Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-JRQ9-R9FX-4557

Vulnerability from github – Published: 2022-06-25 00:00 – Updated: 2025-11-03 21:30
VLAI
Details

OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2121"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-24T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.",
  "id": "GHSA-jrq9-r9fx-4557",
  "modified": "2025-11-03T21:30:41Z",
  "published": "2022-06-25T00:00:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2121"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JRR2-J77F-QHR2

Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2023-03-03 15:30
VLAI
Details

An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-15216"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-19T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.",
  "id": "GHSA-jrr2-j77f-qhr2",
  "modified": "2023-03-03T15:30:24Z",
  "published": "2022-05-24T16:53:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15216"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.14"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef61eb43ada6c1d6b94668f0f514e4c268093ff3"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190905-0002"
    },
    {
      "type": "WEB",
      "url": "https://syzkaller.appspot.com/bug?id=f0b1f2952022c75394c0eef2afeb17af90f9227e"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4115-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4118-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/08/20/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/08/22/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/08/22/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/08/22/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/08/22/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JRV5-9RMQ-5RV5

Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2023-03-03 21:30
VLAI
Details

drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-15098"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-16T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.",
  "id": "GHSA-jrv5-9rmq-5rv5",
  "modified": "2023-03-03T21:30:19Z",
  "published": "2022-05-24T16:53:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15098"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike@gmail.com/T/#u"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Nov/11"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190905-0002"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K61214359"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp;utm_medium=RSS"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4184-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4185-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4186-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4186-2"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/09/27/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/09/27/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/09/27/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JRWF-HWQ3-2J8J

Vulnerability from github – Published: 2022-05-17 01:22 – Updated: 2025-04-20 03:43
VLAI
Details

ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-7516"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-24T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).",
  "id": "GHSA-jrwf-hwq3-2j8j",
  "modified": "2025-04-20T03:43:50Z",
  "published": "2022-05-17T01:22:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7516"
    },
    {
      "type": "WEB",
      "url": "https://gerrit.onosproject.org/#/c/6137"
    },
    {
      "type": "WEB",
      "url": "https://jira.onosproject.org/browse/ONOS-3349"
    },
    {
      "type": "WEB",
      "url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/11/26/1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/77752"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JV32-9255-R9C9

Vulnerability from github – Published: 2025-09-23 06:30 – Updated: 2025-12-11 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

tracing/osnoise: Fix null-ptr-deref in bitmap_parselist()

A crash was observed with the following output:

BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 2 UID: 0 PID: 92 Comm: osnoise_cpus Not tainted 6.17.0-rc4-00201-gd69eb204c255 #138 PREEMPT(voluntary) RIP: 0010:bitmap_parselist+0x53/0x3e0 Call Trace: osnoise_cpus_write+0x7a/0x190 vfs_write+0xf8/0x410 ? do_sys_openat2+0x88/0xd0 ksys_write+0x60/0xd0 do_syscall_64+0xa4/0x260 entry_SYSCALL_64_after_hwframe+0x77/0x7f

This issue can be reproduced by below code:

fd=open("/sys/kernel/debug/tracing/osnoise/cpus", O_WRONLY); write(fd, "0-2", 0);

When user pass 'count=0' to osnoise_cpus_write(), kmalloc() will return ZERO_SIZE_PTR (16) and cpulist_parse() treat it as a normal value, which trigger the null pointer dereference. Add check for the parameter 'count'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-39887"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-23T06:15:48Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix null-ptr-deref in bitmap_parselist()\n\nA crash was observed with the following output:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000010\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 2 UID: 0 PID: 92 Comm: osnoise_cpus Not tainted 6.17.0-rc4-00201-gd69eb204c255 #138 PREEMPT(voluntary)\nRIP: 0010:bitmap_parselist+0x53/0x3e0\nCall Trace:\n \u003cTASK\u003e\n osnoise_cpus_write+0x7a/0x190\n vfs_write+0xf8/0x410\n ? do_sys_openat2+0x88/0xd0\n ksys_write+0x60/0xd0\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nThis issue can be reproduced by below code:\n\nfd=open(\"/sys/kernel/debug/tracing/osnoise/cpus\", O_WRONLY);\nwrite(fd, \"0-2\", 0);\n\nWhen user pass \u0027count=0\u0027 to osnoise_cpus_write(), kmalloc() will return\nZERO_SIZE_PTR (16) and cpulist_parse() treat it as a normal value, which\ntrigger the null pointer dereference. Add check for the parameter \u0027count\u0027.",
  "id": "GHSA-jv32-9255-r9c9",
  "modified": "2025-12-11T21:31:26Z",
  "published": "2025-09-23T06:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39887"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c1628c00c4351dd0727ef7f670694f68d9e663d8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e33228a2cc7ff706ca88533464e8a3b525b961ed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JV33-3P84-W32X

Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28
VLAI
Details

Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-15937"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-12T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-jv33-3p84-w32x",
  "modified": "2022-05-13T01:28:06Z",
  "published": "2022-05-13T01:28:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15937"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
    },
    {
      "type": "WEB",
      "url": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105442"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041809"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JV3G-6PG3-V9J8

Vulnerability from github – Published: 2024-05-06 21:30 – Updated: 2026-05-12 12:31
VLAI
Details

nscd: Null pointer crashes after notfound response

If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-33600"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-06T20:15:11Z",
    "severity": "MODERATE"
  },
  "details": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference.  This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.",
  "id": "GHSA-jv3g-6pg3-v9j8",
  "modified": "2026-05-12T12:31:45Z",
  "published": "2024-05-06T21:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33600"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240524-0013"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JV3P-XR22-V88X

Vulnerability from github – Published: 2025-02-19 00:31 – Updated: 2025-02-20 21:30
VLAI
Details

FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-25471"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-18T23:15:10Z",
    "severity": "MODERATE"
  },
  "details": "FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.",
  "id": "GHSA-jv3p-xr22-v88x",
  "modified": "2025-02-20T21:30:51Z",
  "published": "2025-02-19T00:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25471"
    },
    {
      "type": "WEB",
      "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/fd1772b7475d0d5673a5dd314ee78443d0be4cf1"
    },
    {
      "type": "WEB",
      "url": "https://trac.ffmpeg.org/ticket/11417"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JV3R-47PW-5225

Vulnerability from github – Published: 2025-04-16 15:34 – Updated: 2025-11-03 21:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: streamzap: fix race between device disconnection and urb callback

Syzkaller has reported a general protection fault at function ir_raw_event_store_with_filter(). This crash is caused by a NULL pointer dereference of dev->raw pointer, even though it is checked for NULL in the same function, which means there is a race condition. It occurs due to the incorrect order of actions in the streamzap_disconnect() function: rc_unregister_device() is called before usb_kill_urb(). The dev->raw pointer is freed and set to NULL in rc_unregister_device(), and only after that usb_kill_urb() waits for in-progress requests to finish.

If rc_unregister_device() is called while streamzap_callback() handler is not finished, this can lead to accessing freed resources. Thus rc_unregister_device() should be called after usb_kill_urb().

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-22027"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-16T15:15:55Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: streamzap: fix race between device disconnection and urb callback\n\nSyzkaller has reported a general protection fault at function\nir_raw_event_store_with_filter(). This crash is caused by a NULL pointer\ndereference of dev-\u003eraw pointer, even though it is checked for NULL in\nthe same function, which means there is a race condition. It occurs due\nto the incorrect order of actions in the streamzap_disconnect() function:\nrc_unregister_device() is called before usb_kill_urb(). The dev-\u003eraw\npointer is freed and set to NULL in rc_unregister_device(), and only\nafter that usb_kill_urb() waits for in-progress requests to finish.\n\nIf rc_unregister_device() is called while streamzap_callback() handler is\nnot finished, this can lead to accessing freed resources. Thus\nrc_unregister_device() should be called after usb_kill_urb().\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
  "id": "GHSA-jv3r-47pw-5225",
  "modified": "2025-11-03T21:33:34Z",
  "published": "2025-04-16T15:34:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22027"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/15483afb930fc2f883702dc96f80efbe4055235e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/30ef7cfee752ca318d5902cb67b60d9797ccd378"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4db62b60af2ccdea6ac5452fd20e29587ed85f57"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8760da4b9d44c36b93b6e4cf401ec7fe520015bd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/adf0ddb914c9e5b3e50da4c97959e82de2df75c3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e11652a6514ec805440c1bb3739e6c6236fffcc7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f1d518c0bad01abe83c2df880274cb6a39f4a457"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f656cfbc7a293a039d6a0c7100e1c846845148c1"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JV48-QX8C-4X4F

Vulnerability from github – Published: 2024-07-30 09:32 – Updated: 2024-12-11 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

virtio-pci: Check if is_avq is NULL

[bug] In the virtio_pci_common.c function vp_del_vqs, vp_dev->is_avq is involved to determine whether it is admin virtqueue, but this function vp_dev->is_avq may be empty. For installations, virtio_pci_legacy does not assign a value to vp_dev->is_avq.

[fix] Check whether it is vp_dev->is_avq before use.

[test] Test with virsh Attach device Before this patch, the following command would crash the guest system

After applying the patch, everything seems to be working fine.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42134"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-30T08:15:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-pci: Check if is_avq is NULL\n\n[bug]\nIn the virtio_pci_common.c function vp_del_vqs, vp_dev-\u003eis_avq is involved\nto determine whether it is admin virtqueue, but this function vp_dev-\u003eis_avq\n may be empty. For installations, virtio_pci_legacy does not assign a value\n to vp_dev-\u003eis_avq.\n\n[fix]\nCheck whether it is vp_dev-\u003eis_avq before use.\n\n[test]\nTest with virsh Attach device\nBefore this patch, the following command would crash the guest system\n\nAfter applying the patch, everything seems to be working fine.",
  "id": "GHSA-jv48-qx8c-4x4f",
  "modified": "2024-12-11T18:30:36Z",
  "published": "2024-07-30T09:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42134"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5e2024b0b9b3d5709e3f7e9b92951d7e29154106"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c8fae27d141a32a1624d0d0d5419d94252824498"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.