a38e2ae96eca57fd17161bcd29bd4622d1c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/63ae78336f40bcd9a44952a7c6bafb9c88a8effd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8f6833d919bae915ead6c599a53e81e19b32da52"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a0724e40a58a0e323c59707edeae5b71d15800dc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a0f7e804edc82e513d1ccb7c95ed8b351522ec81"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e5c9ffc6ae1bcdb1062527d611043681ac301aca"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2G98-G66W-RVRW

Vulnerability from github – Published: 2022-05-14 02:19 – Updated: 2022-05-14 02:19
VLAI
Details

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-15505"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-18T03:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted \"Host\" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing \u0027]\u0027 character in an IPv6 address.",
  "id": "GHSA-2g98-g66w-rvrw",
  "modified": "2022-05-14T02:19:49Z",
  "published": "2022-05-14T02:19:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15505"
    },
    {
      "type": "WEB",
      "url": "https://github.com/embedthis/appweb/issues/605"
    },
    {
      "type": "WEB",
      "url": "https://github.com/embedthis/goahead/issues/264"
    },
    {
      "type": "WEB",
      "url": "https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2G99-PCH7-3284

Vulnerability from github – Published: 2025-01-11 15:30 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again

Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check in node allocations") leads a NULL pointer deference in cache_set_flush().

1721 if (!IS_ERR_OR_NULL(c->root)) 1722 list_add(&c->root->list, &c->btree_cache);

From the above code in cache_set_flush(), if previous registration code fails before allocating c->root, it is possible c->root is NULL as what it is initialized. __bch_btree_node_alloc() never returns NULL but c->root is possible to be NULL at above line 1721.

This patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-48881"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-11T13:15:23Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: revert replacing IS_ERR_OR_NULL with IS_ERR again\n\nCommit 028ddcac477b (\"bcache: Remove unnecessary NULL point check in\nnode allocations\") leads a NULL pointer deference in cache_set_flush().\n\n1721         if (!IS_ERR_OR_NULL(c-\u003eroot))\n1722                 list_add(\u0026c-\u003eroot-\u003elist, \u0026c-\u003ebtree_cache);\n\n\u003eFrom the above code in cache_set_flush(), if previous registration code\nfails before allocating c-\u003eroot, it is possible c-\u003eroot is NULL as what\nit is initialized. __bch_btree_node_alloc() never returns NULL but\nc-\u003eroot is possible to be NULL at above line 1721.\n\nThis patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this.",
  "id": "GHSA-2g99-pch7-3284",
  "modified": "2025-11-03T21:32:07Z",
  "published": "2025-01-11T15:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48881"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/336e30f32ae7c043fde0f6fa21586ff30bea9fe2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4379c5828492a4c2a651c8f826a01453bd2b80b0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5202391970ffbf81975251b3526b890ba027b715"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5e0e913624bcd24f3de414475018d3023f060ee1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b2e382ae12a63560fca35050498e19e760adf8c0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cc05aa2c0117e20fa25a3c0d915f98b8f2e78667"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fb5fee35bdd18316a84b5f30881a24e1415e1464"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2GP8-XHXH-8H9C

Vulnerability from github – Published: 2025-04-18 15:31 – Updated: 2025-11-03 21:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

remoteproc: core: Clear table_sz when rproc_shutdown

There is case as below could trigger kernel dump: Use U-Boot to start remote processor(rproc) with resource table published to a fixed address by rproc. After Kernel boots up, stop the rproc, load a new firmware which doesn't have resource table ,and start rproc.

When starting rproc with a firmware not have resource table, memcpy(loaded_table, rproc->cached_table, rproc->table_sz) will trigger dump, because rproc->cache_table is set to NULL during the last stop operation, but rproc->table_sz is still valid.

This issue is found on i.MX8MP and i.MX9.

Dump as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=000000010af63000 [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP Modules linked in: CPU: 2 UID: 0 PID: 1060 Comm: sh Not tainted 6.14.0-rc7-next-20250317-dirty #38 Hardware name: NXP i.MX8MPlus EVK board (DT) pstate: a0000005 (NzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __pi_memcpy_generic+0x110/0x22c lr : rproc_start+0x88/0x1e0 Call trace: __pi_memcpy_generic+0x110/0x22c (P) rproc_boot+0x198/0x57c state_store+0x40/0x104 dev_attr_store+0x18/0x2c sysfs_kf_write+0x7c/0x94 kernfs_fop_write_iter+0x120/0x1cc vfs_write+0x240/0x378 ksys_write+0x70/0x108 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x48/0x10c el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xcc el0t_64_sync_handler+0x10c/0x138 el0t_64_sync+0x198/0x19c

Clear rproc->table_sz to address the issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38152"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-18T07:15:43Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Clear table_sz when rproc_shutdown\n\nThere is case as below could trigger kernel dump:\nUse U-Boot to start remote processor(rproc) with resource table\npublished to a fixed address by rproc. After Kernel boots up,\nstop the rproc, load a new firmware which doesn\u0027t have resource table\n,and start rproc.\n\nWhen starting rproc with a firmware not have resource table,\n`memcpy(loaded_table, rproc-\u003ecached_table, rproc-\u003etable_sz)` will\ntrigger dump, because rproc-\u003ecache_table is set to NULL during the last\nstop operation, but rproc-\u003etable_sz is still valid.\n\nThis issue is found on i.MX8MP and i.MX9.\n\nDump as below:\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000000\nMem abort info:\n  ESR = 0x0000000096000004\n  EC = 0x25: DABT (current EL), IL = 32 bits\n  SET = 0, FnV = 0\n  EA = 0, S1PTW = 0\n  FSC = 0x04: level 0 translation fault\nData abort info:\n  ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n  CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000010af63000\n[0000000000000000] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nModules linked in:\nCPU: 2 UID: 0 PID: 1060 Comm: sh Not tainted 6.14.0-rc7-next-20250317-dirty #38\nHardware name: NXP i.MX8MPlus EVK board (DT)\npstate: a0000005 (NzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __pi_memcpy_generic+0x110/0x22c\nlr : rproc_start+0x88/0x1e0\nCall trace:\n __pi_memcpy_generic+0x110/0x22c (P)\n rproc_boot+0x198/0x57c\n state_store+0x40/0x104\n dev_attr_store+0x18/0x2c\n sysfs_kf_write+0x7c/0x94\n kernfs_fop_write_iter+0x120/0x1cc\n vfs_write+0x240/0x378\n ksys_write+0x70/0x108\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x30/0xcc\n el0t_64_sync_handler+0x10c/0x138\n el0t_64_sync+0x198/0x19c\n\nClear rproc-\u003etable_sz to address the issue.",
  "id": "GHSA-2gp8-xhxh-8h9c",
  "modified": "2025-11-03T21:33:40Z",
  "published": "2025-04-18T15:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38152"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/068f6648ff5b0c7adeb6c363fae7fb188aa178fa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2df19f5f6f72da6f6ebab7cdb3a3b9f7686bb476"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6e66bca8cd51ebedd5d32426906a38e4a3c69c5f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7c6bb82a6f3da6ab2d3fbea03901482231708b98"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e0fd2a3b9852ac3cf540edb06ccc0153b38b5af"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e6015ca453b82ec54aec9682dcc38773948fcc48"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/efdde3d73ab25cef4ff2d06783b0aad8b093c0e4"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2GPQ-MC93-WWWP

Vulnerability from github – Published: 2025-01-19 12:31 – Updated: 2026-05-12 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy

As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons:

  • Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns.

  • current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2).

The 'net' structure can be obtained from the table->data using container_of().

Note that table->data could also be used directly, as this is the only member needed from the 'net' structure, but that would increase the size of this fix, to use '*data' everywhere 'net->sctp.sctp_hmac_alg' is used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21640"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-19T11:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n  from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n  (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n  syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
  "id": "GHSA-2gpq-mc93-wwwp",
  "modified": "2026-05-12T15:30:43Z",
  "published": "2025-01-19T12:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21640"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/03ca51faba2b017bf6c90e139434c4117d0afcdc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1031462a944ba0fa83c25ab1111465f8345b5589"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3cd0659deb9c03535fd61839e91d4d4d3e51ac71"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5599b212d2f4466e1832a94e9932684aaa364587"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/86ddf8118123cb58a0fb8724cad6979c4069065b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ad673e514b2793b8d5902f6ba6ab7e890dea23d5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ea62dd1383913b5999f3d16ae99d411f41b528d4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f0bb3935470684306e4e04793a20ac4c4b08de0b"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2GQH-HPCC-JMX2

Vulnerability from github – Published: 2022-05-19 00:00 – Updated: 2022-05-27 00:01
VLAI
Details

There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27548"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-18T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.",
  "id": "GHSA-2gqh-hpcc-jmx2",
  "modified": "2022-05-27T00:01:28Z",
  "published": "2022-05-19T00:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27548"
    },
    {
      "type": "WEB",
      "url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42115"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2H43-P8W8-3PQ4

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2023-05-05 21:31
VLAI
Details

An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-23930"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-21T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service.",
  "id": "GHSA-2h43-p8w8-3pq4",
  "modified": "2023-05-05T21:31:08Z",
  "published": "2022-05-24T17:48:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-23930"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/1565"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/9eeac00b38348c664dfeae2525bba0cf1bc32349"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2H74-XCWF-23J7

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15
VLAI
Details

An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function list_iterator_next() located in gravity_core.c. It allows an attacker to cause Denial of Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-32285"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-20T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function list_iterator_next() located in gravity_core.c. It allows an attacker to cause Denial of Service.",
  "id": "GHSA-2h74-xcwf-23j7",
  "modified": "2022-05-24T19:15:13Z",
  "published": "2022-05-24T19:15:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32285"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcobambini/gravity/issues/319"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-2H84-JHPC-6PX2

Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2025-11-03 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw

This commit addresses a potential null pointer dereference issue in the dcn32_init_hw function. The issue could occur when dc->clk_mgr is null.

The fix adds a check to ensure dc->clk_mgr is not null before accessing its functions. This prevents a potential null pointer dereference.

Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn32/dcn32_hwseq.c:961 dcn32_init_hw() error: we previously assumed 'dc->clk_mgr' could be null (see line 782)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49915"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:13Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn32_init_hw` function. The issue could occur when `dc-\u003eclk_mgr` is\nnull.\n\nThe fix adds a check to ensure `dc-\u003eclk_mgr` is not null before\naccessing its functions. This prevents a potential null pointer\ndereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn32/dcn32_hwseq.c:961 dcn32_init_hw() error: we previously assumed \u0027dc-\u003eclk_mgr\u0027 could be null (see line 782)",
  "id": "GHSA-2h84-jhpc-6px2",
  "modified": "2025-11-03T21:31:22Z",
  "published": "2024-10-21T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49915"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d94d9cbd9fec7344d230c4f7b781826f7799c60"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7d1854c86d02cea8f8a0c0ca05f4ab14292baf3d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c395fd47d1565bd67671f45cca281b3acc2c31ef"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ec1be3c527b4a5fc85bcc1b0be7cec08bf60c796"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f0454b3cb0584a6bf275aeb49be61a760fd546a2"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2H85-GG66-HCCV

Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2025-09-23 12:31
VLAI
Details

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-37045"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-22T16:15:23Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later",
  "id": "GHSA-2h85-gg66-hccv",
  "modified": "2025-09-23T12:31:11Z",
  "published": "2024-11-22T21:32:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37045"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-24-43"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.