CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
GHSA-MX7W-69F4-MG2Q
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-05-07 15:31In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Fix null-ptr-deref in ib_core_cleanup()
KASAN reported a null-ptr-deref error:
KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] CPU: 1 PID: 379 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:destroy_workqueue+0x2f/0x740 RSP: 0018:ffff888016137df8 EFLAGS: 00000202 ... Call Trace: ib_core_cleanup+0xa/0xa1 [ib_core] __do_sys_delete_module.constprop.0+0x34f/0x5b0 do_syscall_64+0x3a/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fa1a0d221b7 ...
It is because the fail of roce_gid_mgmt_init() is ignored:
ib_core_init() roce_gid_mgmt_init() gid_cache_wq = alloc_ordered_workqueue # fail ... ib_core_cleanup() roce_gid_mgmt_cleanup() destroy_workqueue(gid_cache_wq) # destroy an unallocated wq
Fix this by catching the fail of roce_gid_mgmt_init() in ib_core_init().
{
"affected": [],
"aliases": [
"CVE-2022-49925"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T15:16:18Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Fix null-ptr-deref in ib_core_cleanup()\n\nKASAN reported a null-ptr-deref error:\n\n KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\n CPU: 1 PID: 379\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n RIP: 0010:destroy_workqueue+0x2f/0x740\n RSP: 0018:ffff888016137df8 EFLAGS: 00000202\n ...\n Call Trace:\n ib_core_cleanup+0xa/0xa1 [ib_core]\n __do_sys_delete_module.constprop.0+0x34f/0x5b0\n do_syscall_64+0x3a/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x7fa1a0d221b7\n ...\n\nIt is because the fail of roce_gid_mgmt_init() is ignored:\n\n ib_core_init()\n roce_gid_mgmt_init()\n gid_cache_wq = alloc_ordered_workqueue # fail\n ...\n ib_core_cleanup()\n roce_gid_mgmt_cleanup()\n destroy_workqueue(gid_cache_wq)\n # destroy an unallocated wq\n\nFix this by catching the fail of roce_gid_mgmt_init() in ib_core_init().",
"id": "GHSA-mx7w-69f4-mg2q",
"modified": "2025-05-07T15:31:27Z",
"published": "2025-05-01T15:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49925"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/07c0d131cc0fe1f3981a42958fc52d573d303d89"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6b3d5dcb12347f3518308c2c9d2cf72453a3e1e5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ab817f75e5e0fa58d9be0825da6a7b7d8a1fa1d9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/af8fb5a0600e9ae29950e9422a032c3c22649ee5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d360e875c011a005628525bf290322058927e7dc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MX8G-QC6M-WCMF
Vulnerability from github – Published: 2026-02-18 15:31 – Updated: 2026-03-18 18:31In the Linux kernel, the following vulnerability has been resolved:
gpio: loongson-64bit: Fix incorrect NULL check after devm_kcalloc()
Fix incorrect NULL check in loongson_gpio_init_irqchip(). The function checks chip->parent instead of chip->irq.parents.
{
"affected": [],
"aliases": [
"CVE-2026-23218"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-18T15:18:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: loongson-64bit: Fix incorrect NULL check after devm_kcalloc()\n\nFix incorrect NULL check in loongson_gpio_init_irqchip().\nThe function checks chip-\u003eparent instead of chip-\u003eirq.parents.",
"id": "GHSA-mx8g-qc6m-wcmf",
"modified": "2026-03-18T18:31:12Z",
"published": "2026-02-18T15:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23218"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e34f77b09080c86c929153e2a72da26b4f8947ff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e71e3fa90a15134113f61343392e887cd1f4bf7c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MX9M-W3W5-W7Q4
Vulnerability from github – Published: 2024-03-25 09:32 – Updated: 2024-12-12 18:30In the Linux kernel, the following vulnerability has been resolved:
net: fujitsu: fix potential null-ptr-deref
In fmvj18x_get_hwinfo(), if ioremap fails there will be NULL pointer deref. To fix this, check the return value of ioremap and return -1 to the caller in case of failure.
{
"affected": [],
"aliases": [
"CVE-2021-47149"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-25T09:15:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fujitsu: fix potential null-ptr-deref\n\nIn fmvj18x_get_hwinfo(), if ioremap fails there will be NULL pointer\nderef. To fix this, check the return value of ioremap and return -1\nto the caller in case of failure.",
"id": "GHSA-mx9m-w3w5-w7q4",
"modified": "2024-12-12T18:30:51Z",
"published": "2024-03-25T09:32:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47149"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/22049c3d40f08facd1867548716a484dad6b3251"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/52202be1cd996cde6e8969a128dc27ee45a7cb5e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6dbf1101594f7c76990b63c35b5a40205a914b6b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/71723a796ab7881f491d663c6cd94b29be5fba50"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7883d3895d0fbb0ba9bff0f8665f99974b45210f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b92170e209f7746ed72eaac98f2c2f4b9af734e6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c4f1c23edbe921ab2ecd6140d700e756cd44c5f7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f14bf57a08779a5dee9936f63ada0149ea89c5e6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MXPQ-5WM8-VG9V
Vulnerability from github – Published: 2024-02-22 18:30 – Updated: 2024-03-18 21:31In the Linux kernel, the following vulnerability has been resolved:
perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology()
Get logical socket id instead of physical id in discover_upi_topology() to avoid out-of-bound access on 'upi = &type->topology[nid][idx];' line that leads to NULL pointer dereference in upi_fill_topology()
{
"affected": [],
"aliases": [
"CVE-2023-52450"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-22T17:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology()\n\nGet logical socket id instead of physical id in discover_upi_topology()\nto avoid out-of-bound access on \u0027upi = \u0026type-\u003etopology[nid][idx];\u0027 line\nthat leads to NULL pointer dereference in upi_fill_topology()",
"id": "GHSA-mxpq-5wm8-vg9v",
"modified": "2024-03-18T21:31:19Z",
"published": "2024-02-22T18:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52450"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1692cf434ba13ee212495b5af795b6a07e986ce4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3d6f4a78b104c65e4256c3776c9949f49a1b459e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bf1bf09e6b599758851457f3999779622a48d015"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MXQG-3QG8-9QFJ
Vulnerability from github – Published: 2024-03-03 00:30 – Updated: 2024-12-11 18:30In the Linux kernel, the following vulnerability has been resolved:
x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race
The SGX EPC reclaimer (ksgxd) may reclaim the SECS EPC page for an enclave and set secs.epc_page to NULL. The SECS page is used for EAUG and ELDU in the SGX page fault handler. However, the NULL check for secs.epc_page is only done for ELDU, not EAUG before being used.
Fix this by doing the same NULL check and reloading of the SECS page as needed for both EAUG and ELDU.
The SECS page holds global enclave metadata. It can only be reclaimed when there are no other enclave pages remaining. At that point, virtually nothing can be done with the enclave until the SECS page is paged back in.
An enclave can not run nor generate page faults without a resident SECS page. But it is still possible for a #PF for a non-SECS page to race with paging out the SECS page: when the last resident non-SECS page A triggers a #PF in a non-resident page B, and then page A and the SECS both are paged out before the #PF on B is handled.
Hitting this bug requires that race triggered with a #PF for EAUG. Following is a trace when it happens.
BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: 0010:sgx_encl_eaug_page+0xc7/0x210 Call Trace: ? __kmem_cache_alloc_node+0x16a/0x440 ? xa_load+0x6e/0xa0 sgx_vma_fault+0x119/0x230 __do_fault+0x36/0x140 do_fault+0x12f/0x400 __handle_mm_fault+0x728/0x1110 handle_mm_fault+0x105/0x310 do_user_addr_fault+0x1ee/0x750 ? __this_cpu_preempt_check+0x13/0x20 exc_page_fault+0x76/0x180 asm_exc_page_fault+0x27/0x30
{
"affected": [],
"aliases": [
"CVE-2023-52568"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-02T22:15:49Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sgx: Resolves SECS reclaim vs. page fault for EAUG race\n\nThe SGX EPC reclaimer (ksgxd) may reclaim the SECS EPC page for an\nenclave and set secs.epc_page to NULL. The SECS page is used for EAUG\nand ELDU in the SGX page fault handler. However, the NULL check for\nsecs.epc_page is only done for ELDU, not EAUG before being used.\n\nFix this by doing the same NULL check and reloading of the SECS page as\nneeded for both EAUG and ELDU.\n\nThe SECS page holds global enclave metadata. It can only be reclaimed\nwhen there are no other enclave pages remaining. At that point,\nvirtually nothing can be done with the enclave until the SECS page is\npaged back in.\n\nAn enclave can not run nor generate page faults without a resident SECS\npage. But it is still possible for a #PF for a non-SECS page to race\nwith paging out the SECS page: when the last resident non-SECS page A\ntriggers a #PF in a non-resident page B, and then page A and the SECS\nboth are paged out before the #PF on B is handled.\n\nHitting this bug requires that race triggered with a #PF for EAUG.\nFollowing is a trace when it happens.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nRIP: 0010:sgx_encl_eaug_page+0xc7/0x210\nCall Trace:\n ? __kmem_cache_alloc_node+0x16a/0x440\n ? xa_load+0x6e/0xa0\n sgx_vma_fault+0x119/0x230\n __do_fault+0x36/0x140\n do_fault+0x12f/0x400\n __handle_mm_fault+0x728/0x1110\n handle_mm_fault+0x105/0x310\n do_user_addr_fault+0x1ee/0x750\n ? __this_cpu_preempt_check+0x13/0x20\n exc_page_fault+0x76/0x180\n asm_exc_page_fault+0x27/0x30",
"id": "GHSA-mxqg-3qg8-9qfj",
"modified": "2024-12-11T18:30:36Z",
"published": "2024-03-03T00:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52568"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1348f7f15d7c7798456856bee74a4235c2da994e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/811ba2ef0cb6402672e64ba1419d6ef95aa3405d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c6c2adcba50c2622ed25ba5d5e7f05f584711358"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MXQP-9XFW-66GP
Vulnerability from github – Published: 2025-07-03 09:30 – Updated: 2025-12-18 18:30In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to do sanity check on sbi->total_valid_block_count
syzbot reported a f2fs bug as below:
------------[ cut here ]------------ kernel BUG at fs/f2fs/f2fs.h:2521! RIP: 0010:dec_valid_block_count+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521 Call Trace: f2fs_truncate_data_blocks_range+0xc8c/0x11a0 fs/f2fs/file.c:695 truncate_dnode+0x417/0x740 fs/f2fs/node.c:973 truncate_nodes+0x3ec/0xf50 fs/f2fs/node.c:1014 f2fs_truncate_inode_blocks+0x8e3/0x1370 fs/f2fs/node.c:1197 f2fs_do_truncate_blocks+0x840/0x12b0 fs/f2fs/file.c:810 f2fs_truncate_blocks+0x10d/0x300 fs/f2fs/file.c:838 f2fs_truncate+0x417/0x720 fs/f2fs/file.c:888 f2fs_setattr+0xc4f/0x12f0 fs/f2fs/file.c:1112 notify_change+0xbca/0xe90 fs/attr.c:552 do_truncate+0x222/0x310 fs/open.c:65 handle_truncate fs/namei.c:3466 [inline] do_open fs/namei.c:3849 [inline] path_openat+0x2e4f/0x35d0 fs/namei.c:4004 do_filp_open+0x284/0x4e0 fs/namei.c:4031 do_sys_openat2+0x12b/0x1d0 fs/open.c:1429 do_sys_open fs/open.c:1444 [inline] __do_sys_creat fs/open.c:1522 [inline] __se_sys_creat fs/open.c:1516 [inline] __x64_sys_creat+0x124/0x170 fs/open.c:1516 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
The reason is: in fuzzed image, sbi->total_valid_block_count is inconsistent w/ mapped blocks indexed by inode, so, we should not trigger panic for such case, instead, let's print log and set fsck flag.
{
"affected": [],
"aliases": [
"CVE-2025-38163"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-03T09:15:31Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on sbi-\u003etotal_valid_block_count\n\nsyzbot reported a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/f2fs.h:2521!\nRIP: 0010:dec_valid_block_count+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521\nCall Trace:\n f2fs_truncate_data_blocks_range+0xc8c/0x11a0 fs/f2fs/file.c:695\n truncate_dnode+0x417/0x740 fs/f2fs/node.c:973\n truncate_nodes+0x3ec/0xf50 fs/f2fs/node.c:1014\n f2fs_truncate_inode_blocks+0x8e3/0x1370 fs/f2fs/node.c:1197\n f2fs_do_truncate_blocks+0x840/0x12b0 fs/f2fs/file.c:810\n f2fs_truncate_blocks+0x10d/0x300 fs/f2fs/file.c:838\n f2fs_truncate+0x417/0x720 fs/f2fs/file.c:888\n f2fs_setattr+0xc4f/0x12f0 fs/f2fs/file.c:1112\n notify_change+0xbca/0xe90 fs/attr.c:552\n do_truncate+0x222/0x310 fs/open.c:65\n handle_truncate fs/namei.c:3466 [inline]\n do_open fs/namei.c:3849 [inline]\n path_openat+0x2e4f/0x35d0 fs/namei.c:4004\n do_filp_open+0x284/0x4e0 fs/namei.c:4031\n do_sys_openat2+0x12b/0x1d0 fs/open.c:1429\n do_sys_open fs/open.c:1444 [inline]\n __do_sys_creat fs/open.c:1522 [inline]\n __se_sys_creat fs/open.c:1516 [inline]\n __x64_sys_creat+0x124/0x170 fs/open.c:1516\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94\n\nThe reason is: in fuzzed image, sbi-\u003etotal_valid_block_count is\ninconsistent w/ mapped blocks indexed by inode, so, we should\nnot trigger panic for such case, instead, let\u0027s print log and\nset fsck flag.",
"id": "GHSA-mxqp-9xfw-66gp",
"modified": "2025-12-18T18:30:27Z",
"published": "2025-07-03T09:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38163"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/05872a167c2cab80ef186ef23cc34a6776a1a30c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/25f3776b58c1c45ad2e50ab4b263505b4d2378ca"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/49bc7bf38e42cfa642787e947f5721696ea73ac3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/65b3f76592aed5a43c4d79375ac097acf975972b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6a324d77f7ea1a91d55c4b6ad970e3ac9ab6a20d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a39cc43efc1bca74ed9d6cf9e60b995071f7d178"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ccc28c0397f75a3ec9539cceed9db014d7b73869"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f1b743c1955151bd392539b739a3ad155296be13"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MXVM-X858-3GM2
Vulnerability from github – Published: 2024-04-28 15:30 – Updated: 2024-10-29 18:30In the Linux kernel, the following vulnerability has been resolved:
s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
Fix Oops in dasd_alias_get_start_dev() function caused by the pavgroup pointer being NULL.
The pavgroup pointer is checked on the entrance of the function but without the lcu->lock being held. Therefore there is a race window between dasd_alias_get_start_dev() and _lcu_update() which sets pavgroup to NULL with the lcu->lock held.
Fix by checking the pavgroup pointer with lcu->lock held.
{
"affected": [],
"aliases": [
"CVE-2022-48636"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-28T13:15:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup\n\nFix Oops in dasd_alias_get_start_dev() function caused by the pavgroup\npointer being NULL.\n\nThe pavgroup pointer is checked on the entrance of the function but\nwithout the lcu-\u003elock being held. Therefore there is a race window\nbetween dasd_alias_get_start_dev() and _lcu_update() which sets\npavgroup to NULL with the lcu-\u003elock held.\n\nFix by checking the pavgroup pointer with lcu-\u003elock held.",
"id": "GHSA-mxvm-x858-3gm2",
"modified": "2024-10-29T18:30:34Z",
"published": "2024-04-28T15:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48636"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e473351400e3dd66f0b71eddcef82ee45a584c1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/49f401a98b318761ca2e15d4c7869a20043fbed4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/650a2e79d176db753654d3dde88e53a2033036ac"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aaba5ff2742043705bc4c02fd0b2b246e2e16da1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d3a67c21b18f33c79382084af556557c442f12a6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d86b4267834e6d4af62e3073e48166e349ab1b70"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/db7ba07108a48c0f95b74fabbfd5d63e924f992d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f5fcc9d6d71d9ff7fdbdd4b89074e6e24fffc20b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P22P-4GP5-HQW7
Vulnerability from github – Published: 2024-09-18 15:30 – Updated: 2024-09-18 15:30Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::ActionList::unpack13.
This issue affects libfluid: 0.1.0.
{
"affected": [],
"aliases": [
"CVE-2024-31164"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-690"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T14:15:12Z",
"severity": "MODERATE"
},
"details": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::ActionList::unpack13.\n\nThis issue affects libfluid: 0.1.0.",
"id": "GHSA-p22p-4gp5-hqw7",
"modified": "2024-09-18T15:30:49Z",
"published": "2024-09-18T15:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31164"
},
{
"type": "WEB",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31164"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-P237-MJC7-7QQJ
Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()
ACPICA commit 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0
ACPI_ALLOCATE_ZEROED() may fail, elements might be NULL and will cause NULL pointer dereference later.
[ rjw: Subject and changelog edits ]
{
"affected": [],
"aliases": [
"CVE-2024-49962"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:17Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()\n\nACPICA commit 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0\n\nACPI_ALLOCATE_ZEROED() may fail, elements might be NULL and will cause\nNULL pointer dereference later.\n\n[ rjw: Subject and changelog edits ]",
"id": "GHSA-p237-mjc7-7qqj",
"modified": "2025-11-04T00:31:43Z",
"published": "2024-10-21T18:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49962"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1c9b8775062f8d854a80caf186af57fc617d454c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/402b4c6b7500c7cca6972d2456a4a422801035b5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4588ea78d3904bebb613b0bb025669e75800f546"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4669da66ebc5b09881487f30669b0fcdb462188e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a5242874488eba2b9062985bf13743c029821330"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a907c113a8b66972f15f084d7dff960207b1f71d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ae5d4c7e76ba393d20366dfea1f39f24560ffb1d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cbb67e245dacd02b5e1d82733892647df1523982"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f282db38953ad71dd4f3f8877a4e1d37e580e30a"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P23V-V2WC-73M3
Vulnerability from github – Published: 2026-04-03 18:31 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
spi: fix statistics allocation
The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a NULL-pointer dereference.
Fix this by moving the statistics allocation to controller allocation while tying its lifetime to that of the controller (rather than using implicit devres).
{
"affected": [],
"aliases": [
"CVE-2026-23475"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-03T16:16:35Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fix statistics allocation\n\nThe controller per-cpu statistics is not allocated until after the\ncontroller has been registered with driver core, which leaves a window\nwhere accessing the sysfs attributes can trigger a NULL-pointer\ndereference.\n\nFix this by moving the statistics allocation to controller allocation\nwhile tying its lifetime to that of the controller (rather than using\nimplicit devres).",
"id": "GHSA-p23v-v2wc-73m3",
"modified": "2026-07-14T15:31:47Z",
"published": "2026-04-03T18:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23475"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/118ce777d39f03cac99231196f820e4f998613a8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/378b295f67102eef78cf2c28105f60ae1dab5cc1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/80c5bd0dca1cc5526ae0f4b273ccd163ed4caa4e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dee0774bbb2abb172e9069ce5ffef579b12b3ae9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/df30056c78e8bead02d4be020199cabdbec0fef1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f13100b1f5f111989f0750540a795fdef47492af"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.