Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-PM5P-FF9Q-6V54

Vulnerability from github – Published: 2023-09-01 21:30 – Updated: 2024-04-04 07:22
VLAI
Details

Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41633"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-01T19:15:43Z",
    "severity": "MODERATE"
  },
  "details": "Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c.",
  "id": "GHSA-pm5p-ff9q-6v54",
  "modified": "2024-04-04T07:22:14Z",
  "published": "2023-09-01T21:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41633"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/rycbar77/3da455382f88cfb6d6798572f34378bd"
    },
    {
      "type": "WEB",
      "url": "https://rycbar77.github.io/2023/08/29/catdoc-0-95-nullptr-dereference"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PM82-478G-GQ88

Vulnerability from github – Published: 2023-12-14 06:30 – Updated: 2025-11-04 21:30
VLAI
Details

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-49936"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-14T05:15:10Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.",
  "id": "GHSA-pm82-478g-gq88",
  "modified": "2025-11-04T21:30:52Z",
  "published": "2023-12-14T06:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49936"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO"
    },
    {
      "type": "WEB",
      "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html"
    },
    {
      "type": "WEB",
      "url": "https://www.schedmd.com/security-archive.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PM88-9XJW-GHXF

Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30
VLAI
Details

A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-55663"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-15T20:16:24Z",
    "severity": "MODERATE"
  },
  "details": "A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.",
  "id": "GHSA-pm88-9xjw-ghxf",
  "modified": "2026-06-15T21:30:37Z",
  "published": "2026-06-15T21:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55663"
    },
    {
      "type": "WEB",
      "url": "https://infosec.exchange/@sigdevel/116733899601128471"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/06/13/14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PMFG-QV3M-CHQH

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10
VLAI
Details

The mac80211 subsystem in the Linux kernel before 5.12.13, when a device supporting only 5 GHz is used, allows attackers to cause a denial of service (NULL pointer dereference in the radiotap parser) by injecting a frame with 802.11a rates.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38206"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-08T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The mac80211 subsystem in the Linux kernel before 5.12.13, when a device supporting only 5 GHz is used, allows attackers to cause a denial of service (NULL pointer dereference in the radiotap parser) by injecting a frame with 802.11a rates.",
  "id": "GHSA-pmfg-qv3m-chqh",
  "modified": "2022-05-24T19:10:23Z",
  "published": "2022-05-24T19:10:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38206"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/bddc0c411a45d3718ac535a070f349be8eca8d48"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PMMH-7PM7-HC62

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-30 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

regulator: rt4801: Fix NULL pointer dereference if priv->enable_gpios is NULL

devm_gpiod_get_array_optional may return NULL if no GPIO was assigned.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: rt4801: Fix NULL pointer dereference if priv-\u003eenable_gpios is NULL\n\ndevm_gpiod_get_array_optional may return NULL if no GPIO was assigned.",
  "id": "GHSA-pmmh-7pm7-hc62",
  "modified": "2024-12-30T21:30:45Z",
  "published": "2024-05-21T15:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47233"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ba8a26a7ce8617f9f3d6230de34b2302df086b41"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cb2381cbecb81a8893b2d1e1af29bc2e5531df27"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dc68f0c9e4a001e02376fe87f4bdcacadb27e8a1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PMP5-RW9V-RGV5

Vulnerability from github – Published: 2022-05-14 03:52 – Updated: 2025-04-20 03:47
VLAI
Details

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15939"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-27T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.",
  "id": "GHSA-pmp5-rw9v-rgv5",
  "modified": "2025-04-20T03:47:48Z",
  "published": "2022-05-14T03:52:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15939"
    },
    {
      "type": "WEB",
      "url": "https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201801-01"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22205"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=a54018b72d75abf2e74bf36016702da06399c1d9"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101613"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PMQ2-6662-X875

Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2024-04-29 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

x86/xen: Add some null pointer checking to smp.c

kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26908"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-17T11:15:11Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/xen: Add some null pointer checking to smp.c\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity.",
  "id": "GHSA-pmq2-6662-x875",
  "modified": "2024-04-29T21:30:33Z",
  "published": "2024-04-17T12:32:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26908"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/025a8a96c7ef3ff24a9b4753a7e851ba16f11bfc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3693bb4465e6e32a204a5b86d3ec7e6b9f7e67c2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/70a33a629090130d731fc1e1ad498bb672eea165"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8082bccb7ac480ceab89b09c53d20c78ae54f9fa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a9bbb05c0c04b49a1f7f05fd03826321dca2b8d4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d211e8128c0e2122512fa5e859316540349b54af"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb279074badac0bbe28749906562d648ca4bc750"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f49c513f46dc19bf01ffad2aaaf234d7f37f6799"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PMQM-G7JM-76HF

Vulnerability from github – Published: 2026-04-13 15:31 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net/sched: cls_fw: fix NULL pointer dereference on shared blocks

The old-method path in fw_classify() calls tcf_block_q() and dereferences q->handle. Shared blocks leave block->q NULL, causing a NULL deref when an empty cls_fw filter is attached to a shared block and a packet with a nonzero major skb mark is classified.

Reject the configuration in fw_change() when the old method (no TCA_OPTIONS) is used on a shared block, since fw_classify()'s old-method path needs block->q which is NULL for shared blocks.

The fixed null-ptr-deref calling stack: KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f] RIP: 0010:fw_classify (net/sched/cls_fw.c:81) Call Trace: tcf_classify (./include/net/tc_wrapper.h:197 net/sched/cls_api.c:1764 net/sched/cls_api.c:1860) tc_run (net/core/dev.c:4401) __dev_queue_xmit (net/core/dev.c:4535 net/core/dev.c:4790)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31421"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-13T14:16:11Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_fw: fix NULL pointer dereference on shared blocks\n\nThe old-method path in fw_classify() calls tcf_block_q() and\ndereferences q-\u003ehandle.  Shared blocks leave block-\u003eq NULL, causing a\nNULL deref when an empty cls_fw filter is attached to a shared block\nand a packet with a nonzero major skb mark is classified.\n\nReject the configuration in fw_change() when the old method (no\nTCA_OPTIONS) is used on a shared block, since fw_classify()\u0027s\nold-method path needs block-\u003eq which is NULL for shared blocks.\n\nThe fixed null-ptr-deref calling stack:\n KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]\n RIP: 0010:fw_classify (net/sched/cls_fw.c:81)\n Call Trace:\n  tcf_classify (./include/net/tc_wrapper.h:197 net/sched/cls_api.c:1764 net/sched/cls_api.c:1860)\n  tc_run (net/core/dev.c:4401)\n  __dev_queue_xmit (net/core/dev.c:4535 net/core/dev.c:4790)",
  "id": "GHSA-pmqm-g7jm-76hf",
  "modified": "2026-07-14T15:31:51Z",
  "published": "2026-04-13T15:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31421"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/18328eff2f97d1a6adcdb6d4a0f42f2f83a31e28"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3cb055df9e8625ce699a259d8178d67b37f2b160"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3d41f9a314afa94b1c7c7c75405920123220e8cd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5cf41031922c154aa5ccda8bcdb0f5e6226582ec"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/96426c348def662b06bfdc65be3002905604927a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d6d5bd62a09650856e1e2010eb09853eba0d64e1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/faeea8bbf6e958bf3c00cb08263109661975987c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/febf64ca79a2d6540ab6e5e197fa0f4f7e84473e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PMRX-2GV3-HV52

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-24 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usx2y: Don't call free_pages_exact() with NULL address

Unlike some other functions, we can't pass NULL pointer to free_pages_exact(). Add a proper NULL check for avoiding possible Oops.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47332"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:20Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usx2y: Don\u0027t call free_pages_exact() with NULL address\n\nUnlike some other functions, we can\u0027t pass NULL pointer to\nfree_pages_exact().  Add a proper NULL check for avoiding possible\nOops.",
  "id": "GHSA-pmrx-2gv3-hv52",
  "modified": "2024-12-24T18:30:48Z",
  "published": "2024-05-21T15:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47332"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7d7f30cf182e55023fa8fde4c084b2d37c6be69d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/82e5ee742fdd8874fe996181b87fafe1eb5f1196"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/88262229b778f4f7a896da828d966f94dcb35d19"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bee295f5e03510252d18b25cc1d26230256eb87a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cae0cf651adccee2c3f376e78f30fbd788d0829f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PMX4-MGJ6-5FC6

Vulnerability from github – Published: 2022-05-14 03:37 – Updated: 2025-04-20 03:46
VLAI
Details

security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15274"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-12T00:29:00Z",
    "severity": "MODERATE"
  },
  "details": "security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.",
  "id": "GHSA-pmx4-mgj6-5fc6",
  "modified": "2025-04-20T03:46:38Z",
  "published": "2022-05-14T03:37:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15274"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/5649645d725c73df4302428ee4e02c869248b4c5"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1946"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1045327"
    },
    {
      "type": "WEB",
      "url": "https://patchwork.kernel.org/patch/9781573"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3583-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3583-2"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5649645d725c73df4302428ee4e02c869248b4c5"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101292"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.