Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-M7V2-W8FJ-6F24

Vulnerability from github – Published: 2024-04-10 21:30 – Updated: 2024-12-20 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: musb: tusb6010: check return value after calling platform_get_resource()

It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47181"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-10T19:15:47Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: musb: tusb6010: check return value after calling platform_get_resource()\n\nIt will cause null-ptr-deref if platform_get_resource() returns NULL,\nwe need check the return value.",
  "id": "GHSA-m7v2-w8fj-6f24",
  "modified": "2024-12-20T15:30:44Z",
  "published": "2024-04-10T21:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47181"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/06cfb4cb2241e704d72e3045cf4d7dfb567fbce0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/14651496a3de6807a17c310f63c894ea0c5d858e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1ba7605856e05fa991d4654ac69e5ace66c767b9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/28be095eb612a489705d38c210afaf1103c5f4f8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3ee15f1af17407be381bcf06a78fa60b471242dd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/679eee466d0f9ffa60a2b0c6ec19be5128927f04"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b3f43659eb0b9af2e6ef18a8d829374610b19e7a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f87a79c04a33ab4e5be598c7b0867e6ef193d702"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M7WR-Q7CM-56RH

Vulnerability from github – Published: 2024-04-10 21:30 – Updated: 2025-11-03 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Fix link down processing to address NULL pointer dereference

If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requests may result in a NULL pointer dereference. Driver unload requests may hang with repeated "2878" log messages.

The Link down processing results in ABTS requests for outstanding ELS requests. The Abort WQEs are sent for the ELSs before the driver had set the link state to down. Thus the driver is sending the Abort with the expectation that an ABTS will be sent on the wire. The Abort request is stalled waiting for the link to come up. In some conditions the driver may auto-complete the ELSs thus if the link does come up, the Abort completions may reference an invalid structure.

Fix by ensuring that Abort set the flag to avoid link traffic if issued due to conditions where the link failed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47183"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-10T19:15:47Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix link down processing to address NULL pointer dereference\n\nIf an FC link down transition while PLOGIs are outstanding to fabric well\nknown addresses, outstanding ABTS requests may result in a NULL pointer\ndereference. Driver unload requests may hang with repeated \"2878\" log\nmessages.\n\nThe Link down processing results in ABTS requests for outstanding ELS\nrequests. The Abort WQEs are sent for the ELSs before the driver had set\nthe link state to down. Thus the driver is sending the Abort with the\nexpectation that an ABTS will be sent on the wire. The Abort request is\nstalled waiting for the link to come up. In some conditions the driver may\nauto-complete the ELSs thus if the link does come up, the Abort completions\nmay reference an invalid structure.\n\nFix by ensuring that Abort set the flag to avoid link traffic if issued due\nto conditions where the link failed.",
  "id": "GHSA-m7wr-q7cm-56rh",
  "modified": "2025-11-03T18:31:14Z",
  "published": "2024-04-10T21:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47183"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/04c1af683270e4709a594bb1691b8800b945035a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1854f53ccd88ad4e7568ddfafafffe71f1ceb0a6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/28de48a7cea495ab48082d9ff4ef63f7cb4e563a"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M849-GVP2-QMMR

Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: unset the binding mark of a reused connection

Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding session, conn->binding can still remain true and generate_preauth_hash() will not set sess->Preauth_HashValue and it will be NULL. It is used as a material to create an encryption key in ksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer dereference error from crypto_shash_update().

BUG: kernel NULL pointer dereference, address: 0000000000000000

PF: supervisor read access in kernel mode

PF: error_code(0x0000) - not-present page

PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 8 PID: 429254 Comm: kworker/8:39 Hardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 ) Workqueue: ksmbd-io handle_ksmbd_work [ksmbd] RIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? do_user_addr_fault+0x2ee/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] _sha256_update+0x77/0xa0 [sha256_ssse3] sha256_avx2_update+0x15/0x30 [sha256_ssse3] crypto_shash_update+0x1e/0x40 hmac_update+0x12/0x20 crypto_shash_update+0x1e/0x40 generate_key+0x234/0x380 [ksmbd] generate_smb3encryptionkey+0x40/0x1c0 [ksmbd] ksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd] ntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd] smb2_sess_setup+0x952/0xaa0 [ksmbd] __process_request+0xa3/0x1d0 [ksmbd] __handle_ksmbd_work+0x1c4/0x2f0 [ksmbd] handle_ksmbd_work+0x2d/0xa0 [ksmbd] process_one_work+0x16c/0x350 worker_thread+0x306/0x440 ? __pfx_worker_thread+0x10/0x10 kthread+0xef/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x44/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-46795"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-18T08:15:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: unset the binding mark of a reused connection\n\nSteve French reported null pointer dereference error from sha256 lib.\ncifs.ko can send session setup requests on reused connection.\nIf reused connection is used for binding session, conn-\u003ebinding can\nstill remain true and generate_preauth_hash() will not set\nsess-\u003ePreauth_HashValue and it will be NULL.\nIt is used as a material to create an encryption key in\nksmbd_gen_smb311_encryptionkey. -\u003ePreauth_HashValue cause null pointer\ndereference error from crypto_shash_update().\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 8 PID: 429254 Comm: kworker/8:39\nHardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 )\nWorkqueue: ksmbd-io handle_ksmbd_work [ksmbd]\nRIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n\u003cTASK\u003e\n? show_regs+0x6d/0x80\n? __die+0x24/0x80\n? page_fault_oops+0x99/0x1b0\n? do_user_addr_fault+0x2ee/0x6b0\n? exc_page_fault+0x83/0x1b0\n? asm_exc_page_fault+0x27/0x30\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n_sha256_update+0x77/0xa0 [sha256_ssse3]\nsha256_avx2_update+0x15/0x30 [sha256_ssse3]\ncrypto_shash_update+0x1e/0x40\nhmac_update+0x12/0x20\ncrypto_shash_update+0x1e/0x40\ngenerate_key+0x234/0x380 [ksmbd]\ngenerate_smb3encryptionkey+0x40/0x1c0 [ksmbd]\nksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd]\nntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd]\nsmb2_sess_setup+0x952/0xaa0 [ksmbd]\n__process_request+0xa3/0x1d0 [ksmbd]\n__handle_ksmbd_work+0x1c4/0x2f0 [ksmbd]\nhandle_ksmbd_work+0x2d/0xa0 [ksmbd]\nprocess_one_work+0x16c/0x350\nworker_thread+0x306/0x440\n? __pfx_worker_thread+0x10/0x10\nkthread+0xef/0x120\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x44/0x70\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1b/0x30\n\u003c/TASK\u003e",
  "id": "GHSA-m849-gvp2-qmmr",
  "modified": "2025-11-04T00:31:29Z",
  "published": "2024-09-18T09:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46795"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4c8496f44f5bb5c06cdef5eb130ab259643392a1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/78c5a6f1f630172b19af4912e755e1da93ef0ab5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9914f1bd61d5e838bb1ab15a71076d37a6db65d1"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M84F-8362-3V3C

Vulnerability from github – Published: 2022-05-14 01:21 – Updated: 2022-05-14 01:21
VLAI
Details

The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability".

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-0833"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-15T02:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka \"SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability\".",
  "id": "GHSA-m84f-8362-3v3c",
  "modified": "2022-05-14T01:21:35Z",
  "published": "2022-05-14T01:21:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0833"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KINGSABRI/CVE-in-Ruby/tree/master/CVE-2018-0833"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0833"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/44189"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102924"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040375"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M84Q-M2JG-26H3

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-03 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle

KASAN reported a null-ptr-deref error:

KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 1373 Comm: modprobe Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:dmi_sysfs_entry_release ... Call Trace: kobject_put dmi_sysfs_register_handle (drivers/firmware/dmi-sysfs.c:540) dmi_sysfs dmi_decode_table (drivers/firmware/dmi_scan.c:133) dmi_walk (drivers/firmware/dmi_scan.c:1115) dmi_sysfs_init (drivers/firmware/dmi-sysfs.c:149) dmi_sysfs do_one_initcall (init/main.c:1296) ... Kernel panic - not syncing: Fatal exception Kernel Offset: 0x4000000 from 0xffffffff81000000 ---[ end Kernel panic - not syncing: Fatal exception ]---

It is because previous patch added kobject_put() to release the memory which will call dmi_sysfs_entry_release() and list_del().

However, list_add_tail(entry->list) is called after the error block, so the list_head is uninitialized and cannot be deleted.

Move error handling to after list_add_tail to fix this.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53250"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:52Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle\n\nKASAN reported a null-ptr-deref error:\n\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 1373 Comm: modprobe\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nRIP: 0010:dmi_sysfs_entry_release\n...\nCall Trace:\n \u003cTASK\u003e\n kobject_put\n dmi_sysfs_register_handle (drivers/firmware/dmi-sysfs.c:540) dmi_sysfs\n dmi_decode_table (drivers/firmware/dmi_scan.c:133)\n dmi_walk (drivers/firmware/dmi_scan.c:1115)\n dmi_sysfs_init (drivers/firmware/dmi-sysfs.c:149) dmi_sysfs\n do_one_initcall (init/main.c:1296)\n ...\nKernel panic - not syncing: Fatal exception\nKernel Offset: 0x4000000 from 0xffffffff81000000\n---[ end Kernel panic - not syncing: Fatal exception ]---\n\nIt is because previous patch added kobject_put() to release the memory\nwhich will call  dmi_sysfs_entry_release() and list_del().\n\nHowever, list_add_tail(entry-\u003elist) is called after the error block,\nso the list_head is uninitialized and cannot be deleted.\n\nMove error handling to after list_add_tail to fix this.",
  "id": "GHSA-m84q-m2jg-26h3",
  "modified": "2025-12-03T18:30:20Z",
  "published": "2025-09-15T15:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53250"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/18e126e97c961f7a93823795c879d7c085fe5098"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5d0492d1d934642bdfd2057acc1b56f4b57be465"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b4fe158259fb5fead52ff2b55841ec5c39492604"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e851996b32264e78a10863c2ac41a8689d7b9252"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M87G-MX4M-WGVW

Vulnerability from github – Published: 2023-03-10 03:30 – Updated: 2023-03-15 18:30
VLAI
Details

radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-27114"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-10T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c.",
  "id": "GHSA-m87g-mx4m-wgvw",
  "modified": "2023-03-15T18:30:29Z",
  "published": "2023-03-10T03:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27114"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radareorg/radare2/issues/21363"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radareorg/radare2/commit/13308c9aad79f9c7a3507ce549fe270103e8ceea"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M88M-RRVF-8RWP

Vulnerability from github – Published: 2026-02-06 09:30 – Updated: 2026-02-06 09:30
VLAI
Details

Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-24918"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-06T09:15:50Z",
    "severity": "MODERATE"
  },
  "details": "Address read vulnerability in the communication module.\nImpact: Successful exploitation of this vulnerability may affect availability.",
  "id": "GHSA-m88m-rrvf-8rwp",
  "modified": "2026-02-06T09:30:29Z",
  "published": "2026-02-06T09:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24918"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2026/2"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/2"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletinvision/2026/2"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M89V-F6FX-4VC4

Vulnerability from github – Published: 2023-09-08 03:30 – Updated: 2024-04-04 07:33
VLAI
Details

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-37368"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-08T03:15:08Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet.",
  "id": "GHSA-m89v-f6fx-4vc4",
  "modified": "2024-04-04T07:33:50Z",
  "published": "2023-09-08T03:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37368"
    },
    {
      "type": "WEB",
      "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M89V-JRP4-5Q36

Vulnerability from github – Published: 2025-08-19 18:31 – Updated: 2026-01-08 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

benet: fix BUG when creating VFs

benet crashes as soon as SRIOV VFs are created:

kernel BUG at mm/vmalloc.c:3457! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: loaded Not tainted 6.16.0+ #1 PREEMPT(voluntary) [...] RIP: 0010:vunmap+0x5f/0x70 [...] Call Trace: __iommu_dma_free+0xe8/0x1c0 be_cmd_set_mac_list+0x3fe/0x640 [be2net] be_cmd_set_mac+0xaf/0x110 [be2net] be_vf_eth_addr_config+0x19f/0x330 [be2net] be_vf_setup+0x4f7/0x990 [be2net] be_pci_sriov_configure+0x3a1/0x470 [be2net] sriov_numvfs_store+0x20b/0x380 kernfs_fop_write_iter+0x354/0x530 vfs_write+0x9b9/0xf60 ksys_write+0xf3/0x1d0 do_syscall_64+0x8c/0x3d0

be_cmd_set_mac_list() calls dma_free_coherent() under a spin_lock_bh. Fix it by freeing only after the lock has been released.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38569"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-19T17:15:33Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbenet: fix BUG when creating VFs\n\nbenet crashes as soon as SRIOV VFs are created:\n\n kernel BUG at mm/vmalloc.c:3457!\n Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\n CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: loaded Not tainted 6.16.0+ #1 PREEMPT(voluntary)\n [...]\n RIP: 0010:vunmap+0x5f/0x70\n [...]\n Call Trace:\n  \u003cTASK\u003e\n  __iommu_dma_free+0xe8/0x1c0\n  be_cmd_set_mac_list+0x3fe/0x640 [be2net]\n  be_cmd_set_mac+0xaf/0x110 [be2net]\n  be_vf_eth_addr_config+0x19f/0x330 [be2net]\n  be_vf_setup+0x4f7/0x990 [be2net]\n  be_pci_sriov_configure+0x3a1/0x470 [be2net]\n  sriov_numvfs_store+0x20b/0x380\n  kernfs_fop_write_iter+0x354/0x530\n  vfs_write+0x9b9/0xf60\n  ksys_write+0xf3/0x1d0\n  do_syscall_64+0x8c/0x3d0\n\nbe_cmd_set_mac_list() calls dma_free_coherent() under a spin_lock_bh.\nFix it by freeing only after the lock has been released.",
  "id": "GHSA-m89v-jrp4-5q36",
  "modified": "2026-01-08T21:30:28Z",
  "published": "2025-08-19T18:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38569"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0ddfe8b127ef1149fddccb79db6e6eaba7738e7d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3697e37e012bbd2bb5a5b467689811ba097b2eff"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/46d44a23a3723a89deeb65b13cddb17f8d9f2700"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a40f8af2ba1b9bdf46e2db10e8c9710538fbc63"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/975e73b9102d844a3dc3f091ad631c56145c8b4c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c377ba2be9430d165a98e4b782902ed630bc7546"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d5dc09ee5d74277bc47193fe28ce8703e229331b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f4e4e0c4bc4d799d6fa39055acdbc3af066cd13e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f80b34ebc579216407b128e9d155bfcae875c30f"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M8C4-28P9-4W47

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-06-29 00:00
VLAI
Details

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-20252"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-13T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).",
  "id": "GHSA-m8c4-28p9-4w47",
  "modified": "2022-06-29T00:00:30Z",
  "published": "2022-05-24T19:07:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20252"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20252/README.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.