Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-Q57W-GQGQ-CX44

Vulnerability from github – Published: 2025-06-10 18:32 – Updated: 2025-06-10 18:32
VLAI
Details

Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-33057"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-10T17:22:25Z",
    "severity": "MODERATE"
  },
  "details": "Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.",
  "id": "GHSA-q57w-gqgq-cx44",
  "modified": "2025-06-10T18:32:29Z",
  "published": "2025-06-10T18:32:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33057"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33057"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q59C-3X85-F94G

Vulnerability from github – Published: 2025-07-03 09:30 – Updated: 2025-12-16 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

dma-buf: insert memory barrier before updating num_fences

smp_store_mb() inserts memory barrier after storing operation. It is different with what the comment is originally aiming so Null pointer dereference can be happened if memory update is reordered.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38095"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-03T08:15:26Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: insert memory barrier before updating num_fences\n\nsmp_store_mb() inserts memory barrier after storing operation.\nIt is different with what the comment is originally aiming so Null\npointer dereference can be happened if memory update is reordered.",
  "id": "GHSA-q59c-3x85-f94g",
  "modified": "2025-12-16T18:31:28Z",
  "published": "2025-07-03T09:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38095"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/08680c4dadc6e736c75bc2409d833f03f9003c51"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3becc659f9cb76b481ad1fb71f54d5c8d6332d3f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/72c7d62583ebce7baeb61acce6057c361f73be4a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/90eb79c4ed98a4e24a62ccf61c199ab0f680fa8f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c9d2b9a80d06a58f37e0dc8c827075639b443927"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d0b7f11dd68b593bd970e5735be00e8d89bace30"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fe1bebd0edb22e3536cbc920ec713331d1367ad4"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q59J-VV4J-V33C

Vulnerability from github – Published: 2024-11-29 18:34 – Updated: 2024-12-09 21:53
VLAI
Summary
NULL Pointer Dereference on moby image history
Details

moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/moby/moby"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "25.0.0"
            },
            {
              "fixed": "26.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-36620"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-04T22:44:38Z",
    "nvd_published_at": "2024-11-29T18:15:07Z",
    "severity": "MODERATE"
  },
  "details": "moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.",
  "id": "GHSA-q59j-vv4j-v33c",
  "modified": "2024-12-09T21:53:38Z",
  "published": "2024-11-29T18:34:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36620"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moby/moby/commit/ab570ab3d62038b3d26f96a9bb585d0b6095b9b4"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/1047524396/f08816669701ab478a265a811d2c89b2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/moby/moby"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moby/moby/blob/v26.0.2/daemon/images/image_history.go#L48"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2024-3311"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "NULL Pointer Dereference on moby image history"
}

GHSA-Q5G9-GXXP-QXH7

Vulnerability from github – Published: 2024-03-25 12:30 – Updated: 2025-03-03 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'

In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't exists, function just return without initializing ports of 'rp2_card'. But now the interrupt handler function has been registered, and when an interrupt comes, 'rp2_uart_interrupt' may access those ports then causing NULL pointer dereference or other bugs.

Because the driver does some initialization work in 'rp2_fw_cb', in order to make the driver ready to handle interrupts, 'request_firmware' should be used instead of asynchronous 'request_firmware_nowait'.

This report reveals it:

INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59- gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xec/0x156 lib/dump_stack.c:118 assign_lock_key kernel/locking/lockdep.c:727 [inline] register_lock_class+0x14e5/0x1ba0 kernel/locking/lockdep.c:753 __lock_acquire+0x187/0x3750 kernel/locking/lockdep.c:3303 lock_acquire+0x124/0x340 kernel/locking/lockdep.c:3907 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x32/0x50 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] rp2_ch_interrupt drivers/tty/serial/rp2.c:466 [inline] rp2_asic_interrupt.isra.9+0x15d/0x990 drivers/tty/serial/rp2.c:493 rp2_uart_interrupt+0x49/0xe0 drivers/tty/serial/rp2.c:504 __handle_irq_event_percpu+0xfb/0x770 kernel/irq/handle.c:149 handle_irq_event_percpu+0x79/0x150 kernel/irq/handle.c:189 handle_irq_event+0xac/0x140 kernel/irq/handle.c:206 handle_fasteoi_irq+0x232/0x5c0 kernel/irq/chip.c:725 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x230/0x3a0 arch/x86/kernel/irq_64.c:87 do_IRQ+0xa7/0x1e0 arch/x86/kernel/irq.c:247 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670 RIP: 0010:native_safe_halt+0x28/0x30 arch/x86/include/asm/irqflags.h:61 Code: 00 00 55 be 04 00 00 00 48 c7 c7 00 c2 2f 8c 48 89 e5 e8 fb 31 e7 f8 8b 05 75 af 8d 03 85 c0 7e 07 0f 00 2d 8a 61 65 00 fb f4 <5d> c3 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 RSP: 0018:ffff88806b71fcc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde RAX: 0000000000000000 RBX: ffffffff8bde7e48 RCX: ffffffff88a21285 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8c2fc200 RBP: ffff88806b71fcc8 R08: fffffbfff185f840 R09: fffffbfff185f840 R10: 0000000000000001 R11: fffffbfff185f840 R12: 0000000000000002 R13: ffffffff8bea18a0 R14: 0000000000000000 R15: 0000000000000000 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline] default_idle+0x6f/0x360 arch/x86/kernel/process.c:557 arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:548 default_idle_call+0x3b/0x60 kernel/sched/idle.c:93 cpuidle_idle_call kernel/sched/idle.c:153 [inline] do_idle+0x2ab/0x3c0 kernel/sched/idle.c:263 cpu_startup_entry+0xcb/0xe0 kernel/sched/idle.c:369 start_secondary+0x3b8/0x4e0 arch/x86/kernel/smpboot.c:271 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 PGD 8000000056d27067 P4D 8000000056d27067 PUD 56d28067 PMD 0 Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59- gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:readl arch/x86/include/asm/io.h:59 [inline] RIP: 0010:rp2_ch_interrupt drivers/tty/serial/rp2.c:472 [inline] RIP: 0010:rp2_asic_interrupt.isra.9+0x181/0x990 drivers/tty/serial/rp2.c: 493 Co ---truncated---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47169"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-25T10:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: rp2: use \u0027request_firmware\u0027 instead of \u0027request_firmware_nowait\u0027\n\nIn \u0027rp2_probe\u0027, the driver registers \u0027rp2_uart_interrupt\u0027 then calls\n\u0027rp2_fw_cb\u0027 through \u0027request_firmware_nowait\u0027. In \u0027rp2_fw_cb\u0027, if the\nfirmware don\u0027t exists, function just return without initializing ports\nof \u0027rp2_card\u0027. But now the interrupt handler function has been\nregistered, and when an interrupt comes, \u0027rp2_uart_interrupt\u0027 may access\nthose ports then causing NULL pointer dereference or other bugs.\n\nBecause the driver does some initialization work in \u0027rp2_fw_cb\u0027, in\norder to make the driver ready to handle interrupts, \u0027request_firmware\u0027\nshould be used instead of asynchronous \u0027request_firmware_nowait\u0027.\n\nThis report reveals it:\n\nINFO: trying to register non-static key.\nthe code is fine but needs lockdep annotation.\nturning off the locking correctness validator.\nCPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-\ngc9ba5276e321-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0xec/0x156 lib/dump_stack.c:118\n assign_lock_key kernel/locking/lockdep.c:727 [inline]\n register_lock_class+0x14e5/0x1ba0 kernel/locking/lockdep.c:753\n __lock_acquire+0x187/0x3750 kernel/locking/lockdep.c:3303\n lock_acquire+0x124/0x340 kernel/locking/lockdep.c:3907\n __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]\n _raw_spin_lock+0x32/0x50 kernel/locking/spinlock.c:144\n spin_lock include/linux/spinlock.h:329 [inline]\n rp2_ch_interrupt drivers/tty/serial/rp2.c:466 [inline]\n rp2_asic_interrupt.isra.9+0x15d/0x990 drivers/tty/serial/rp2.c:493\n rp2_uart_interrupt+0x49/0xe0 drivers/tty/serial/rp2.c:504\n __handle_irq_event_percpu+0xfb/0x770 kernel/irq/handle.c:149\n handle_irq_event_percpu+0x79/0x150 kernel/irq/handle.c:189\n handle_irq_event+0xac/0x140 kernel/irq/handle.c:206\n handle_fasteoi_irq+0x232/0x5c0 kernel/irq/chip.c:725\n generic_handle_irq_desc include/linux/irqdesc.h:155 [inline]\n handle_irq+0x230/0x3a0 arch/x86/kernel/irq_64.c:87\n do_IRQ+0xa7/0x1e0 arch/x86/kernel/irq.c:247\n common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670\n \u003c/IRQ\u003e\nRIP: 0010:native_safe_halt+0x28/0x30 arch/x86/include/asm/irqflags.h:61\nCode: 00 00 55 be 04 00 00 00 48 c7 c7 00 c2 2f 8c 48 89 e5 e8 fb 31 e7 f8\n8b 05 75 af 8d 03 85 c0 7e 07 0f 00 2d 8a 61 65 00 fb f4 \u003c5d\u003e c3 90 90 90\n90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41\nRSP: 0018:ffff88806b71fcc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde\nRAX: 0000000000000000 RBX: ffffffff8bde7e48 RCX: ffffffff88a21285\nRDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8c2fc200\nRBP: ffff88806b71fcc8 R08: fffffbfff185f840 R09: fffffbfff185f840\nR10: 0000000000000001 R11: fffffbfff185f840 R12: 0000000000000002\nR13: ffffffff8bea18a0 R14: 0000000000000000 R15: 0000000000000000\n arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline]\n default_idle+0x6f/0x360 arch/x86/kernel/process.c:557\n arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:548\n default_idle_call+0x3b/0x60 kernel/sched/idle.c:93\n cpuidle_idle_call kernel/sched/idle.c:153 [inline]\n do_idle+0x2ab/0x3c0 kernel/sched/idle.c:263\n cpu_startup_entry+0xcb/0xe0 kernel/sched/idle.c:369\n start_secondary+0x3b8/0x4e0 arch/x86/kernel/smpboot.c:271\n secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243\nBUG: unable to handle kernel NULL pointer dereference at 0000000000000010\nPGD 8000000056d27067 P4D 8000000056d27067 PUD 56d28067 PMD 0\nOops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-\ngc9ba5276e321-prebuilt.qemu.org 04/01/2014\nRIP: 0010:readl arch/x86/include/asm/io.h:59 [inline]\nRIP: 0010:rp2_ch_interrupt drivers/tty/serial/rp2.c:472 [inline]\nRIP: 0010:rp2_asic_interrupt.isra.9+0x181/0x990 drivers/tty/serial/rp2.c:\n493\nCo\n---truncated---",
  "id": "GHSA-q5g9-gxxp-qxh7",
  "modified": "2025-03-03T18:31:21Z",
  "published": "2024-03-25T12:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47169"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/016002848c82eeb5d460489ce392d91fe18c475c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1cc57cb32c84e059bd158494f746b665fc14d1b1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1e04d5d5fe5e76af68f834e1941fcbfa439653be"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/35265552c7fe9553c75e324c80f45e28ff14eb6e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6a931ceb0b9401fe18d0c500e08164bf9cc7be4b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/915452f40e2f495e187276c4407a4f567ec2307e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9b07b6973f7359e2dd6a9fe6db0c142634c823b7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c697244ce940ec07e2d745ccb63ca97fc0266fbc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q5H9-GX3C-P258

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15
VLAI
Details

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function grealloc() located in gmem.cc. It allows an attacker to cause Denial of Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39553"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-20T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function grealloc() located in gmem.cc. It allows an attacker to cause Denial of Service.",
  "id": "GHSA-q5h9-gx3c-p258",
  "modified": "2022-05-24T19:15:08Z",
  "published": "2022-05-24T19:15:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39553"
    },
    {
      "type": "WEB",
      "url": "https://github.com/matthiaskramm/swftools/issues/103"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-Q5HG-CRXG-7J9J

Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2025-04-20 03:33
VLAI
Details

An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-9049"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-21T22:59:00Z",
    "severity": "HIGH"
  },
  "details": "An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability.",
  "id": "GHSA-q5hg-crxg-7j9j",
  "modified": "2025-04-20T03:33:17Z",
  "published": "2022-05-13T01:01:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9049"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96376"
    },
    {
      "type": "WEB",
      "url": "http://www.talosintelligence.com/reports/TALOS-2016-0263"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q5JC-R55M-4XV5

Vulnerability from github – Published: 2025-09-16 18:31 – Updated: 2025-12-10 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Enhance sanity check while generating attr_list

ni_create_attr_list uses WARN_ON to catch error cases while generating attribute list, which only prints out stack trace and may not be enough. This repalces them with more proper error handling flow.

[ 59.666332] BUG: kernel NULL pointer dereference, address: 000000000000000e [ 59.673268] #PF: supervisor read access in kernel mode [ 59.678354] #PF: error_code(0x0000) - not-present page [ 59.682831] PGD 8000000005ff1067 P4D 8000000005ff1067 PUD 7dee067 PMD 0 [ 59.688556] Oops: 0000 [#1] PREEMPT SMP KASAN PTI [ 59.692642] CPU: 0 PID: 198 Comm: poc Tainted: G B W 6.2.0-rc1+ #4 [ 59.698868] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 [ 59.708795] RIP: 0010:ni_create_attr_list+0x505/0x860 [ 59.713657] Code: 7e 10 e8 5e d0 d0 ff 45 0f b7 76 10 48 8d 7b 16 e8 00 d1 d0 ff 66 44 89 73 16 4d 8d 75 0e 4c 89 f7 e8 3f d0 d0 ff 4c 8d8 [ 59.731559] RSP: 0018:ffff88800a56f1e0 EFLAGS: 00010282 [ 59.735691] RAX: 0000000000000001 RBX: ffff88800b7b5088 RCX: ffffffffb83079fe [ 59.741792] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffffbb7f9fc0 [ 59.748423] RBP: ffff88800a56f3a8 R08: ffff88800b7b50a0 R09: fffffbfff76ff3f9 [ 59.754654] R10: ffffffffbb7f9fc7 R11: fffffbfff76ff3f8 R12: ffff88800b756180 [ 59.761552] R13: 0000000000000000 R14: 000000000000000e R15: 0000000000000050 [ 59.768323] FS: 00007feaa8c96440(0000) GS:ffff88806d400000(0000) knlGS:0000000000000000 [ 59.776027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.781395] CR2: 00007f3a2e0b1000 CR3: 000000000a5bc000 CR4: 00000000000006f0 [ 59.787607] Call Trace: [ 59.790271] [ 59.792488] ? __pfx_ni_create_attr_list+0x10/0x10 [ 59.797235] ? kernel_text_address+0xd3/0xe0 [ 59.800856] ? unwind_get_return_address+0x3e/0x60 [ 59.805101] ? __kasan_check_write+0x18/0x20 [ 59.809296] ? preempt_count_sub+0x1c/0xd0 [ 59.813421] ni_ins_attr_ext+0x52c/0x5c0 [ 59.817034] ? __pfx_ni_ins_attr_ext+0x10/0x10 [ 59.821926] ? __vfs_setxattr+0x121/0x170 [ 59.825718] ? __vfs_setxattr_noperm+0x97/0x300 [ 59.829562] ? __vfs_setxattr_locked+0x145/0x170 [ 59.833987] ? vfs_setxattr+0x137/0x2a0 [ 59.836732] ? do_setxattr+0xce/0x150 [ 59.839807] ? setxattr+0x126/0x140 [ 59.842353] ? path_setxattr+0x164/0x180 [ 59.845275] ? __x64_sys_setxattr+0x71/0x90 [ 59.848838] ? do_syscall_64+0x3f/0x90 [ 59.851898] ? entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 59.857046] ? stack_depot_save+0x17/0x20 [ 59.860299] ni_insert_attr+0x1ba/0x420 [ 59.863104] ? __pfx_ni_insert_attr+0x10/0x10 [ 59.867069] ? preempt_count_sub+0x1c/0xd0 [ 59.869897] ? _raw_spin_unlock_irqrestore+0x2b/0x50 [ 59.874088] ? __create_object+0x3ae/0x5d0 [ 59.877865] ni_insert_resident+0xc4/0x1c0 [ 59.881430] ? __pfx_ni_insert_resident+0x10/0x10 [ 59.886355] ? kasan_save_alloc_info+0x1f/0x30 [ 59.891117] ? __kasan_kmalloc+0x8b/0xa0 [ 59.894383] ntfs_set_ea+0x90d/0xbf0 [ 59.897703] ? __pfx_ntfs_set_ea+0x10/0x10 [ 59.901011] ? kernel_text_address+0xd3/0xe0 [ 59.905308] ? __kernel_text_address+0x16/0x50 [ 59.909811] ? unwind_get_return_address+0x3e/0x60 [ 59.914898] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 59.920250] ? arch_stack_walk+0xa2/0x100 [ 59.924560] ? filter_irq_stacks+0x27/0x80 [ 59.928722] ntfs_setxattr+0x405/0x440 [ 59.932512] ? __pfx_ntfs_setxattr+0x10/0x10 [ 59.936634] ? kvmalloc_node+0x2d/0x120 [ 59.940378] ? kasan_save_stack+0x41/0x60 [ 59.943870] ? kasan_save_stack+0x2a/0x60 [ 59.947719] ? kasan_set_track+0x29/0x40 [ 59.951417] ? kasan_save_alloc_info+0x1f/0x30 [ 59.955733] ? __kasan_kmalloc+0x8b/0xa0 [ 59.959598] ? __kmalloc_node+0x68/0x150 [ 59.963163] ? kvmalloc_node+0x2d/0x120 [ 59.966490] ? vmemdup_user+0x2b/0xa0 ---truncated---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53328"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T17:15:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Enhance sanity check while generating attr_list\n\nni_create_attr_list uses WARN_ON to catch error cases while generating\nattribute list, which only prints out stack trace and may not be enough.\nThis repalces them with more proper error handling flow.\n\n[   59.666332] BUG: kernel NULL pointer dereference, address: 000000000000000e\n[   59.673268] #PF: supervisor read access in kernel mode\n[   59.678354] #PF: error_code(0x0000) - not-present page\n[   59.682831] PGD 8000000005ff1067 P4D 8000000005ff1067 PUD 7dee067 PMD 0\n[   59.688556] Oops: 0000 [#1] PREEMPT SMP KASAN PTI\n[   59.692642] CPU: 0 PID: 198 Comm: poc Tainted: G    B   W          6.2.0-rc1+ #4\n[   59.698868] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n[   59.708795] RIP: 0010:ni_create_attr_list+0x505/0x860\n[   59.713657] Code: 7e 10 e8 5e d0 d0 ff 45 0f b7 76 10 48 8d 7b 16 e8 00 d1 d0 ff 66 44 89 73 16 4d 8d 75 0e 4c 89 f7 e8 3f d0 d0 ff 4c 8d8\n[   59.731559] RSP: 0018:ffff88800a56f1e0 EFLAGS: 00010282\n[   59.735691] RAX: 0000000000000001 RBX: ffff88800b7b5088 RCX: ffffffffb83079fe\n[   59.741792] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffffbb7f9fc0\n[   59.748423] RBP: ffff88800a56f3a8 R08: ffff88800b7b50a0 R09: fffffbfff76ff3f9\n[   59.754654] R10: ffffffffbb7f9fc7 R11: fffffbfff76ff3f8 R12: ffff88800b756180\n[   59.761552] R13: 0000000000000000 R14: 000000000000000e R15: 0000000000000050\n[   59.768323] FS:  00007feaa8c96440(0000) GS:ffff88806d400000(0000) knlGS:0000000000000000\n[   59.776027] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   59.781395] CR2: 00007f3a2e0b1000 CR3: 000000000a5bc000 CR4: 00000000000006f0\n[   59.787607] Call Trace:\n[   59.790271]  \u003cTASK\u003e\n[   59.792488]  ? __pfx_ni_create_attr_list+0x10/0x10\n[   59.797235]  ? kernel_text_address+0xd3/0xe0\n[   59.800856]  ? unwind_get_return_address+0x3e/0x60\n[   59.805101]  ? __kasan_check_write+0x18/0x20\n[   59.809296]  ? preempt_count_sub+0x1c/0xd0\n[   59.813421]  ni_ins_attr_ext+0x52c/0x5c0\n[   59.817034]  ? __pfx_ni_ins_attr_ext+0x10/0x10\n[   59.821926]  ? __vfs_setxattr+0x121/0x170\n[   59.825718]  ? __vfs_setxattr_noperm+0x97/0x300\n[   59.829562]  ? __vfs_setxattr_locked+0x145/0x170\n[   59.833987]  ? vfs_setxattr+0x137/0x2a0\n[   59.836732]  ? do_setxattr+0xce/0x150\n[   59.839807]  ? setxattr+0x126/0x140\n[   59.842353]  ? path_setxattr+0x164/0x180\n[   59.845275]  ? __x64_sys_setxattr+0x71/0x90\n[   59.848838]  ? do_syscall_64+0x3f/0x90\n[   59.851898]  ? entry_SYSCALL_64_after_hwframe+0x72/0xdc\n[   59.857046]  ? stack_depot_save+0x17/0x20\n[   59.860299]  ni_insert_attr+0x1ba/0x420\n[   59.863104]  ? __pfx_ni_insert_attr+0x10/0x10\n[   59.867069]  ? preempt_count_sub+0x1c/0xd0\n[   59.869897]  ? _raw_spin_unlock_irqrestore+0x2b/0x50\n[   59.874088]  ? __create_object+0x3ae/0x5d0\n[   59.877865]  ni_insert_resident+0xc4/0x1c0\n[   59.881430]  ? __pfx_ni_insert_resident+0x10/0x10\n[   59.886355]  ? kasan_save_alloc_info+0x1f/0x30\n[   59.891117]  ? __kasan_kmalloc+0x8b/0xa0\n[   59.894383]  ntfs_set_ea+0x90d/0xbf0\n[   59.897703]  ? __pfx_ntfs_set_ea+0x10/0x10\n[   59.901011]  ? kernel_text_address+0xd3/0xe0\n[   59.905308]  ? __kernel_text_address+0x16/0x50\n[   59.909811]  ? unwind_get_return_address+0x3e/0x60\n[   59.914898]  ? __pfx_stack_trace_consume_entry+0x10/0x10\n[   59.920250]  ? arch_stack_walk+0xa2/0x100\n[   59.924560]  ? filter_irq_stacks+0x27/0x80\n[   59.928722]  ntfs_setxattr+0x405/0x440\n[   59.932512]  ? __pfx_ntfs_setxattr+0x10/0x10\n[   59.936634]  ? kvmalloc_node+0x2d/0x120\n[   59.940378]  ? kasan_save_stack+0x41/0x60\n[   59.943870]  ? kasan_save_stack+0x2a/0x60\n[   59.947719]  ? kasan_set_track+0x29/0x40\n[   59.951417]  ? kasan_save_alloc_info+0x1f/0x30\n[   59.955733]  ? __kasan_kmalloc+0x8b/0xa0\n[   59.959598]  ? __kmalloc_node+0x68/0x150\n[   59.963163]  ? kvmalloc_node+0x2d/0x120\n[   59.966490]  ? vmemdup_user+0x2b/0xa0\n---truncated---",
  "id": "GHSA-q5jc-r55m-4xv5",
  "modified": "2025-12-10T21:31:29Z",
  "published": "2025-09-16T18:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53328"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4246bbef0442f4a1e974df0ab091f4f33ac69451"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/64fab8bce5237ca225ee1ec9dff5cc8c31b0631f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e7799bb4dbe26bfb665f29ea87981708fd6012d8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fdec309c7672cbee4dc0229ee4cbb33c948a1bdd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q5MM-HFP5-3XXH

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-03 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()

Wei Chen reports a kernel bug as blew:

general protection fault, probably for non-canonical address KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] ... Call Trace: __i2c_transfer+0x77e/0x1930 drivers/i2c/i2c-core-base.c:2109 i2c_transfer+0x1d5/0x3d0 drivers/i2c/i2c-core-base.c:2170 i2cdev_ioctl_rdwr+0x393/0x660 drivers/i2c/i2c-dev.c:297 i2cdev_ioctl+0x75d/0x9f0 drivers/i2c/i2c-dev.c:458 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0xfb/0x170 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fd834a8bded

In az6027_i2c_xfer(), if msg[i].addr is 0x99, a null-ptr-deref will caused when accessing msg[i].buf. For msg[i].len is 0 and msg[i].buf is null.

Fix this by checking msg[i].len in az6027_i2c_xfer().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50272"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:38Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\n\nWei Chen reports a kernel bug as blew:\n\ngeneral protection fault, probably for non-canonical address\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n...\nCall Trace:\n\u003cTASK\u003e\n__i2c_transfer+0x77e/0x1930 drivers/i2c/i2c-core-base.c:2109\ni2c_transfer+0x1d5/0x3d0 drivers/i2c/i2c-core-base.c:2170\ni2cdev_ioctl_rdwr+0x393/0x660 drivers/i2c/i2c-dev.c:297\ni2cdev_ioctl+0x75d/0x9f0 drivers/i2c/i2c-dev.c:458\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:870 [inline]\n__se_sys_ioctl+0xfb/0x170 fs/ioctl.c:856\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fd834a8bded\n\nIn az6027_i2c_xfer(), if msg[i].addr is 0x99,\na null-ptr-deref will caused when accessing msg[i].buf.\nFor msg[i].len is 0 and msg[i].buf is null.\n\nFix this by checking msg[i].len in az6027_i2c_xfer().",
  "id": "GHSA-q5mm-hfp5-3xxh",
  "modified": "2025-12-03T18:30:20Z",
  "published": "2025-09-15T15:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50272"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0ed554fd769a19ea8464bb83e9ac201002ef74ad"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/210fcf64be4db82c0e190e74b5111e4eef661a7a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2b6a8a1a32746981044e7ab06649c804acb4068a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/559891d430e3f3a178040c4371ed419edbfa7d65"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6b60cf73a931af34b7a0a3f467a79d9fe0df2d70"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6fbc44731a4665cbe92a5090e9804a388a72214b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7abfe467cd685f5da7ecb415441e45e3e4e2baa8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8b256d23361c51aa4b7fdb71176c1ca50966fb39"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c712d1ccbfb787620422b437a5b8fac0802547bd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q5P9-89CW-6CHM

Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2024-04-04 02:43
VLAI
Details

Null pointer dereference in the FPGA kernel driver for Intel(R) Quartus(R) Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable denial of service via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-14604"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-16T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Null pointer dereference in the FPGA kernel driver for Intel(R) Quartus(R) Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable denial of service via local access.",
  "id": "GHSA-q5p9-89cw-6chm",
  "modified": "2024-04-04T02:43:48Z",
  "published": "2022-05-24T17:03:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14604"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00311.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q5QQ-PFCR-G336

Vulnerability from github – Published: 2022-04-09 00:00 – Updated: 2022-04-16 00:01
VLAI
Details

NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1283"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-08T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash).",
  "id": "GHSA-q5qq-pfcr-g336",
  "modified": "2022-04-16T00:01:26Z",
  "published": "2022-04-09T00:00:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1283"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.