Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-R2F3-MJHR-VXHR

Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2022-05-13 01:11
VLAI
Details

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14926"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-30T01:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.",
  "id": "GHSA-r2f3-mjhr-vxhr",
  "modified": "2022-05-13T01:11:15Z",
  "published": "2022-05-13T01:11:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14926"
    },
    {
      "type": "WEB",
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=102601"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R2FQ-797Q-75P5

Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09
VLAI
Details

NVIDIA Windows GPU Display Driver for Windows contains a vulnerability in the NVIDIA kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where dereferencing a NULL pointer may lead to a system crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1096"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-22T05:15:00Z",
    "severity": "MODERATE"
  },
  "details": "NVIDIA Windows GPU Display Driver for Windows contains a vulnerability in the NVIDIA kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where dereferencing a NULL pointer may lead to a system crash.",
  "id": "GHSA-r2fq-797q-75p5",
  "modified": "2022-05-24T19:09:02Z",
  "published": "2022-05-24T19:09:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1096"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-R2P2-33C5-88Q4

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2024-03-01 03:30
VLAI
Details

A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-13575"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-10T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.",
  "id": "GHSA-r2p2-33c5-88q4",
  "modified": "2024-03-01T03:30:33Z",
  "published": "2022-05-24T17:41:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13575"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JINMAJB4WQASTKTNSPQL3V7YMSYPKIA2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMTJ3SJJ22SFLBLPKFADV7NVBH7UFA23"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1186"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R2PH-R5G8-Q5VV

Vulnerability from github – Published: 2022-05-14 02:03 – Updated: 2022-05-14 02:03
VLAI
Details

In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-18205"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-27T22:29:00Z",
    "severity": "HIGH"
  },
  "details": "In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.",
  "id": "GHSA-r2ph-r5g8-q5vv",
  "modified": "2022-05-14T02:03:26Z",
  "published": "2022-05-14T02:03:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18205"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3073"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201805-10"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/zsh/code/ci/eb783754bdb74377f3cea4ceca9c23a02ea1bf58"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3593-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R2QX-GRQ5-8X3G

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-03-21 03:33
VLAI
Details

An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-12455"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-30T04:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).",
  "id": "GHSA-r2qx-grq5-8x3g",
  "modified": "2024-03-21T03:33:40Z",
  "published": "2022-05-24T16:46:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12455"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux.git/commit/?h=sunxi/clk-for-5.3\u0026id=fcdf445ff42f036d22178b49cf64e92d527c1330"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190710-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg2010240.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2010240.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R2RV-4R79-QGQH

Vulnerability from github – Published: 2025-03-12 00:31 – Updated: 2025-03-12 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux()

pdesc could be null but still dereference pdesc->name and it will lead to a null pointer access. So we move a null check before dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49618"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:37Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux()\n\npdesc could be null but still dereference pdesc-\u003ename and it will lead to\na null pointer access. So we move a null check before dereference.",
  "id": "GHSA-r2rv-4r79-qgqh",
  "modified": "2025-03-12T00:31:47Z",
  "published": "2025-03-12T00:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49618"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3cb392b64304a05bf647e2e44efacd9a1f3c3c6a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/84a85d3fef2e75b1fe9fc2af6f5267122555a1ed"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e162a24f1dd06c0dcae71f2565c9f3da2827b98e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ef1e38532f4b2f0f3b460e938a2e7076c3bed5ee"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R2VG-V698-W4GV

Vulnerability from github – Published: 2022-05-14 01:19 – Updated: 2025-04-20 03:38
VLAI
Details

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9343"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-02T05:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.",
  "id": "GHSA-r2vg-v698-w4gv",
  "modified": "2025-04-20T03:38:24Z",
  "published": "2022-05-14T01:19:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9343"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1678"
    },
    {
      "type": "WEB",
      "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13725"
    },
    {
      "type": "WEB",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=27556320b41904716b9c9f73ef8f4fe705d1e669"
    },
    {
      "type": "WEB",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=27556320b41904716b9c9f73ef8f4fe705d1e669"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2017-30.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98797"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038612"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R2XG-G23X-9JJ5

Vulnerability from github – Published: 2025-04-16 15:34 – Updated: 2025-05-06 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

idpf: fix adapter NULL pointer dereference on reboot

With SRIOV enabled, idpf ends up calling into idpf_remove() twice. First via idpf_shutdown() and then again when idpf_remove() calls into sriov_disable(), because the VF devices use the idpf driver, hence the same remove routine. When that happens, it is possible for the adapter to be NULL from the first call to idpf_remove(), leading to a NULL pointer dereference.

echo 1 > /sys/class/net//device/sriov_numvfs reboot

BUG: kernel NULL pointer dereference, address: 0000000000000020 ... RIP: 0010:idpf_remove+0x22/0x1f0 [idpf] ... ? idpf_remove+0x22/0x1f0 [idpf] ? idpf_remove+0x1e4/0x1f0 [idpf] pci_device_remove+0x3f/0xb0 device_release_driver_internal+0x19f/0x200 pci_stop_bus_device+0x6d/0x90 pci_stop_and_remove_bus_device+0x12/0x20 pci_iov_remove_virtfn+0xbe/0x120 sriov_disable+0x34/0xe0 idpf_sriov_configure+0x58/0x140 [idpf] idpf_remove+0x1b9/0x1f0 [idpf] idpf_shutdown+0x12/0x30 [idpf] pci_device_shutdown+0x35/0x60 device_shutdown+0x156/0x200 ...

Replace the direct idpf_remove() call in idpf_shutdown() with idpf_vc_core_deinit() and idpf_deinit_dflt_mbx(), which perform the bulk of the cleanup, such as stopping the init task, freeing IRQs, destroying the vports and freeing the mailbox. This avoids the calls to sriov_disable() in addition to a small netdev cleanup, and destroying workqueues, which don't seem to be required on shutdown.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-22065"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-16T15:16:00Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix adapter NULL pointer dereference on reboot\n\nWith SRIOV enabled, idpf ends up calling into idpf_remove() twice.\nFirst via idpf_shutdown() and then again when idpf_remove() calls into\nsriov_disable(), because the VF devices use the idpf driver, hence the\nsame remove routine. When that happens, it is possible for the adapter\nto be NULL from the first call to idpf_remove(), leading to a NULL\npointer dereference.\n\necho 1 \u003e /sys/class/net/\u003cnetif\u003e/device/sriov_numvfs\nreboot\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\n...\nRIP: 0010:idpf_remove+0x22/0x1f0 [idpf]\n...\n? idpf_remove+0x22/0x1f0 [idpf]\n? idpf_remove+0x1e4/0x1f0 [idpf]\npci_device_remove+0x3f/0xb0\ndevice_release_driver_internal+0x19f/0x200\npci_stop_bus_device+0x6d/0x90\npci_stop_and_remove_bus_device+0x12/0x20\npci_iov_remove_virtfn+0xbe/0x120\nsriov_disable+0x34/0xe0\nidpf_sriov_configure+0x58/0x140 [idpf]\nidpf_remove+0x1b9/0x1f0 [idpf]\nidpf_shutdown+0x12/0x30 [idpf]\npci_device_shutdown+0x35/0x60\ndevice_shutdown+0x156/0x200\n...\n\nReplace the direct idpf_remove() call in idpf_shutdown() with\nidpf_vc_core_deinit() and idpf_deinit_dflt_mbx(), which perform\nthe bulk of the cleanup, such as stopping the init task, freeing IRQs,\ndestroying the vports and freeing the mailbox. This avoids the calls to\nsriov_disable() in addition to a small netdev cleanup, and destroying\nworkqueues, which don\u0027t seem to be required on shutdown.",
  "id": "GHSA-r2xg-g23x-9jj5",
  "modified": "2025-05-06T18:30:36Z",
  "published": "2025-04-16T15:34:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22065"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4c9106f4906a85f6b13542d862e423bcdc118cc3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/79618e952ef4dfa1a17ee0631d5549603fab58d8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/88a6d562e92a295648f8636acf2a6aa714241771"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9fc9b3dc0d0c189ed205acf1e5fbd73e0becc4d6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R32P-GH6M-33HQ

Vulnerability from github – Published: 2024-04-02 09:30 – Updated: 2024-11-07 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'

Fixes the below:

drivers/gpu/drm/amd/amdgpu/amdgpu_mca.c:377 amdgpu_mca_smu_get_mca_entry() warn: variable dereferenced before check 'mca_funcs' (see line 368)

357 int amdgpu_mca_smu_get_mca_entry(struct amdgpu_device adev, enum amdgpu_mca_error_type type, 358 int idx, struct mca_bank_entry entry) 359 { 360 const struct amdgpu_mca_smu_funcs *mca_funcs = adev->mca.mca_funcs; 361 int count; 362 363 switch (type) { 364 case AMDGPU_MCA_ERROR_TYPE_UE: 365 count = mca_funcs->max_ue_count;

mca_funcs is dereferenced here.

366 break; 367 case AMDGPU_MCA_ERROR_TYPE_CE: 368 count = mca_funcs->max_ce_count;

mca_funcs is dereferenced here.

369 break; 370 default: 371 return -EINVAL; 372 } 373 374 if (idx >= count) 375 return -EINVAL; 376 377 if (mca_funcs && mca_funcs->mca_get_mca_entry) ^^^^^^^^^

Checked too late!

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26672"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-02T07:15:43Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix variable \u0027mca_funcs\u0027 dereferenced before NULL check in \u0027amdgpu_mca_smu_get_mca_entry()\u0027\n\nFixes the below:\n\ndrivers/gpu/drm/amd/amdgpu/amdgpu_mca.c:377 amdgpu_mca_smu_get_mca_entry() warn: variable dereferenced before check \u0027mca_funcs\u0027 (see line 368)\n\n357 int amdgpu_mca_smu_get_mca_entry(struct amdgpu_device *adev,\n\t\t\t\t     enum amdgpu_mca_error_type type,\n358                                  int idx, struct mca_bank_entry *entry)\n359 {\n360         const struct amdgpu_mca_smu_funcs *mca_funcs =\n\t\t\t\t\t\tadev-\u003emca.mca_funcs;\n361         int count;\n362\n363         switch (type) {\n364         case AMDGPU_MCA_ERROR_TYPE_UE:\n365                 count = mca_funcs-\u003emax_ue_count;\n\nmca_funcs is dereferenced here.\n\n366                 break;\n367         case AMDGPU_MCA_ERROR_TYPE_CE:\n368                 count = mca_funcs-\u003emax_ce_count;\n\nmca_funcs is dereferenced here.\n\n369                 break;\n370         default:\n371                 return -EINVAL;\n372         }\n373\n374         if (idx \u003e= count)\n375                 return -EINVAL;\n376\n377         if (mca_funcs \u0026\u0026 mca_funcs-\u003emca_get_mca_entry)\n\t        ^^^^^^^^^\n\nChecked too late!",
  "id": "GHSA-r32p-gh6m-33hq",
  "modified": "2024-11-07T21:31:37Z",
  "published": "2024-04-02T09:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26672"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4f32504a2f85a7b40fe149436881381f48e9c0c0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7b5d58c07024516c0e81b95e98f37710cf402c53"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R33J-VF7V-CQ2V

Vulnerability from github – Published: 2025-03-17 18:31 – Updated: 2025-03-17 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: phy: micrel: Allow probing without .driver_data

Currently, if the .probe element is present in the phy_driver structure and the .driver_data is not, a NULL pointer dereference happens.

Allow passing .probe without .driver_data by inserting NULL checks for priv->type.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49472"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:23Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: micrel: Allow probing without .driver_data\n\nCurrently, if the .probe element is present in the phy_driver structure\nand the .driver_data is not, a NULL pointer dereference happens.\n\nAllow passing .probe without .driver_data by inserting NULL checks\nfor priv-\u003etype.",
  "id": "GHSA-r33j-vf7v-cq2v",
  "modified": "2025-03-17T18:31:50Z",
  "published": "2025-03-17T18:31:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49472"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/143878e18001c5a61fcc7ae5c5240323753bb641"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1e5fbfc2a6f384e3195446c14bbd3bc298eb88c2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/660dfa033ccc9afb032015b6dc76e846bba42cfb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7dcb404662839a4ed1a9703658fee979eb894ca4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/91e720b32cba25fa58eaa4c88fe957009cffe9f3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/abb5594ae2ba7b82cce85917cc6337ec5d774837"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bd219273b4e004a3f853da72e111fc8f81357501"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f2ef6f7539c68c6bd6c32323d8845ee102b7c450"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.