Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-H7Q2-H7P3-JWMJ

Vulnerability from github – Published: 2024-11-19 03:31 – Updated: 2024-11-27 18:34
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

dm: fix a crash if blk_alloc_disk fails

If blk_alloc_disk fails, the variable md->disk is set to an error value. cleanup_mapped_device will see that md->disk is non-NULL and it will attempt to access it, causing a crash on this statement "md->disk->private_data = NULL;".

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50277"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-19T02:16:30Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix a crash if blk_alloc_disk fails\n\nIf blk_alloc_disk fails, the variable md-\u003edisk is set to an error value.\ncleanup_mapped_device will see that md-\u003edisk is non-NULL and it will\nattempt to access it, causing a crash on this statement\n\"md-\u003edisk-\u003eprivate_data = NULL;\".",
  "id": "GHSA-h7q2-h7p3-jwmj",
  "modified": "2024-11-27T18:34:01Z",
  "published": "2024-11-19T03:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50277"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d7aec2a06730b774a97caaf48cbbc58330a85829"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fed13a5478680614ba97fc87e71f16e2e197912e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H7QC-WR5G-5R6R

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03
VLAI
Details

FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-20450"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-25T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service.",
  "id": "GHSA-h7qc-wr5g-5r6r",
  "modified": "2022-05-24T19:03:10Z",
  "published": "2022-05-24T19:03:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20450"
    },
    {
      "type": "WEB",
      "url": "https://trac.ffmpeg.org/ticket/7993"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4998"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-H7WQ-JJ8R-QM7P

Vulnerability from github – Published: 2024-11-17 12:30 – Updated: 2024-11-19 20:25
VLAI
Summary
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
Details

A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "k8s.io/kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.27.0-alpha.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-0793"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-18T20:08:13Z",
    "nvd_published_at": "2024-11-17T11:15:06Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.",
  "id": "GHSA-h7wq-jj8r-qm7p",
  "modified": "2024-11-19T20:25:29Z",
  "published": "2024-11-17T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0793"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/issues/107038#issuecomment-1911327145"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openshift/kubernetes/pull/1876"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:0741"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1267"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0793"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2214402"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kubernetes/kubernetes"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2024-3277"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Kubernetes Nil pointer dereference in KCM after v1 HPA patch request"
}

GHSA-H824-5Q6W-Q27X

Vulnerability from github – Published: 2022-05-14 03:56 – Updated: 2025-04-12 13:07
VLAI
Details

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-5423"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-09T23:59:00Z",
    "severity": "HIGH"
  },
  "details": "PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.",
  "id": "GHSA-h824-5q6w-q27x",
  "modified": "2025-04-12T13:07:01Z",
  "published": "2022-05-14T03:56:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5423"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2425"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1364001"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201701-33"
    },
    {
      "type": "WEB",
      "url": "https://www.postgresql.org/about/news/1688"
    },
    {
      "type": "WEB",
      "url": "https://www.postgresql.org/docs/current/static/release-9-1-23.html"
    },
    {
      "type": "WEB",
      "url": "https://www.postgresql.org/docs/current/static/release-9-2-18.html"
    },
    {
      "type": "WEB",
      "url": "https://www.postgresql.org/docs/current/static/release-9-3-14.html"
    },
    {
      "type": "WEB",
      "url": "https://www.postgresql.org/docs/current/static/release-9-4-9.html"
    },
    {
      "type": "WEB",
      "url": "https://www.postgresql.org/docs/current/static/release-9-5-4.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-1781.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-1820.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-1821.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2606.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3646"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92433"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036617"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H82H-RG57-CR4V

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30
VLAI
Details

Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-9746"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-14T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL.",
  "id": "GHSA-h82h-rg57-cr4v",
  "modified": "2022-05-24T17:30:42Z",
  "published": "2022-05-24T17:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9746"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb20-58.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-H86Q-M6J3-RP6P

Vulnerability from github – Published: 2022-05-14 03:05 – Updated: 2022-05-14 03:05
VLAI
Details

The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-16914"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-31T22:29:00Z",
    "severity": "HIGH"
  },
  "details": "The \"stub_send_ret_submit()\" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.",
  "id": "GHSA-h86q-m6j3-rp6p",
  "modified": "2022-05-14T03:05:18Z",
  "published": "2022-05-14T03:05:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16914"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=be6123df1ea8f01ee2f896a16c2b7be3e4557a5a"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://secuniaresearch.flexerasoftware.com/advisories/80722"
    },
    {
      "type": "WEB",
      "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3619-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3619-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3754-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4187"
    },
    {
      "type": "WEB",
      "url": "https://www.spinics.net/lists/linux-usb/msg163480.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102150"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H88H-485V-Q9QV

Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-04-27 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

xfs: avoid dereferencing log items after push callbacks

After xfsaild_push_item() calls iop_push(), the log item may have been freed if the AIL lock was dropped during the push. Background inode reclaim or the dquot shrinker can free the log item while the AIL lock is not held, and the tracepoints in the switch statement dereference the log item after iop_push() returns.

Fix this by capturing the log item type, flags, and LSN before calling xfsaild_push_item(), and introducing a new xfs_ail_push_class trace event class that takes these pre-captured values and the ailp pointer instead of the log item pointer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31453"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-22T14:16:39Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: avoid dereferencing log items after push callbacks\n\nAfter xfsaild_push_item() calls iop_push(), the log item may have been\nfreed if the AIL lock was dropped during the push. Background inode\nreclaim or the dquot shrinker can free the log item while the AIL lock\nis not held, and the tracepoints in the switch statement dereference\nthe log item after iop_push() returns.\n\nFix this by capturing the log item type, flags, and LSN before calling\nxfsaild_push_item(), and introducing a new xfs_ail_push_class trace\nevent class that takes these pre-captured values and the ailp pointer\ninstead of the log item pointer.",
  "id": "GHSA-h88h-485v-q9qv",
  "modified": "2026-04-27T15:30:38Z",
  "published": "2026-04-22T15:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31453"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/451c6329d9afa45862c36fe6677eb7750db60617"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7121b22b0bac89394cc4c6a54b5aebc15347bdf5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/79ef34ec0554ec04bdbafafbc9836423734e1bd6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/95fb5d643cc70959baa54cd17f52f80ffc3295e7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c4d603e8e58a3bf35480135ccca2b4f7238abda5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c8a2ab339b88d10fc34a3318c92f07d8a467019d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H88R-39VX-9655

Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-11-03 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath10k: avoid NULL pointer error during sdio remove

When running 'rmmod ath10k', ath10k_sdio_remove() will free sdio workqueue by destroy_workqueue(). But if CONFIG_INIT_ON_FREE_DEFAULT_ON is set to yes, kernel panic will happen: Call trace: destroy_workqueue+0x1c/0x258 ath10k_sdio_remove+0x84/0x94 sdio_bus_remove+0x50/0x16c device_release_driver_internal+0x188/0x25c device_driver_detach+0x20/0x2c

This is because during 'rmmod ath10k', ath10k_sdio_remove() will call ath10k_core_destroy() before destroy_workqueue(). wiphy_dev_release() will finally be called in ath10k_core_destroy(). This function will free struct cfg80211_registered_device *rdev and all its members, including wiphy, dev and the pointer of sdio workqueue. Then the pointer of sdio workqueue will be set to NULL due to CONFIG_INIT_ON_FREE_DEFAULT_ON.

After device release, destroy_workqueue() will use NULL pointer then the kernel panic happen.

Call trace: ath10k_sdio_remove ->ath10k_core_unregister …… ->ath10k_core_stop ->ath10k_hif_stop ->ath10k_sdio_irq_disable ->ath10k_hif_power_down ->del_timer_sync(&ar_sdio->sleep_timer) ->ath10k_core_destroy ->ath10k_mac_destroy ->ieee80211_free_hw ->wiphy_free …… ->wiphy_dev_release ->destroy_workqueue

Need to call destroy_workqueue() before ath10k_core_destroy(), free the work queue buffer first and then free pointer of work queue by ath10k_core_destroy(). This order matches the error path order in ath10k_sdio_probe().

No work will be queued on sdio workqueue between it is destroyed and ath10k_core_destroy() is called. Based on the call_stack above, the reason is: Only ath10k_sdio_sleep_timer_handler(), ath10k_sdio_hif_tx_sg() and ath10k_sdio_irq_disable() will queue work on sdio workqueue. Sleep timer will be deleted before ath10k_core_destroy() in ath10k_hif_power_down(). ath10k_sdio_irq_disable() only be called in ath10k_hif_stop(). ath10k_core_unregister() will call ath10k_hif_power_down() to stop hif bus, so ath10k_sdio_hif_tx_sg() won't be called anymore.

Tested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00189

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56599"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-27T15:15:19Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: avoid NULL pointer error during sdio remove\n\nWhen running \u0027rmmod ath10k\u0027, ath10k_sdio_remove() will free sdio\nworkqueue by destroy_workqueue(). But if CONFIG_INIT_ON_FREE_DEFAULT_ON\nis set to yes, kernel panic will happen:\nCall trace:\n destroy_workqueue+0x1c/0x258\n ath10k_sdio_remove+0x84/0x94\n sdio_bus_remove+0x50/0x16c\n device_release_driver_internal+0x188/0x25c\n device_driver_detach+0x20/0x2c\n\nThis is because during \u0027rmmod ath10k\u0027, ath10k_sdio_remove() will call\nath10k_core_destroy() before destroy_workqueue(). wiphy_dev_release()\nwill finally be called in ath10k_core_destroy(). This function will free\nstruct cfg80211_registered_device *rdev and all its members, including\nwiphy, dev and the pointer of sdio workqueue. Then the pointer of sdio\nworkqueue will be set to NULL due to CONFIG_INIT_ON_FREE_DEFAULT_ON.\n\nAfter device release, destroy_workqueue() will use NULL pointer then the\nkernel panic happen.\n\nCall trace:\nath10k_sdio_remove\n  -\u003eath10k_core_unregister\n    \u2026\u2026\n    -\u003eath10k_core_stop\n      -\u003eath10k_hif_stop\n        -\u003eath10k_sdio_irq_disable\n    -\u003eath10k_hif_power_down\n      -\u003edel_timer_sync(\u0026ar_sdio-\u003esleep_timer)\n  -\u003eath10k_core_destroy\n    -\u003eath10k_mac_destroy\n      -\u003eieee80211_free_hw\n        -\u003ewiphy_free\n    \u2026\u2026\n          -\u003ewiphy_dev_release\n  -\u003edestroy_workqueue\n\nNeed to call destroy_workqueue() before ath10k_core_destroy(), free\nthe work queue buffer first and then free pointer of work queue by\nath10k_core_destroy(). This order matches the error path order in\nath10k_sdio_probe().\n\nNo work will be queued on sdio workqueue between it is destroyed and\nath10k_core_destroy() is called. Based on the call_stack above, the\nreason is:\nOnly ath10k_sdio_sleep_timer_handler(), ath10k_sdio_hif_tx_sg() and\nath10k_sdio_irq_disable() will queue work on sdio workqueue.\nSleep timer will be deleted before ath10k_core_destroy() in\nath10k_hif_power_down().\nath10k_sdio_irq_disable() only be called in ath10k_hif_stop().\nath10k_core_unregister() will call ath10k_hif_power_down() to stop hif\nbus, so ath10k_sdio_hif_tx_sg() won\u0027t be called anymore.\n\nTested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00189",
  "id": "GHSA-h88r-39vx-9655",
  "modified": "2025-11-03T21:31:54Z",
  "published": "2024-12-27T15:31:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56599"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/27d5d217ae7ffb99dd623375a17a7d3418d9c755"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/27fda36eedad9e4ec795dc481f307901d1885112"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/543c0924d446b21f35701ca084d7feca09511220"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6e5dbd1c04abf2c19b2282915e6fa48b6ccc6921"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/95c38953cb1ecf40399a676a1f85dfe2b5780a9a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b35de9e01fc79c7baac666fb2dcb4ba7698a1d97"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H8C2-87VW-JWFW

Vulnerability from github – Published: 2024-05-22 09:31 – Updated: 2024-11-01 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: encx24j600: check error in devm_regmap_init_encx24j600

devm_regmap_init may return error which caused by like out of memory, this will results in null pointer dereference later when reading or writing register:

general protection fault in encx24j600_spi_probe KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097] CPU: 0 PID: 286 Comm: spi-encx24j600- Not tainted 5.15.0-rc2-00142-g9978db750e31-dirty #11 9c53a778c1306b1b02359f3c2bbedc0222cba652 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:regcache_cache_bypass drivers/base/regmap/regcache.c:540 Code: 54 41 89 f4 55 53 48 89 fb 48 83 ec 08 e8 26 94 a8 fe 48 8d bb a0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 4a 03 00 00 4c 8d ab b0 00 00 00 48 8b ab a0 00 RSP: 0018:ffffc900010476b8 EFLAGS: 00010207 RAX: dffffc0000000000 RBX: fffffffffffffff4 RCX: 0000000000000000 RDX: 0000000000000012 RSI: ffff888002de0000 RDI: 0000000000000094 RBP: ffff888013c9a000 R08: 0000000000000000 R09: fffffbfff3f9cc6a R10: ffffc900010476e8 R11: fffffbfff3f9cc69 R12: 0000000000000001 R13: 000000000000000a R14: ffff888013c9af54 R15: ffff888013c9ad08 FS: 00007ffa984ab580(0000) GS:ffff88801fe00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055a6384136c8 CR3: 000000003bbe6003 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: encx24j600_spi_probe drivers/net/ethernet/microchip/encx24j600.c:459 spi_probe drivers/spi/spi.c:397 really_probe drivers/base/dd.c:517 __driver_probe_device drivers/base/dd.c:751 driver_probe_device drivers/base/dd.c:782 __device_attach_driver drivers/base/dd.c:899 bus_for_each_drv drivers/base/bus.c:427 __device_attach drivers/base/dd.c:971 bus_probe_device drivers/base/bus.c:487 device_add drivers/base/core.c:3364 __spi_add_device drivers/spi/spi.c:599 spi_add_device drivers/spi/spi.c:641 spi_new_device drivers/spi/spi.c:717 new_device_store+0x18c/0x1f1 [spi_stub 4e02719357f1ff33f5a43d00630982840568e85e] dev_attr_store drivers/base/core.c:2074 sysfs_kf_write fs/sysfs/file.c:139 kernfs_fop_write_iter fs/kernfs/file.c:300 new_sync_write fs/read_write.c:508 (discriminator 4) vfs_write fs/read_write.c:594 ksys_write fs/read_write.c:648 do_syscall_64 arch/x86/entry/common.c:50 entry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:113

Add error check in devm_regmap_init_encx24j600 to avoid this situation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47440"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-22T07:15:09Z",
    "severity": "LOW"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: encx24j600: check error in devm_regmap_init_encx24j600\n\ndevm_regmap_init may return error which caused by like out of memory,\nthis will results in null pointer dereference later when reading\nor writing register:\n\ngeneral protection fault in encx24j600_spi_probe\nKASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]\nCPU: 0 PID: 286 Comm: spi-encx24j600- Not tainted 5.15.0-rc2-00142-g9978db750e31-dirty #11 9c53a778c1306b1b02359f3c2bbedc0222cba652\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nRIP: 0010:regcache_cache_bypass drivers/base/regmap/regcache.c:540\nCode: 54 41 89 f4 55 53 48 89 fb 48 83 ec 08 e8 26 94 a8 fe 48 8d bb a0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4a 03 00 00 4c 8d ab b0 00 00 00 48 8b ab a0 00\nRSP: 0018:ffffc900010476b8 EFLAGS: 00010207\nRAX: dffffc0000000000 RBX: fffffffffffffff4 RCX: 0000000000000000\nRDX: 0000000000000012 RSI: ffff888002de0000 RDI: 0000000000000094\nRBP: ffff888013c9a000 R08: 0000000000000000 R09: fffffbfff3f9cc6a\nR10: ffffc900010476e8 R11: fffffbfff3f9cc69 R12: 0000000000000001\nR13: 000000000000000a R14: ffff888013c9af54 R15: ffff888013c9ad08\nFS:  00007ffa984ab580(0000) GS:ffff88801fe00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055a6384136c8 CR3: 000000003bbe6003 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n encx24j600_spi_probe drivers/net/ethernet/microchip/encx24j600.c:459\n spi_probe drivers/spi/spi.c:397\n really_probe drivers/base/dd.c:517\n __driver_probe_device drivers/base/dd.c:751\n driver_probe_device drivers/base/dd.c:782\n __device_attach_driver drivers/base/dd.c:899\n bus_for_each_drv drivers/base/bus.c:427\n __device_attach drivers/base/dd.c:971\n bus_probe_device drivers/base/bus.c:487\n device_add drivers/base/core.c:3364\n __spi_add_device drivers/spi/spi.c:599\n spi_add_device drivers/spi/spi.c:641\n spi_new_device drivers/spi/spi.c:717\n new_device_store+0x18c/0x1f1 [spi_stub 4e02719357f1ff33f5a43d00630982840568e85e]\n dev_attr_store drivers/base/core.c:2074\n sysfs_kf_write fs/sysfs/file.c:139\n kernfs_fop_write_iter fs/kernfs/file.c:300\n new_sync_write fs/read_write.c:508 (discriminator 4)\n vfs_write fs/read_write.c:594\n ksys_write fs/read_write.c:648\n do_syscall_64 arch/x86/entry/common.c:50\n entry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:113\n\nAdd error check in devm_regmap_init_encx24j600 to avoid this situation.",
  "id": "GHSA-h8c2-87vw-jwfw",
  "modified": "2024-11-01T18:31:26Z",
  "published": "2024-05-22T09:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47440"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/322c0e53496309e634d9db7349678eaad1d25b55"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4c2eb80fc90b05559ce6ed1b8dfb2348420b5644"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5e5494e6fc8a29c927e0478bec4a078a40da8901"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/66358471fa75a713fd76bc8a4bd74cb14cd50a4f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e19c10d6e07c59c96e90fe053a72683ad8b0397e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f03dca0c9e2297c84a018e306f8a9cd534ee4287"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f043fac1133a6c5ef960a8422c0f6dd711dee462"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fddc7f678d7fb93caa0d7bc512f968ff1e2bddbc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H8GW-F6PQ-8CG5

Vulnerability from github – Published: 2022-02-11 00:01 – Updated: 2022-02-11 00:01
VLAI
Details

NULL Pointer Dereference in Homebrew mruby prior to 3.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0481"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-04T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "NULL Pointer Dereference in Homebrew mruby prior to 3.2.",
  "id": "GHSA-h8gw-f6pq-8cg5",
  "modified": "2022-02-11T00:01:18Z",
  "published": "2022-02-11T00:01:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0481"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mruby/mruby/commit/ae3c99767a27f5c6c584162e2adc6a5d0eb2c54e"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/54725c8c-87f4-41b6-878c-01d8e0ee7027"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.