Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-J7J6-3WM7-39P3

Vulnerability from github – Published: 2024-08-14 03:31 – Updated: 2024-08-14 03:31
VLAI
Details

A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-37399"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-14T03:15:04Z",
    "severity": "HIGH"
  },
  "details": "A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.",
  "id": "GHSA-j7j6-3wm7-39p3",
  "modified": "2024-08-14T03:31:10Z",
  "published": "2024-08-14T03:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37399"
    },
    {
      "type": "WEB",
      "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J7JQ-VQM4-W5Q8

Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2024-04-04 02:23
VLAI
Details

Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The process_header_end() function calls boa_atoi(), which ultimately calls atoi() on a NULL pointer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-17502"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-12T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The process_header_end() function calls boa_atoi(), which ultimately calls atoi() on a NULL pointer.",
  "id": "GHSA-j7jq-vqm4-w5q8",
  "modified": "2024-04-04T02:23:22Z",
  "published": "2022-05-24T16:58:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17502"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/fxb6476/0b9883a88ff2ca40de46a8469834e16c"
    },
    {
      "type": "WEB",
      "url": "http://hydra.hellug.gr"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J7MH-F4M8-8FJW

Vulnerability from github – Published: 2022-06-14 00:00 – Updated: 2022-06-19 00:00
VLAI
Details

The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-31763"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-13T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability.",
  "id": "GHSA-j7mh-f4m8-8fjw",
  "modified": "2022-06-19T00:00:23Z",
  "published": "2022-06-14T00:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31763"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2022/6"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202206-0000001270350482"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J7MJ-6W2Q-P8RP

Vulnerability from github – Published: 2025-08-22 18:31 – Updated: 2026-01-07 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ice: Fix a null pointer dereference in ice_copy_and_init_pkg()

Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38664"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-22T16:15:41Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix a null pointer dereference in ice_copy_and_init_pkg()\n\nAdd check for the return value of devm_kmemdup()\nto prevent potential null pointer dereference.",
  "id": "GHSA-j7mj-6w2q-p8rp",
  "modified": "2026-01-07T18:30:22Z",
  "published": "2025-08-22T18:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38664"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0fde7dccbf4c8a6d7940ecaf4c3d80a12f405dd7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1c30093d58cd3d02d8358e2b1f4a06a0aae0bf5b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3028f2a4e746b499043bbb8ab816f975473a0535"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/35370d3b44efe194fd5ad55bac987e629597d782"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/435462f8ab2b9c5340a5414ce02f70117d0cfede"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4ff12d82dac119b4b99b5a78b5af3bf2474c0a36"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6d640a8ea62435a7f6f89869bee4fa99423d07ca"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7c5a13c76dd37e9e4f8d48b87376a54f4399ce15"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J7R4-W7Q6-V5VG

Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2024-06-03 18:55
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix potential null pointer derefernce

The amdgpu_ras_get_context may return NULL if device not support ras feature, so add check before using.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52814"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T16:15:19Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential null pointer derefernce\n\nThe amdgpu_ras_get_context may return NULL if device\nnot support ras feature, so add check before using.",
  "id": "GHSA-j7r4-w7q6-v5vg",
  "modified": "2024-06-03T18:55:26Z",
  "published": "2024-05-21T18:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52814"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/80285ae1ec8717b597b20de38866c29d84d321a1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9b70fc7d70e8ef7c4a65034c9487f58609e708a1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b0702ee4d811708251cdf54d4a1d3e888d365111"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b93a25de28af153312f0fc979b0663fc4bd3442b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c11cf5e117f50f5a767054600885acd981449afe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/da46e63482fdc5e35c008865c22ac64027f6f0c2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J7XM-PF76-QWW8

Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2024-10-31 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool

In practice the driver should never send more commands than are allocated to a queue's event pool. In the unlikely event that this happens, the code asserts a BUG_ON, and in the case that the kernel is not configured to crash on panic returns a junk event pointer from the empty event list causing things to spiral from there. This BUG_ON is a historical artifact of the ibmvfc driver first being upstreamed, and it is well known now that the use of BUG_ON is bad practice except in the most unrecoverable scenario. There is nothing about this scenario that prevents the driver from recovering and carrying on.

Remove the BUG_ON in question from ibmvfc_get_event() and return a NULL pointer in the case of an empty event pool. Update all call sites to ibmvfc_get_event() to check for a NULL pointer and perfrom the appropriate failure or recovery action.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52811"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T16:15:19Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ibmvfc: Remove BUG_ON in the case of an empty event pool\n\nIn practice the driver should never send more commands than are allocated\nto a queue\u0027s event pool. In the unlikely event that this happens, the code\nasserts a BUG_ON, and in the case that the kernel is not configured to\ncrash on panic returns a junk event pointer from the empty event list\ncausing things to spiral from there. This BUG_ON is a historical artifact\nof the ibmvfc driver first being upstreamed, and it is well known now that\nthe use of BUG_ON is bad practice except in the most unrecoverable\nscenario. There is nothing about this scenario that prevents the driver\nfrom recovering and carrying on.\n\nRemove the BUG_ON in question from ibmvfc_get_event() and return a NULL\npointer in the case of an empty event pool. Update all call sites to\nibmvfc_get_event() to check for a NULL pointer and perfrom the appropriate\nfailure or recovery action.",
  "id": "GHSA-j7xm-pf76-qww8",
  "modified": "2024-10-31T18:31:16Z",
  "published": "2024-05-21T18:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52811"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/88984ec4792766df5a9de7a2ff2b5f281f94c7d4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8bbe784c2ff28d56ca0c548aaf3e584edc77052d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b39f2d10b86d0af353ea339e5815820026bca48f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d2af4ef80601224b90630c1ddc7cd2c7c8ab4dd8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e1d1f79b1929dce470a5dc9281c574cd58e8c6c0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J839-J793-GH47

Vulnerability from github – Published: 2023-07-06 15:30 – Updated: 2024-04-04 05:26
VLAI
Details

Vulnerability of incomplete input parameter verification in the communication framework module. Successful exploitation of this vulnerability may affect availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-34164"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-06T13:15:10Z",
    "severity": "HIGH"
  },
  "details": "Vulnerability of incomplete input parameter verification in the communication framework module. Successful exploitation of this vulnerability may affect availability.",
  "id": "GHSA-j839-j793-gh47",
  "modified": "2024-04-04T05:26:21Z",
  "published": "2023-07-06T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34164"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2023/7"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J842-XGM4-WF88

Vulnerability from github – Published: 2025-11-21 18:03 – Updated: 2026-06-06 00:34
VLAI
Summary
MLX has Wild Pointer Dereference in load_gguf()
Details

Summary

Segmentation fault in mlx::core::load_gguf() when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash.

Environment: - OS: Ubuntu 20.04.6 LTS - Compiler: Clang 19.1.7

Vulnerability

Location: mlx/io/gguf.cpp - Function extract_tensor_data() at lines 59-79 - Vulnerable memcpy at lines 64-67 - Called from load_arrays() at line 177

The Bug:

std::tuple<allocator::Buffer, Dtype> extract_tensor_data(gguf_tensor* tensor) {
  std::optional<Dtype> equivalent_dtype = gguf_type_to_dtype(tensor->type);
  if (equivalent_dtype.has_value()) {
    allocator::Buffer buffer = allocator::malloc(tensor->bsize);
    memcpy(
        buffer.raw_ptr(),
        tensor->weights_data,  // untrusted pointer from gguflib
        tensor->num_weights * equivalent_dtype.value().size());
    return {buffer, equivalent_dtype.value()};
  }
  // ...
}

Possible Fix

std::tuple<allocator::Buffer, Dtype> extract_tensor_data(gguf_tensor* tensor) {
  std::optional<Dtype> equivalent_dtype = gguf_type_to_dtype(tensor->type);
  if (equivalent_dtype.has_value()) {
    // FIX: Validate pointer
    if (!tensor->weights_data) {
      throw std::runtime_error("[load_gguf] NULL tensor data pointer");
    }

    allocator::Buffer buffer = allocator::malloc(tensor->bsize);
    memcpy(
        buffer.raw_ptr(),
        tensor->weights_data,
        tensor->num_weights * equivalent_dtype.value().size());
    return {buffer, equivalent_dtype.value()};
  }
  // ...
}

PoC

# Install MLX
pip install mlx

python3 -c "import mlx.core as mx; mx.load('exploit.gguf', format='gguf')"

Download the poc file there, or let me know how I can send it to you.

AddressSanitizer Output (with instrumented build):

AddressSanitizer:DEADLYSIGNAL
=================================================================
==5855==ERROR: AddressSanitizer: SEGV on unknown address 0x7fc432f64bc0 (pc 0x7fc430841c12 bp 0x7ffc04847ab0 sp 0x7ffc04847268 T0)
==5855==The signal is caused by a READ memory access.
    #0 0x7fc430841c12  /build/glibc-B3wQXB/glibc-2.31/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:312
    #1 0x55aac829756b in __asan_memcpy (/home/user1/mlx/fuzz/load_gguf/fuzz_load_gguf+0x9ef56b) (BuildId: 57467f1ce96052757daeef4b04739be7f23c5f1f)
    #2 0x55aacaa6e8dc in mlx::core::extract_tensor_data(gguf_tensor*) /home/user1/mlx/mlx/io/gguf.cpp:64:5
    #3 0x55aacaa773fc in mlx::core::load_arrays[abi:cxx11](gguf_ctx*) /home/user1/mlx/mlx/io/gguf.cpp:226:35
    #4 0x55aacaa782a9 in mlx::core::load_gguf(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::variant<std::monostate, mlx::core::Stream, mlx::core::Device>) /home/user1/mlx/mlx/io/gguf.cpp:250:17
    #5 0x55aac82dc696 in LLVMFuzzerTestOneInput /home/user1/mlx/fuzz/load_gguf/fuzz_load_gguf.cpp:49:19
    #6 0x55aac81e25c6 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/user1/mlx/fuzz/load_gguf/fuzz_load_gguf+0x93a5c6) (BuildId: 57467f1ce96052757daeef4b04739be7f23c5f1f)
    #7 0x55aac81cc738 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/user1/mlx/fuzz/load_gguf/fuzz_load_gguf+0x924738) (BuildId: 57467f1ce96052757daeef4b04739be7f23c5f1f)
    #8 0x55aac81d220a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/user1/mlx/fuzz/load_gguf/fuzz_load_gguf+0x92a20a) (BuildId: 57467f1ce96052757daeef4b04739be7f23c5f1f)
    #9 0x55aac81fbb82 in main (/home/user1/mlx/fuzz/load_gguf/fuzz_load_gguf+0x953b82) (BuildId: 57467f1ce96052757daeef4b04739be7f23c5f1f)
    #10 0x7fc4307aa082 in __libc_start_main /build/glibc-B3wQXB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #11 0x55aac81c73ed in _start (/home/user1/mlx/fuzz/load_gguf/fuzz_load_gguf+0x91f3ed) (BuildId: 57467f1ce96052757daeef4b04739be7f23c5f1f)

==5855==Register values:
rax = 0x0000502000000098  rbx = 0xfafafafa0000fa00  rcx = 0x00000a047fff8013  rdx = 0x0000000000000008
rdi = 0x0000502000000098  rsi = 0x00007fc432f64bc0  rbp = 0x00007ffc04847ab0  rsp = 0x00007ffc04847268
 r8 = 0x00000a0400000013   r9 = 0x0000000000000000  r10 = 0x00000a0400000013  r11 = 0x0000000000000000
r12 = 0x00000a047fff8010  r13 = 0xffffffffffffffc7  r14 = 0x00007fc42dd00280  r15 = 0x00000ff885ba0050
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /build/glibc-B3wQXB/glibc-2.31/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:312
==5855==ABORTING

Impact

  • Attack vector: Malicious GGUF file (model weights, typically from untrusted sources)
  • Affects: MLX users on all platforms who call the vulnerable method with unsanitized input.
  • Result: Segmentation fault (uncatchable by exception handlers)

Credits:

  • Markiyan Melnyk (ARIMLABS)
  • Mykyta Mudryi (ARIMLABS)
  • Markiyan Chaklosh (ARIMLABS)
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.29.3"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "mlx"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.29.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-62609"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-21T18:03:20Z",
    "nvd_published_at": "2025-11-21T19:16:02Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nSegmentation fault in `mlx::core::load_gguf()` when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash.\n\nEnvironment:\n- OS: Ubuntu 20.04.6 LTS\n- Compiler: Clang 19.1.7\n\n## Vulnerability\n\n**Location**: `mlx/io/gguf.cpp`\n- Function `extract_tensor_data()` at lines 59-79\n- Vulnerable memcpy at lines 64-67\n- Called from `load_arrays()` at line 177\n\n**The Bug**:\n```cpp\nstd::tuple\u003callocator::Buffer, Dtype\u003e extract_tensor_data(gguf_tensor* tensor) {\n  std::optional\u003cDtype\u003e equivalent_dtype = gguf_type_to_dtype(tensor-\u003etype);\n  if (equivalent_dtype.has_value()) {\n    allocator::Buffer buffer = allocator::malloc(tensor-\u003ebsize);\n    memcpy(\n        buffer.raw_ptr(),\n        tensor-\u003eweights_data,  // untrusted pointer from gguflib\n        tensor-\u003enum_weights * equivalent_dtype.value().size());\n    return {buffer, equivalent_dtype.value()};\n  }\n  // ...\n}\n```\n\n## Possible Fix\n\n```cpp\nstd::tuple\u003callocator::Buffer, Dtype\u003e extract_tensor_data(gguf_tensor* tensor) {\n  std::optional\u003cDtype\u003e equivalent_dtype = gguf_type_to_dtype(tensor-\u003etype);\n  if (equivalent_dtype.has_value()) {\n    // FIX: Validate pointer\n    if (!tensor-\u003eweights_data) {\n      throw std::runtime_error(\"[load_gguf] NULL tensor data pointer\");\n    }\n\n    allocator::Buffer buffer = allocator::malloc(tensor-\u003ebsize);\n    memcpy(\n        buffer.raw_ptr(),\n        tensor-\u003eweights_data,\n        tensor-\u003enum_weights * equivalent_dtype.value().size());\n    return {buffer, equivalent_dtype.value()};\n  }\n  // ...\n}\n```\n\n## PoC\n\n```bash\n# Install MLX\npip install mlx\n\npython3 -c \"import mlx.core as mx; mx.load(\u0027exploit.gguf\u0027, format=\u0027gguf\u0027)\"\n```\n\nDownload the poc file [there](https://drive.google.com/file/d/1t9Z2RJGn-oHmluKWebU077UWSMGXeuVp/view?usp=sharing), or let me know how I can send it to you.\n\n**AddressSanitizer Output (with instrumented build)**:\n```\nAddressSanitizer:DEADLYSIGNAL\n=================================================================\n==5855==ERROR: AddressSanitizer: SEGV on unknown address 0x7fc432f64bc0 (pc 0x7fc430841c12 bp 0x7ffc04847ab0 sp 0x7ffc04847268 T0)\n==5855==The signal is caused by a READ memory access.\n    #0 0x7fc430841c12  /build/glibc-B3wQXB/glibc-2.31/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:312\n    #1 0x55aac829756b in __asan_memcpy (/home/user1/mlx/fuzz/load_gguf/fuzz_load_gguf+0x9ef56b) (BuildId: 57467f1ce96052757daeef4b04739be7f23c5f1f)\n    #2 0x55aacaa6e8dc in mlx::core::extract_tensor_data(gguf_tensor*) /home/user1/mlx/mlx/io/gguf.cpp:64:5\n    #3 0x55aacaa773fc in mlx::core::load_arrays[abi:cxx11](gguf_ctx*) /home/user1/mlx/mlx/io/gguf.cpp:226:35\n    #4 0x55aacaa782a9 in mlx::core::load_gguf(std::__cxx11::basic_string\u003cchar, std::char_traits\u003cchar\u003e, std::allocator\u003cchar\u003e\u003e const\u0026, std::variant\u003cstd::monostate, mlx::core::Stream, mlx::core::Device\u003e) /home/user1/mlx/mlx/io/gguf.cpp:250:17\n    #5 0x55aac82dc696 in LLVMFuzzerTestOneInput /home/user1/mlx/fuzz/load_gguf/fuzz_load_gguf.cpp:49:19\n    #6 0x55aac81e25c6 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/user1/mlx/fuzz/load_gguf/fuzz_load_gguf+0x93a5c6) (BuildId: 57467f1ce96052757daeef4b04739be7f23c5f1f)\n    #7 0x55aac81cc738 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/user1/mlx/fuzz/load_gguf/fuzz_load_gguf+0x924738) (BuildId: 57467f1ce96052757daeef4b04739be7f23c5f1f)\n    #8 0x55aac81d220a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/user1/mlx/fuzz/load_gguf/fuzz_load_gguf+0x92a20a) (BuildId: 57467f1ce96052757daeef4b04739be7f23c5f1f)\n    #9 0x55aac81fbb82 in main (/home/user1/mlx/fuzz/load_gguf/fuzz_load_gguf+0x953b82) (BuildId: 57467f1ce96052757daeef4b04739be7f23c5f1f)\n    #10 0x7fc4307aa082 in __libc_start_main /build/glibc-B3wQXB/glibc-2.31/csu/../csu/libc-start.c:308:16\n    #11 0x55aac81c73ed in _start (/home/user1/mlx/fuzz/load_gguf/fuzz_load_gguf+0x91f3ed) (BuildId: 57467f1ce96052757daeef4b04739be7f23c5f1f)\n\n==5855==Register values:\nrax = 0x0000502000000098  rbx = 0xfafafafa0000fa00  rcx = 0x00000a047fff8013  rdx = 0x0000000000000008\nrdi = 0x0000502000000098  rsi = 0x00007fc432f64bc0  rbp = 0x00007ffc04847ab0  rsp = 0x00007ffc04847268\n r8 = 0x00000a0400000013   r9 = 0x0000000000000000  r10 = 0x00000a0400000013  r11 = 0x0000000000000000\nr12 = 0x00000a047fff8010  r13 = 0xffffffffffffffc7  r14 = 0x00007fc42dd00280  r15 = 0x00000ff885ba0050\nAddressSanitizer can not provide additional info.\nSUMMARY: AddressSanitizer: SEGV /build/glibc-B3wQXB/glibc-2.31/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:312\n==5855==ABORTING\n```\n\n## Impact\n\n- **Attack vector**: Malicious GGUF file (model weights, typically from untrusted sources)\n- **Affects**: MLX users on all platforms who call the vulnerable method with unsanitized input.\n- **Result**: Segmentation fault (uncatchable by exception handlers)\n\n---\nCredits:\n\n- Markiyan Melnyk (ARIMLABS)\n- Mykyta Mudryi (ARIMLABS)\n- Markiyan Chaklosh (ARIMLABS)",
  "id": "GHSA-j842-xgm4-wf88",
  "modified": "2026-06-06T00:34:04Z",
  "published": "2025-11-21T18:03:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ml-explore/mlx/security/advisories/GHSA-j842-xgm4-wf88"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62609"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ml-explore/mlx"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mlx/PYSEC-2025-139.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "MLX has Wild Pointer Dereference in load_gguf()"
}

GHSA-J85J-8R4R-VM4Q

Vulnerability from github – Published: 2022-05-14 01:41 – Updated: 2022-05-14 01:41
VLAI
Details

GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20431"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-24T05:29:00Z",
    "severity": "MODERATE"
  },
  "details": "GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c.",
  "id": "GHSA-j85j-8r4r-vm4q",
  "modified": "2022-05-14T01:41:42Z",
  "published": "2022-05-14T01:41:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20431"
    },
    {
      "type": "WEB",
      "url": "https://gnunet.org/bugs/view.php?id=5494"
    },
    {
      "type": "WEB",
      "url": "https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7"
    },
    {
      "type": "WEB",
      "url": "https://gnunet.org/git/libextractor.git/tree/ChangeLog"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4361"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106300"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J867-9253-8MRV

Vulnerability from github – Published: 2024-05-19 12:30 – Updated: 2025-11-04 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

pmdomain: ti: Add a null pointer check to the omap_prm_domain_init

devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35943"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-19T11:15:49Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: ti: Add a null pointer check to the omap_prm_domain_init\n\ndevm_kasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity.",
  "id": "GHSA-j867-9253-8mrv",
  "modified": "2025-11-04T00:30:48Z",
  "published": "2024-05-19T12:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35943"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/04f23510daa40f9010fadf309507564a34ad956f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5d7f58ee08434a33340f75ac7ac5071eea9673b3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/984212fa6b4bc6d9ed58f5b0838e8d5af7679ce5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bc08f5ab11b1881b85371f0bd9c9a3d27f65cca8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ce666cecc09c0f92d5f86d89d8068ecfcf723a7e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e65f7eb117e1b44742212d65784236269085e736"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.