Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-J86M-4332-JM3W

Vulnerability from github – Published: 2025-01-27 12:31 – Updated: 2025-01-27 12:31
VLAI
Details

A NULL Pointer Dereference vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0696"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-27T11:15:11Z",
    "severity": "MODERATE"
  },
  "details": "A NULL Pointer Dereference\u00a0vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input.",
  "id": "GHSA-j86m-4332-jm3w",
  "modified": "2025-01-27T12:31:11Z",
  "published": "2025-01-27T12:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0696"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-0696"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J898-M92W-4243

Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2026-06-01 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none

After grabbing q->sysfs_lock, q->elevator may become NULL because of elevator switch.

Fix the NULL dereference on q->elevator by checking it with lock.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53292"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T08:15:38Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix NULL dereference on q-\u003eelevator in blk_mq_elv_switch_none\n\nAfter grabbing q-\u003esysfs_lock, q-\u003eelevator may become NULL because of\nelevator switch.\n\nFix the NULL dereference on q-\u003eelevator by checking it with lock.",
  "id": "GHSA-j898-m92w-4243",
  "modified": "2026-06-01T18:31:21Z",
  "published": "2025-09-16T15:32:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53292"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/245165658e1c9f95c0fecfe02b9b1ebd30a1198a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3e977386521b71471e66ec2ba82efdfcc456adf2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/988ddb77218d3975dd13dee7bb0e1fae098a9fdb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J8CW-8545-7382

Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2025-04-20 03:44
VLAI
Details

In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14400"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-12T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file.",
  "id": "GHSA-j8cw-8545-7382",
  "modified": "2025-04-20T03:44:45Z",
  "published": "2022-05-13T01:17:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14400"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/746"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3681-1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100865"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J8HQ-WHGG-H7WH

Vulnerability from github – Published: 2022-05-17 02:35 – Updated: 2022-05-17 02:35
VLAI
Details

In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-9027"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-13T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.",
  "id": "GHSA-j8hq-whgg-h7wh",
  "modified": "2022-05-17T02:35:20Z",
  "published": "2022-05-17T02:35:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9027"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-06-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98874"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038623"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J8HX-6RXW-P4R9

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-07-03 18:42
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Immediately reset the MMU context when the SMM flag is cleared

Immediately reset the MMU context when the vCPU's SMM flag is cleared so that the SMM flag in the MMU role is always synchronized with the vCPU's flag. If RSM fails (which isn't correctly emulated), KVM will bail without calling post_leave_smm() and leave the MMU in a bad state.

The bad MMU role can lead to a NULL pointer dereference when grabbing a shadow page's rmap for a page fault as the initial lookups for the gfn will happen with the vCPU's SMM flag (=0), whereas the rmap lookup will use the shadow page's SMM flag, which comes from the MMU (=1). SMM has an entirely different set of memslots, and so the initial lookup can find a memslot (SMM=0) and then explode on the rmap memslot lookup (SMM=1).

general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 8410 Comm: syz-executor382 Not tainted 5.13.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__gfn_to_rmap arch/x86/kvm/mmu/mmu.c:935 [inline] RIP: 0010:gfn_to_rmap+0x2b0/0x4d0 arch/x86/kvm/mmu/mmu.c:947 Code: <42> 80 3c 20 00 74 08 4c 89 ff e8 f1 79 a9 00 4c 89 fb 4d 8b 37 44 RSP: 0018:ffffc90000ffef98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff888015b9f414 RCX: ffff888019669c40 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 RBP: 0000000000000001 R08: ffffffff811d9cdb R09: ffffed10065a6002 R10: ffffed10065a6002 R11: 0000000000000000 R12: dffffc0000000000 R13: 0000000000000003 R14: 0000000000000001 R15: 0000000000000000 FS: 000000000124b300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000028e31000 CR4: 00000000001526e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: rmap_add arch/x86/kvm/mmu/mmu.c:965 [inline] mmu_set_spte+0x862/0xe60 arch/x86/kvm/mmu/mmu.c:2604 __direct_map arch/x86/kvm/mmu/mmu.c:2862 [inline] direct_page_fault+0x1f74/0x2b70 arch/x86/kvm/mmu/mmu.c:3769 kvm_mmu_do_page_fault arch/x86/kvm/mmu.h:124 [inline] kvm_mmu_page_fault+0x199/0x1440 arch/x86/kvm/mmu/mmu.c:5065 vmx_handle_exit+0x26/0x160 arch/x86/kvm/vmx/vmx.c:6122 vcpu_enter_guest+0x3bdd/0x9630 arch/x86/kvm/x86.c:9428 vcpu_run+0x416/0xc20 arch/x86/kvm/x86.c:9494 kvm_arch_vcpu_ioctl_run+0x4e8/0xa40 arch/x86/kvm/x86.c:9722 kvm_vcpu_ioctl+0x70f/0xbb0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3460 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:1069 [inline] __se_sys_ioctl+0xfb/0x170 fs/ioctl.c:1055 do_syscall_64+0x3f/0xb0 arch/x86/entry/common.c:47 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x440ce9

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47230"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Immediately reset the MMU context when the SMM flag is cleared\n\nImmediately reset the MMU context when the vCPU\u0027s SMM flag is cleared so\nthat the SMM flag in the MMU role is always synchronized with the vCPU\u0027s\nflag.  If RSM fails (which isn\u0027t correctly emulated), KVM will bail\nwithout calling post_leave_smm() and leave the MMU in a bad state.\n\nThe bad MMU role can lead to a NULL pointer dereference when grabbing a\nshadow page\u0027s rmap for a page fault as the initial lookups for the gfn\nwill happen with the vCPU\u0027s SMM flag (=0), whereas the rmap lookup will\nuse the shadow page\u0027s SMM flag, which comes from the MMU (=1).  SMM has\nan entirely different set of memslots, and so the initial lookup can find\na memslot (SMM=0) and then explode on the rmap memslot lookup (SMM=1).\n\n  general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN\n  KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n  CPU: 1 PID: 8410 Comm: syz-executor382 Not tainted 5.13.0-rc5-syzkaller #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n  RIP: 0010:__gfn_to_rmap arch/x86/kvm/mmu/mmu.c:935 [inline]\n  RIP: 0010:gfn_to_rmap+0x2b0/0x4d0 arch/x86/kvm/mmu/mmu.c:947\n  Code: \u003c42\u003e 80 3c 20 00 74 08 4c 89 ff e8 f1 79 a9 00 4c 89 fb 4d 8b 37 44\n  RSP: 0018:ffffc90000ffef98 EFLAGS: 00010246\n  RAX: 0000000000000000 RBX: ffff888015b9f414 RCX: ffff888019669c40\n  RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001\n  RBP: 0000000000000001 R08: ffffffff811d9cdb R09: ffffed10065a6002\n  R10: ffffed10065a6002 R11: 0000000000000000 R12: dffffc0000000000\n  R13: 0000000000000003 R14: 0000000000000001 R15: 0000000000000000\n  FS:  000000000124b300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000000000000000 CR3: 0000000028e31000 CR4: 00000000001526e0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   rmap_add arch/x86/kvm/mmu/mmu.c:965 [inline]\n   mmu_set_spte+0x862/0xe60 arch/x86/kvm/mmu/mmu.c:2604\n   __direct_map arch/x86/kvm/mmu/mmu.c:2862 [inline]\n   direct_page_fault+0x1f74/0x2b70 arch/x86/kvm/mmu/mmu.c:3769\n   kvm_mmu_do_page_fault arch/x86/kvm/mmu.h:124 [inline]\n   kvm_mmu_page_fault+0x199/0x1440 arch/x86/kvm/mmu/mmu.c:5065\n   vmx_handle_exit+0x26/0x160 arch/x86/kvm/vmx/vmx.c:6122\n   vcpu_enter_guest+0x3bdd/0x9630 arch/x86/kvm/x86.c:9428\n   vcpu_run+0x416/0xc20 arch/x86/kvm/x86.c:9494\n   kvm_arch_vcpu_ioctl_run+0x4e8/0xa40 arch/x86/kvm/x86.c:9722\n   kvm_vcpu_ioctl+0x70f/0xbb0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3460\n   vfs_ioctl fs/ioctl.c:51 [inline]\n   __do_sys_ioctl fs/ioctl.c:1069 [inline]\n   __se_sys_ioctl+0xfb/0x170 fs/ioctl.c:1055\n   do_syscall_64+0x3f/0xb0 arch/x86/entry/common.c:47\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  RIP: 0033:0x440ce9",
  "id": "GHSA-j8hx-6rxw-p4r9",
  "modified": "2024-07-03T18:42:42Z",
  "published": "2024-05-21T15:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47230"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/669a8866e468fd020d34eb00e08cb41d3774b71b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/78fcb2c91adfec8ce3a2ba6b4d0dda89f2f4a7c6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cbb425f62df9df7abee4b3f068f7ed6ffc3561e2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/df9a40cfb3be2cbeb1c17bb67c59251ba16630f3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J8PM-8JQG-VG5F

Vulnerability from github – Published: 2022-05-17 00:26 – Updated: 2025-04-20 03:46
VLAI
Details

cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder passed lengths.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-3164"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-18T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder passed lengths.",
  "id": "GHSA-j8pm-8jqg-vg5f",
  "modified": "2025-04-20T03:46:58Z",
  "published": "2022-05-17T00:26:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3164"
    },
    {
      "type": "WEB",
      "url": "https://android-review.googlesource.com/#/c/platform/frameworks/native/+/101104"
    },
    {
      "type": "WEB",
      "url": "https://android-review.googlesource.com/#/c/platform/frameworks/native/+/101104/1/cmds/servicemanager/service_manager.c"
    },
    {
      "type": "WEB",
      "url": "https://plzdonthack.me"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/android-x86/frameworks_native/ci/652c485467598240ecbb3a60516ad1140eddfab1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101506"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J8Q3-52JG-4Q93

Vulnerability from github – Published: 2025-09-22 21:30 – Updated: 2025-09-22 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

tpm: use try_get_ops() in tpm-space.c

As part of the series conversion to remove nested TPM operations:

https://lore.kernel.org/all/20190205224723.19671-1-jarkko.sakkinen@linux.intel.com/

exposure of the chip->tpm_mutex was removed from much of the upper level code. In this conversion, tpm2_del_space() was missed. This didn't matter much because it's usually called closely after a converted operation, so there's only a very tiny race window where the chip can be removed before the space flushing is done which causes a NULL deref on the mutex. However, there are reports of this window being hit in practice, so fix this by converting tpm2_del_space() to use tpm_try_get_ops(), which performs all the teardown checks before acquring the mutex.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49286"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: use try_get_ops() in tpm-space.c\n\nAs part of the series conversion to remove nested TPM operations:\n\nhttps://lore.kernel.org/all/20190205224723.19671-1-jarkko.sakkinen@linux.intel.com/\n\nexposure of the chip-\u003etpm_mutex was removed from much of the upper\nlevel code.  In this conversion, tpm2_del_space() was missed.  This\ndidn\u0027t matter much because it\u0027s usually called closely after a\nconverted operation, so there\u0027s only a very tiny race window where the\nchip can be removed before the space flushing is done which causes a\nNULL deref on the mutex.  However, there are reports of this window\nbeing hit in practice, so fix this by converting tpm2_del_space() to\nuse tpm_try_get_ops(), which performs all the teardown checks before\nacquring the mutex.",
  "id": "GHSA-j8q3-52jg-4q93",
  "modified": "2025-09-22T21:30:16Z",
  "published": "2025-09-22T21:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49286"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/476ddd23f818fb94cf86fb5617f3bb9a7c92113d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5b1d2561a03e534064b51c50c774657833d3d2cf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/95193d12f10a8a088843b25e0f5fe1d83ec6b079"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ba84f9a48366dcc3cdef978599433efe101dd5bd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eda1662cce964c8a65bb86321f8d9cfa6e9ceaab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fb5abce6b2bb5cb3d628aaa63fa821da8c4600f9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J8RW-3X8V-V327

Vulnerability from github – Published: 2025-04-01 18:30 – Updated: 2025-11-03 21:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: ucsi: Fix NULL pointer access

Resources should be released only after all threads that utilize them have been destroyed. This commit ensures that resources are not released prematurely by waiting for the associated workqueue to complete before deallocating them.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21918"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-01T16:15:22Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix NULL pointer access\n\nResources should be released only after all threads that utilize them\nhave been destroyed.\nThis commit ensures that resources are not released prematurely by waiting\nfor the associated workqueue to complete before deallocating them.",
  "id": "GHSA-j8rw-3x8v-v327",
  "modified": "2025-11-03T21:33:23Z",
  "published": "2025-04-01T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21918"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/079a3e52f3e751bb8f5937195bdf25c5d14fdff0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/46fba7be161bb89068958138ea64ec33c0b446d4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/592a0327d026a122e97e8e8bb7c60cbbe7697344"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7a735a8a46f6ebf898bbefd96659ca5da798bce0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b13abcb7ddd8d38de769486db5bd917537b32ab1"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J8WG-PGHX-WR4X

Vulnerability from github – Published: 2022-05-14 03:28 – Updated: 2022-05-14 03:28
VLAI
Details

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, SD 800, and SD 810, lack of validation of pointers passed by secure apps could lead to an untrusted pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-9221"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-18T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, SD 800, and SD 810, lack of validation of pointers passed by secure apps could lead to an untrusted pointer dereference.",
  "id": "GHSA-j8wg-pghx-wr4x",
  "modified": "2022-05-14T03:28:14Z",
  "published": "2022-05-14T03:28:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9221"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2018-04-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103671"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J92H-W8RG-JG65

Vulnerability from github – Published: 2025-01-22 00:33 – Updated: 2025-01-23 18:31
VLAI
Details

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP eNB Configuration Transfer packet missing its required Target eNB ID field.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-37031"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-21T23:15:10Z",
    "severity": "MODERATE"
  },
  "details": "A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma \u003c= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `eNB Configuration Transfer` packet missing its required `Target eNB ID` field.",
  "id": "GHSA-j92h-w8rg-jg65",
  "modified": "2025-01-23T18:31:18Z",
  "published": "2025-01-22T00:33:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37031"
    },
    {
      "type": "WEB",
      "url": "https://cellularsecurity.org/ransacked"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.