CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-HX82-G397-5GGR
Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-07-14 15:31libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.
{
"affected": [],
"aliases": [
"CVE-2026-32778"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-16T14:19:44Z",
"severity": "LOW"
},
"details": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.",
"id": "GHSA-hx82-g397-5ggr",
"modified": "2026-07-14T15:31:39Z",
"published": "2026-03-16T15:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32778"
},
{
"type": "WEB",
"url": "https://github.com/libexpat/libexpat/pull/1159"
},
{
"type": "WEB",
"url": "https://github.com/libexpat/libexpat/pull/1163"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-HXF2-CMJ9-XX5J
Vulnerability from github – Published: 2022-05-14 00:59 – Updated: 2025-04-12 13:06For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote Desktop denial of service. A successful exploit of a vulnerable system will result in a kernel null pointer dereference, causing a blue screen crash.
{
"affected": [],
"aliases": [
"CVE-2016-4959"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-11-08T20:59:00Z",
"severity": "HIGH"
},
"details": "For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote Desktop denial of service. A successful exploit of a vulnerable system will result in a kernel null pointer dereference, causing a blue screen crash.",
"id": "GHSA-hxf2-cmj9-xx5j",
"modified": "2025-04-12T13:06:18Z",
"published": "2022-05-14T00:59:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4959"
},
{
"type": "WEB",
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"type": "WEB",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93256"
},
{
"type": "WEB",
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/warning-this-post-contains-graphic-nvidia-content"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HXMM-JMJ9-253J
Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-08 06:31In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix NULL-deref of opinfo->conn in oplock/lease break notifiers
smb2_oplock_break_noti() and smb2_lease_break_noti() read opinfo->conn into a local with neither READ_ONCE() nor a NULL check. Both run from oplock_break() after opinfo_get_list() has dropped ci->m_lock, so a concurrent SMB2 LOGOFF (session_fd_check()) can set op->conn = NULL under ci->m_lock within that window. ksmbd_conn_r_count_inc(conn) then writes through NULL at offset 0xc4 -- a remotely triggerable oops.
Guard both reads the way compare_guid_key() already does: read opinfo->conn with READ_ONCE() and return early if it is NULL, before allocating the work struct so nothing leaks. A NULL conn means the client is gone and the break is moot, so return 0; oplock_break() treats that as success and runs the normal teardown.
{
"affected": [],
"aliases": [
"CVE-2026-53271"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T09:16:45Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix NULL-deref of opinfo-\u003econn in oplock/lease break notifiers\n\nsmb2_oplock_break_noti() and smb2_lease_break_noti() read opinfo-\u003econn\ninto a local with neither READ_ONCE() nor a NULL check. Both run from\noplock_break() after opinfo_get_list() has dropped ci-\u003em_lock, so a\nconcurrent SMB2 LOGOFF (session_fd_check()) can set op-\u003econn = NULL\nunder ci-\u003em_lock within that window. ksmbd_conn_r_count_inc(conn) then\nwrites through NULL at offset 0xc4 -- a remotely triggerable oops.\n\nGuard both reads the way compare_guid_key() already does: read\nopinfo-\u003econn with READ_ONCE() and return early if it is NULL, before\nallocating the work struct so nothing leaks. A NULL conn means the\nclient is gone and the break is moot, so return 0; oplock_break() treats\nthat as success and runs the normal teardown.",
"id": "GHSA-hxmm-jmj9-253j",
"modified": "2026-07-08T06:31:34Z",
"published": "2026-06-25T09:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53271"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1ff58dcfcab434ebb51649da33774fbb8e1f7b67"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/75e33deda658c1ab3a9336cbdb1436536f9b3660"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/945a86b21b40fb17183f5b27461baa6f03e2467f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b003086d76968298f22e7cf62239833b5a3a06b1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e735dbd489e3ea02be78dba991056fe1138be51e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HXMW-J74G-J23W
Vulnerability from github – Published: 2024-04-12 18:33 – Updated: 2025-02-06 21:32A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
When Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps, an Advanced Forwarding Toolkit manager (evo-aftmand-bt) core is observed. This leads to a PFE restart. The crash reoccurs if the same sequence of events happens, which will lead to a sustained DoS condition.
This issue affects Juniper Networks Junos OS Evolved: 23.2-EVO versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.
{
"affected": [],
"aliases": [
"CVE-2024-30403"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-12T16:15:40Z",
"severity": "MODERATE"
},
"details": "A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nWhen Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps,\u00a0an\u00a0Advanced Forwarding Toolkit manager (evo-aftmand-bt) core is observed. This leads to a PFE restart. The crash reoccurs if the same sequence of events happens, which will lead to a sustained DoS condition.\n\nThis issue affects Juniper Networks Junos OS Evolved:\n23.2-EVO versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.",
"id": "GHSA-hxmw-j74g-j23w",
"modified": "2025-02-06T21:32:06Z",
"published": "2024-04-12T18:33:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30403"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA79181"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-HXPF-HC33-VM4V
Vulnerability from github – Published: 2025-07-22 18:30 – Updated: 2025-11-03 21:34A null pointer dereference vulnerability exists in the CDB2SQLQUERY protocol buffer message handling of Bloomberg Comdb2 8.1. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2025-35966"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-22T16:15:26Z",
"severity": "HIGH"
},
"details": "A null pointer dereference vulnerability exists in the CDB2SQLQUERY protocol buffer message handling of Bloomberg Comdb2 8.1. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability.",
"id": "GHSA-hxpf-hc33-vm4v",
"modified": "2025-11-03T21:34:10Z",
"published": "2025-07-22T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35966"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2201"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2201"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HXQ8-X335-P47G
Vulnerability from github – Published: 2024-03-28 00:31 – Updated: 2024-03-28 00:31NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service.
{
"affected": [],
"aliases": [
"CVE-2024-0078"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-27T22:15:09Z",
"severity": "MODERATE"
},
"details": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service.",
"id": "GHSA-hxq8-x335-p47g",
"modified": "2024-03-28T00:31:40Z",
"published": "2024-03-28T00:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0078"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5520"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HXVV-8GX6-FVGH
Vulnerability from github – Published: 2026-01-14 15:33 – Updated: 2026-03-25 21:30In the Linux kernel, the following vulnerability has been resolved:
tracing: Do not register unsupported perf events
Synthetic events currently do not have a function to register perf events. This leads to calling the tracepoint register functions with a NULL function pointer which triggers:
------------[ cut here ]------------ WARNING: kernel/tracepoint.c:175 at tracepoint_add_func+0x357/0x370, CPU#2: perf/2272 Modules linked in: kvm_intel kvm irqbypass CPU: 2 UID: 0 PID: 2272 Comm: perf Not tainted 6.18.0-ftest-11964-ge022764176fc-dirty #323 PREEMPTLAZY Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-debian-1.17.0-1 04/01/2014 RIP: 0010:tracepoint_add_func+0x357/0x370 Code: 28 9c e8 4c 0b f5 ff eb 0f 4c 89 f7 48 c7 c6 80 4d 28 9c e8 ab 89 f4 ff 31 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc <0f> 0b 49 c7 c6 ea ff ff ff e9 ee fe ff ff 0f 0b e9 f9 fe ff ff 0f RSP: 0018:ffffabc0c44d3c40 EFLAGS: 00010246 RAX: 0000000000000001 RBX: ffff9380aa9e4060 RCX: 0000000000000000 RDX: 000000000000000a RSI: ffffffff9e1d4a98 RDI: ffff937fcf5fd6c8 RBP: 0000000000000001 R08: 0000000000000007 R09: ffff937fcf5fc780 R10: 0000000000000003 R11: ffffffff9c193910 R12: 000000000000000a R13: ffffffff9e1e5888 R14: 0000000000000000 R15: ffffabc0c44d3c78 FS: 00007f6202f5f340(0000) GS:ffff93819f00f000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055d3162281a8 CR3: 0000000106a56003 CR4: 0000000000172ef0 Call Trace: tracepoint_probe_register+0x5d/0x90 synth_event_reg+0x3c/0x60 perf_trace_event_init+0x204/0x340 perf_trace_init+0x85/0xd0 perf_tp_event_init+0x2e/0x50 perf_try_init_event+0x6f/0x230 ? perf_event_alloc+0x4bb/0xdc0 perf_event_alloc+0x65a/0xdc0 __se_sys_perf_event_open+0x290/0x9f0 do_syscall_64+0x93/0x7b0 ? entry_SYSCALL_64_after_hwframe+0x76/0x7e ? trace_hardirqs_off+0x53/0xc0 entry_SYSCALL_64_after_hwframe+0x76/0x7e
Instead, have the code return -ENODEV, which doesn't warn and has perf error out with:
# perf record -e synthetic:futex_wait Error: The sys_perf_event_open() syscall returned with 19 (No such device) for event (synthetic:futex_wait). "dmesg | grep -i perf" may provide additional information.
Ideally perf should support synthetic events, but for now just fix the warning. The support can come later.
{
"affected": [],
"aliases": [
"CVE-2025-71125"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-14T15:16:02Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Do not register unsupported perf events\n\nSynthetic events currently do not have a function to register perf events.\nThis leads to calling the tracepoint register functions with a NULL\nfunction pointer which triggers:\n\n ------------[ cut here ]------------\n WARNING: kernel/tracepoint.c:175 at tracepoint_add_func+0x357/0x370, CPU#2: perf/2272\n Modules linked in: kvm_intel kvm irqbypass\n CPU: 2 UID: 0 PID: 2272 Comm: perf Not tainted 6.18.0-ftest-11964-ge022764176fc-dirty #323 PREEMPTLAZY\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-debian-1.17.0-1 04/01/2014\n RIP: 0010:tracepoint_add_func+0x357/0x370\n Code: 28 9c e8 4c 0b f5 ff eb 0f 4c 89 f7 48 c7 c6 80 4d 28 9c e8 ab 89 f4 ff 31 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc \u003c0f\u003e 0b 49 c7 c6 ea ff ff ff e9 ee fe ff ff 0f 0b e9 f9 fe ff ff 0f\n RSP: 0018:ffffabc0c44d3c40 EFLAGS: 00010246\n RAX: 0000000000000001 RBX: ffff9380aa9e4060 RCX: 0000000000000000\n RDX: 000000000000000a RSI: ffffffff9e1d4a98 RDI: ffff937fcf5fd6c8\n RBP: 0000000000000001 R08: 0000000000000007 R09: ffff937fcf5fc780\n R10: 0000000000000003 R11: ffffffff9c193910 R12: 000000000000000a\n R13: ffffffff9e1e5888 R14: 0000000000000000 R15: ffffabc0c44d3c78\n FS: 00007f6202f5f340(0000) GS:ffff93819f00f000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055d3162281a8 CR3: 0000000106a56003 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n tracepoint_probe_register+0x5d/0x90\n synth_event_reg+0x3c/0x60\n perf_trace_event_init+0x204/0x340\n perf_trace_init+0x85/0xd0\n perf_tp_event_init+0x2e/0x50\n perf_try_init_event+0x6f/0x230\n ? perf_event_alloc+0x4bb/0xdc0\n perf_event_alloc+0x65a/0xdc0\n __se_sys_perf_event_open+0x290/0x9f0\n do_syscall_64+0x93/0x7b0\n ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n ? trace_hardirqs_off+0x53/0xc0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nInstead, have the code return -ENODEV, which doesn\u0027t warn and has perf\nerror out with:\n\n # perf record -e synthetic:futex_wait\nError:\nThe sys_perf_event_open() syscall returned with 19 (No such device) for event (synthetic:futex_wait).\n\"dmesg | grep -i perf\" may provide additional information.\n\nIdeally perf should support synthetic events, but for now just fix the\nwarning. The support can come later.",
"id": "GHSA-hxvv-8gx6-fvgh",
"modified": "2026-03-25T21:30:22Z",
"published": "2026-01-14T15:33:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71125"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3437c775bf209c674ad66304213b6b3c3b1b3f69"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/65b1971147ec12f0b1cee0811c859a3d7d9b04ce"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6819bc6285c0ff835f67cfae7efebc03541782f6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6d15f08e6d8d4b4fb02d90805ea97f3e2c1d6fbc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6df47e5bb9b62d72f186f826ab643ea1856877c7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ef7f38df890f5dcd2ae62f8dbde191d72f3bebae"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7305697b60d79bc69c0a6e280fc931b4e8862dd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HXWQ-9XQ7-2QR3
Vulnerability from github – Published: 2022-05-14 00:52 – Updated: 2022-05-14 00:52Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2018-16004"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-18T17:29:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.",
"id": "GHSA-hxwq-9xq7-2qr3",
"modified": "2022-05-14T00:52:17Z",
"published": "2022-05-14T00:52:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16004"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106161"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J23C-3429-Q5QM
Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2025-11-19 15:31In the Linux kernel, the following vulnerability has been resolved:
iommu: Fix two issues in iommu_copy_struct_from_user()
In the review for iommu_copy_struct_to_user() helper, Matt pointed out that a NULL pointer should be rejected prior to dereferencing it: https://lore.kernel.org/all/86881827-8E2D-461C-BDA3-FA8FD14C343C@nvidia.com
And Alok pointed out a typo at the same time: https://lore.kernel.org/all/480536af-6830-43ce-a327-adbd13dc3f1d@oracle.com
Since both issues were copied from iommu_copy_struct_from_user(), fix them first in the current header.
{
"affected": [],
"aliases": [
"CVE-2025-37900"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-20T16:15:26Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Fix two issues in iommu_copy_struct_from_user()\n\nIn the review for iommu_copy_struct_to_user() helper, Matt pointed out that\na NULL pointer should be rejected prior to dereferencing it:\nhttps://lore.kernel.org/all/86881827-8E2D-461C-BDA3-FA8FD14C343C@nvidia.com\n\nAnd Alok pointed out a typo at the same time:\nhttps://lore.kernel.org/all/480536af-6830-43ce-a327-adbd13dc3f1d@oracle.com\n\nSince both issues were copied from iommu_copy_struct_from_user(), fix them\nfirst in the current header.",
"id": "GHSA-j23c-3429-q5qm",
"modified": "2025-11-19T15:31:28Z",
"published": "2025-05-20T18:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37900"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e303d010722787dc84d94f68d70fe10dfc1b9ea"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/30a3f2f3e4bd6335b727c83c08a982d969752bc1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/967d6f0d9a20a1bf15ee7ed881e2d4e532e22709"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J24F-GW9V-X4VP
Vulnerability from github – Published: 2022-05-24 17:12 – Updated: 2024-04-04 02:49An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affected). A malformed message 352 (who) can cause a NULL pointer dereference in the callback function, resulting in a crash.
{
"affected": [],
"aliases": [
"CVE-2020-9759"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-494"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-23T16:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affected). A malformed message 352 (who) can cause a NULL pointer dereference in the callback function, resulting in a crash.",
"id": "GHSA-j24f-gw9v-x4vp",
"modified": "2024-04-04T02:49:34Z",
"published": "2022-05-24T17:12:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9759"
},
{
"type": "WEB",
"url": "https://github.com/weechat/weechat/commit/9904cb6d2eb40f679d8ff6557c22d53a3e3dc75a"
},
{
"type": "WEB",
"url": "https://blog.recurity-labs.com/2021-02-03/webOS_Pt1.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-51"
},
{
"type": "WEB",
"url": "https://weechat.org/doc/security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.