Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-PGJC-H8G4-V6J2

Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2024-10-24 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer

This commit addresses a potential null pointer dereference issue in the dcn32_acquire_idle_pipe_for_head_pipe_in_layer function. The issue could occur when head_pipe is null.

The fix adds a check to ensure head_pipe is not null before asserting it. If head_pipe is null, the function returns NULL to prevent a potential null pointer dereference.

Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn32/dcn32_resource.c:2690 dcn32_acquire_idle_pipe_for_head_pipe_in_layer() error: we previously assumed 'head_pipe' could be null (see line 2681)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49918"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:14Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn32_acquire_idle_pipe_for_head_pipe_in_layer` function. The issue\ncould occur when `head_pipe` is null.\n\nThe fix adds a check to ensure `head_pipe` is not null before asserting\nit. If `head_pipe` is null, the function returns NULL to prevent a\npotential null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn32/dcn32_resource.c:2690 dcn32_acquire_idle_pipe_for_head_pipe_in_layer() error: we previously assumed \u0027head_pipe\u0027 could be null (see line 2681)",
  "id": "GHSA-pgjc-h8g4-v6j2",
  "modified": "2024-10-24T18:30:42Z",
  "published": "2024-10-21T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49918"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4f47292f488fa7041284dca1f1244116c18721f1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/96d4c2ee18d732a248d053aae8c4a27cb1d68d1c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ac2140449184a26eac99585b7f69814bd3ba8f2d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGM2-2P72-H4HG

Vulnerability from github – Published: 2024-04-03 18:30 – Updated: 2025-01-07 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: fix null-pointer dereference on edid reading

Use i2c adapter when there isn't aux_mode in dc_link to fix a null-pointer derefence that happens when running igt@kms_force_connector_basic in a system with DCN2.1 and HDMI connector detected as below:

[ +0.178146] BUG: kernel NULL pointer dereference, address: 00000000000004c0 [ +0.000010] #PF: supervisor read access in kernel mode [ +0.000005] #PF: error_code(0x0000) - not-present page [ +0.000004] PGD 0 P4D 0 [ +0.000006] Oops: 0000 [#1] PREEMPT SMP NOPTI [ +0.000006] CPU: 15 PID: 2368 Comm: kms_force_conne Not tainted 6.5.0-asdn+ #152 [ +0.000005] Hardware name: HP HP ENVY x360 Convertible 13-ay1xxx/8929, BIOS F.01 07/14/2021 [ +0.000004] RIP: 0010:i2c_transfer+0xd/0x100 [ +0.000011] Code: ea fc ff ff 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 55 53 <48> 8b 47 10 48 89 fb 48 83 38 00 0f 84 b3 00 00 00 83 3d 2f 80 16 [ +0.000004] RSP: 0018:ffff9c4f89c0fad0 EFLAGS: 00010246 [ +0.000005] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000080 [ +0.000003] RDX: 0000000000000002 RSI: ffff9c4f89c0fb20 RDI: 00000000000004b0 [ +0.000003] RBP: ffff9c4f89c0fb80 R08: 0000000000000080 R09: ffff8d8e0b15b980 [ +0.000003] R10: 00000000000380e0 R11: 0000000000000000 R12: 0000000000000080 [ +0.000002] R13: 0000000000000002 R14: ffff9c4f89c0fb0e R15: ffff9c4f89c0fb0f [ +0.000004] FS: 00007f9ad2176c40(0000) GS:ffff8d90fe9c0000(0000) knlGS:0000000000000000 [ +0.000003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ +0.000004] CR2: 00000000000004c0 CR3: 0000000121bc4000 CR4: 0000000000750ee0 [ +0.000003] PKRU: 55555554 [ +0.000003] Call Trace: [ +0.000006] [ +0.000006] ? __die+0x23/0x70 [ +0.000011] ? page_fault_oops+0x17d/0x4c0 [ +0.000008] ? preempt_count_add+0x6e/0xa0 [ +0.000008] ? srso_alias_return_thunk+0x5/0x7f [ +0.000011] ? exc_page_fault+0x7f/0x180 [ +0.000009] ? asm_exc_page_fault+0x26/0x30 [ +0.000013] ? i2c_transfer+0xd/0x100 [ +0.000010] drm_do_probe_ddc_edid+0xc2/0x140 [drm] [ +0.000067] ? srso_alias_return_thunk+0x5/0x7f [ +0.000006] ? _drm_do_get_edid+0x97/0x3c0 [drm] [ +0.000043] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm] [ +0.000042] edid_block_read+0x3b/0xd0 [drm] [ +0.000043] _drm_do_get_edid+0xb6/0x3c0 [drm] [ +0.000041] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm] [ +0.000043] drm_edid_read_custom+0x37/0xd0 [drm] [ +0.000044] amdgpu_dm_connector_mode_valid+0x129/0x1d0 [amdgpu] [ +0.000153] drm_connector_mode_valid+0x3b/0x60 [drm_kms_helper] [ +0.000000] __drm_helper_update_and_validate+0xfe/0x3c0 [drm_kms_helper] [ +0.000000] ? amdgpu_dm_connector_get_modes+0xb6/0x520 [amdgpu] [ +0.000000] ? srso_alias_return_thunk+0x5/0x7f [ +0.000000] drm_helper_probe_single_connector_modes+0x2ab/0x540 [drm_kms_helper] [ +0.000000] status_store+0xb2/0x1f0 [drm] [ +0.000000] kernfs_fop_write_iter+0x136/0x1d0 [ +0.000000] vfs_write+0x24d/0x440 [ +0.000000] ksys_write+0x6f/0xf0 [ +0.000000] do_syscall_64+0x60/0xc0 [ +0.000000] ? srso_alias_return_thunk+0x5/0x7f [ +0.000000] ? syscall_exit_to_user_mode+0x2b/0x40 [ +0.000000] ? srso_alias_return_thunk+0x5/0x7f [ +0.000000] ? do_syscall_64+0x6c/0xc0 [ +0.000000] ? do_syscall_64+0x6c/0xc0 [ +0.000000] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ +0.000000] RIP: 0033:0x7f9ad46b4b00 [ +0.000000] Code: 40 00 48 8b 15 19 b3 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d e1 3a 0e 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ +0.000000] RSP: 002b:00007ffcbd3bd6d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ +0.000000] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9ad46b4b00 [ +0.000000] RDX: 0000000000000002 RSI: 00007f9ad48a7417 RDI: 0000000000000009 [ +0.000000] RBP: 0000000000000002 R08 ---truncated---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26728"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-03T17:15:50Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix null-pointer dereference on edid reading\n\nUse i2c adapter when there isn\u0027t aux_mode in dc_link to fix a\nnull-pointer derefence that happens when running\nigt@kms_force_connector_basic in a system with DCN2.1 and HDMI connector\ndetected as below:\n\n[  +0.178146] BUG: kernel NULL pointer dereference, address: 00000000000004c0\n[  +0.000010] #PF: supervisor read access in kernel mode\n[  +0.000005] #PF: error_code(0x0000) - not-present page\n[  +0.000004] PGD 0 P4D 0\n[  +0.000006] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[  +0.000006] CPU: 15 PID: 2368 Comm: kms_force_conne Not tainted 6.5.0-asdn+ #152\n[  +0.000005] Hardware name: HP HP ENVY x360 Convertible 13-ay1xxx/8929, BIOS F.01 07/14/2021\n[  +0.000004] RIP: 0010:i2c_transfer+0xd/0x100\n[  +0.000011] Code: ea fc ff ff 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 55 53 \u003c48\u003e 8b 47 10 48 89 fb 48 83 38 00 0f 84 b3 00 00 00 83 3d 2f 80 16\n[  +0.000004] RSP: 0018:ffff9c4f89c0fad0 EFLAGS: 00010246\n[  +0.000005] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000080\n[  +0.000003] RDX: 0000000000000002 RSI: ffff9c4f89c0fb20 RDI: 00000000000004b0\n[  +0.000003] RBP: ffff9c4f89c0fb80 R08: 0000000000000080 R09: ffff8d8e0b15b980\n[  +0.000003] R10: 00000000000380e0 R11: 0000000000000000 R12: 0000000000000080\n[  +0.000002] R13: 0000000000000002 R14: ffff9c4f89c0fb0e R15: ffff9c4f89c0fb0f\n[  +0.000004] FS:  00007f9ad2176c40(0000) GS:ffff8d90fe9c0000(0000) knlGS:0000000000000000\n[  +0.000003] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  +0.000004] CR2: 00000000000004c0 CR3: 0000000121bc4000 CR4: 0000000000750ee0\n[  +0.000003] PKRU: 55555554\n[  +0.000003] Call Trace:\n[  +0.000006]  \u003cTASK\u003e\n[  +0.000006]  ? __die+0x23/0x70\n[  +0.000011]  ? page_fault_oops+0x17d/0x4c0\n[  +0.000008]  ? preempt_count_add+0x6e/0xa0\n[  +0.000008]  ? srso_alias_return_thunk+0x5/0x7f\n[  +0.000011]  ? exc_page_fault+0x7f/0x180\n[  +0.000009]  ? asm_exc_page_fault+0x26/0x30\n[  +0.000013]  ? i2c_transfer+0xd/0x100\n[  +0.000010]  drm_do_probe_ddc_edid+0xc2/0x140 [drm]\n[  +0.000067]  ? srso_alias_return_thunk+0x5/0x7f\n[  +0.000006]  ? _drm_do_get_edid+0x97/0x3c0 [drm]\n[  +0.000043]  ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\n[  +0.000042]  edid_block_read+0x3b/0xd0 [drm]\n[  +0.000043]  _drm_do_get_edid+0xb6/0x3c0 [drm]\n[  +0.000041]  ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\n[  +0.000043]  drm_edid_read_custom+0x37/0xd0 [drm]\n[  +0.000044]  amdgpu_dm_connector_mode_valid+0x129/0x1d0 [amdgpu]\n[  +0.000153]  drm_connector_mode_valid+0x3b/0x60 [drm_kms_helper]\n[  +0.000000]  __drm_helper_update_and_validate+0xfe/0x3c0 [drm_kms_helper]\n[  +0.000000]  ? amdgpu_dm_connector_get_modes+0xb6/0x520 [amdgpu]\n[  +0.000000]  ? srso_alias_return_thunk+0x5/0x7f\n[  +0.000000]  drm_helper_probe_single_connector_modes+0x2ab/0x540 [drm_kms_helper]\n[  +0.000000]  status_store+0xb2/0x1f0 [drm]\n[  +0.000000]  kernfs_fop_write_iter+0x136/0x1d0\n[  +0.000000]  vfs_write+0x24d/0x440\n[  +0.000000]  ksys_write+0x6f/0xf0\n[  +0.000000]  do_syscall_64+0x60/0xc0\n[  +0.000000]  ? srso_alias_return_thunk+0x5/0x7f\n[  +0.000000]  ? syscall_exit_to_user_mode+0x2b/0x40\n[  +0.000000]  ? srso_alias_return_thunk+0x5/0x7f\n[  +0.000000]  ? do_syscall_64+0x6c/0xc0\n[  +0.000000]  ? do_syscall_64+0x6c/0xc0\n[  +0.000000]  entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[  +0.000000] RIP: 0033:0x7f9ad46b4b00\n[  +0.000000] Code: 40 00 48 8b 15 19 b3 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d e1 3a 0e 00 00 74 17 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89\n[  +0.000000] RSP: 002b:00007ffcbd3bd6d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\n[  +0.000000] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9ad46b4b00\n[  +0.000000] RDX: 0000000000000002 RSI: 00007f9ad48a7417 RDI: 0000000000000009\n[  +0.000000] RBP: 0000000000000002 R08\n---truncated---",
  "id": "GHSA-pgm2-2p72-h4hg",
  "modified": "2025-01-07T21:30:54Z",
  "published": "2024-04-03T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26728"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2d392f7268a1a9bfbd98c831f0f4c964e59aa145"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9671761792156f2339627918bafcd713a8a6f777"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGPC-54GC-3694

Vulnerability from github – Published: 2024-10-21 12:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param

In the wilc_parse_join_bss_param function, the TSF field of the ies structure is accessed after the RCU read-side critical section is unlocked. According to RCU usage rules, this is illegal. Reusing this pointer can lead to unpredictable behavior, including accessing memory that has been updated or causing use-after-free issues.

This possible bug was identified using a static analysis tool developed by myself, specifically designed to detect RCU-related issues.

To address this, the TSF value is now stored in a local variable ies_tsf before the RCU lock is released. The param->tsf_lo field is then assigned using this local variable, ensuring that the TSF value is safely accessed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47712"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T12:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param\n\nIn the `wilc_parse_join_bss_param` function, the TSF field of the `ies`\nstructure is accessed after the RCU read-side critical section is\nunlocked. According to RCU usage rules, this is illegal. Reusing this\npointer can lead to unpredictable behavior, including accessing memory\nthat has been updated or causing use-after-free issues.\n\nThis possible bug was identified using a static analysis tool developed\nby myself, specifically designed to detect RCU-related issues.\n\nTo address this, the TSF value is now stored in a local variable\n`ies_tsf` before the RCU lock is released. The `param-\u003etsf_lo` field is\nthen assigned using this local variable, ensuring that the TSF value is\nsafely accessed.",
  "id": "GHSA-pgpc-54gc-3694",
  "modified": "2025-11-04T00:31:37Z",
  "published": "2024-10-21T12:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47712"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2f944e6255c2fc1c9bd9ee32f6b14ee0b2a51eb5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/557418e1704605a81c9e26732449f71b1d40ba1e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a24cedc243ace5ed7c1016f52a7bfc8f5b07815"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6d7c6ae1efb1ff68bc01d79d94fdf0388f86cdd8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/79510414a7626317f13cc9073244ab7a8deb3192"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/84398204c5df5aaf89453056cf0647cda9664d2b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b040b71d99ee5e17bb7a743dc01cbfcae8908ce1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bf090f4fe935294361eabd9dc5a949fdd77d3d1b"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGQC-XW7P-GM9J

Vulnerability from github – Published: 2024-02-18 06:30 – Updated: 2024-12-04 18:32
VLAI
Details

Vulnerability of null references in the motor module.Successful exploitation of this vulnerability may affect availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52371"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-18T04:15:07Z",
    "severity": "LOW"
  },
  "details": "Vulnerability of null references in the motor module.Successful exploitation of this vulnerability may affect availability.",
  "id": "GHSA-pgqc-xw7p-gm9j",
  "modified": "2024-12-04T18:32:33Z",
  "published": "2024-02-18T06:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52371"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2024/2"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202402-0000001834855405"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGRR-Q7VF-XGG9

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10
VLAI
Details

The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-32440"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-11T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.",
  "id": "GHSA-pgrr-q7vf-xgg9",
  "modified": "2022-05-24T19:10:40Z",
  "published": "2022-05-24T19:10:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32440"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/1772"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/f0ba83717b6e4d7a15a1676d1fe06152e199b011"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PH2M-74P3-X4W9

Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13
VLAI
Details

QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could use this flaw to crash the QEMU process instance resulting in DoS.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-2197"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-29T22:59:00Z",
    "severity": "MODERATE"
  },
  "details": "QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could use this flaw to crash the QEMU process instance resulting in DoS.",
  "id": "GHSA-ph2m-74p3-x4w9",
  "modified": "2022-05-13T01:13:38Z",
  "published": "2022-05-13T01:13:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2197"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302057"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05742.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201604-01"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/01/29/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/01/30/1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/82235"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PH5R-2XRJ-457H

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2023-05-05 21:31
VLAI
Details

An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-32269"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-20T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service.",
  "id": "GHSA-ph5r-2xrj-457h",
  "modified": "2023-05-05T21:31:08Z",
  "published": "2022-05-24T19:15:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32269"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/1574"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PH65-8QF2-63QX

Vulnerability from github – Published: 2024-12-10 21:30 – Updated: 2024-12-10 21:30
VLAI
Details

Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49531"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-10T20:15:18Z",
    "severity": "MODERATE"
  },
  "details": "Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-ph65-8qf2-63qx",
  "modified": "2024-12-10T21:30:52Z",
  "published": "2024-12-10T21:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49531"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-92.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PH83-P4WJ-C47P

Vulnerability from github – Published: 2025-04-18 15:31 – Updated: 2025-04-28 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

staging: gpib: Fix cb7210 pcmcia Oops

The pcmcia_driver struct was still only using the old .name initialization in the drv field. This led to a NULL pointer deref Oops in strcmp called from pcmcia_register_driver.

Initialize the pcmcia_driver struct name field.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-39755"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-18T07:15:44Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: gpib: Fix cb7210 pcmcia Oops\n\nThe  pcmcia_driver struct was still only using the old .name\ninitialization in the drv field. This led to a NULL pointer\nderef Oops in strcmp called from pcmcia_register_driver.\n\nInitialize the pcmcia_driver struct name field.",
  "id": "GHSA-ph83-p4wj-c47p",
  "modified": "2025-04-28T18:30:51Z",
  "published": "2025-04-18T15:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39755"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7ec50077d7f6647cb6ba3a2a20a6c26f51259c7d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c1baf6528bcfd6a86842093ff3f8ff8caf309c12"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c82ae06f49e70d1c14ee9c76c392345856d050c9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PH9J-9V78-7MJ5

Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-11-03 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

unicode: Fix utf8_load() error path

utf8_load() requests the symbol "utf8_data_table" and then checks if the requested UTF-8 version is supported. If it's unsupported, it tries to put the data table using symbol_put(). If an unsupported version is requested, symbol_put() fails like this:

kernel BUG at kernel/module/main.c:786! RIP: 0010:__symbol_put+0x93/0xb0 Call Trace: ? __die_body.cold+0x19/0x27 ? die+0x2e/0x50 ? do_trap+0xca/0x110 ? do_error_trap+0x65/0x80 ? __symbol_put+0x93/0xb0 ? exc_invalid_op+0x51/0x70 ? __symbol_put+0x93/0xb0 ? asm_exc_invalid_op+0x1a/0x20 ? __pfx_cmp_name+0x10/0x10 ? __symbol_put+0x93/0xb0 ? __symbol_put+0x62/0xb0 utf8_load+0xf8/0x150

That happens because symbol_put() expects the unique string that identify the symbol, instead of a pointer to the loaded symbol. Fix that by using such string.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-27T14:15:31Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nunicode: Fix utf8_load() error path\n\nutf8_load() requests the symbol \"utf8_data_table\" and then checks if the\nrequested UTF-8 version is supported. If it\u0027s unsupported, it tries to\nput the data table using symbol_put(). If an unsupported version is\nrequested, symbol_put() fails like this:\n\n kernel BUG at kernel/module/main.c:786!\n RIP: 0010:__symbol_put+0x93/0xb0\n Call Trace:\n  \u003cTASK\u003e\n  ? __die_body.cold+0x19/0x27\n  ? die+0x2e/0x50\n  ? do_trap+0xca/0x110\n  ? do_error_trap+0x65/0x80\n  ? __symbol_put+0x93/0xb0\n  ? exc_invalid_op+0x51/0x70\n  ? __symbol_put+0x93/0xb0\n  ? asm_exc_invalid_op+0x1a/0x20\n  ? __pfx_cmp_name+0x10/0x10\n  ? __symbol_put+0x93/0xb0\n  ? __symbol_put+0x62/0xb0\n  utf8_load+0xf8/0x150\n\nThat happens because symbol_put() expects the unique string that\nidentify the symbol, instead of a pointer to the loaded symbol. Fix that\nby using such string.",
  "id": "GHSA-ph9j-9v78-7mj5",
  "modified": "2025-11-03T21:31:50Z",
  "published": "2024-12-27T15:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53233"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/156bb2c569cd869583c593d27a5bd69e7b2a4264"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4387cef540f36c2c9297460758cc2438305a24a0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6504dd27123966dc455494cb55217c04ca479121"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/89933f8ab3b4cad5ac14ea56a39947d1ffe7d0e3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c4b6c1781f6cc4e2283120ac8d873864b8056f21"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.