Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-V5PJ-64CF-6WC9

Vulnerability from github – Published: 2022-01-15 00:00 – Updated: 2022-01-22 00:01
VLAI
Details

Modex v2.11 was discovered to contain a NULL pointer dereference in set_create_id() at xtract.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46171"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-14T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Modex v2.11 was discovered to contain a NULL pointer dereference in set_create_id() at xtract.c.",
  "id": "GHSA-v5pj-64cf-6wc9",
  "modified": "2022-01-22T00:01:44Z",
  "published": "2022-01-15T00:00:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46171"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nimble-code/Modex/issues/8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-V5R4-G8JP-RVXF

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-24 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

udf: Fix NULL pointer dereference in udf_symlink function

In function udf_symlink, epos.bh is assigned with the value returned by udf_tgetblk. The function udf_tgetblk is defined in udf/misc.c and returns the value of sb_getblk function that could be NULL. Then, epos.bh is used without any check, causing a possible NULL pointer dereference when sb_getblk fails.

This fix adds a check to validate the value of epos.bh.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47353"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:21Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix NULL pointer dereference in udf_symlink function\n\nIn function udf_symlink, epos.bh is assigned with the value returned\nby udf_tgetblk. The function udf_tgetblk is defined in udf/misc.c\nand returns the value of sb_getblk function that could be NULL.\nThen, epos.bh is used without any check, causing a possible\nNULL pointer dereference when sb_getblk fails.\n\nThis fix adds a check to validate the value of epos.bh.",
  "id": "GHSA-v5r4-g8jp-rvxf",
  "modified": "2024-12-24T18:30:49Z",
  "published": "2024-05-21T15:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47353"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/21bf1414580c36ffc8d8de043beb3508cf812238"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2f3d9ddd32a28803baa547e6274983b67d5e287c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3638705ecd5ad2785e996f820121c0ad15ce64b5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/371566f63cbd0bb6fbb25b8fe9d5798268d35af9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5150877e4d99f85057a458daac7cd7c01005d5c6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/80d505aee6398cf8beb72475c7edcf1733c1c68b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aebed6b19e51a34003d998da5ebb1dfdd2cb1d02"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/baea588a42d675e35daeaddd10fbc9700550bc4d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fa236c2b2d4436d9f19ee4e5d5924e90ffd7bb43"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V66F-JQGM-8687

Vulnerability from github – Published: 2026-03-20 09:32 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit

teql_master_xmit() calls netdev_start_xmit(skb, slave) to transmit through slave devices, but does not update skb->dev to the slave device beforehand.

When a gretap tunnel is a TEQL slave, the transmit path reaches iptunnel_xmit() which saves dev = skb->dev (still pointing to teql0 master) and later calls iptunnel_xmit_stats(dev, pkt_len). This function does:

get_cpu_ptr(dev->tstats)

Since teql_master_setup() does not set dev->pcpu_stat_type to NETDEV_PCPU_STAT_TSTATS, the core network stack never allocates tstats for teql0, so dev->tstats is NULL. get_cpu_ptr(NULL) computes NULL + __per_cpu_offset[cpu], resulting in a page fault.

BUG: unable to handle page fault for address: ffff8880e6659018 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 68bc067 P4D 68bc067 PUD 0 Oops: Oops: 0002 [#1] SMP KASAN PTI RIP: 0010:iptunnel_xmit (./include/net/ip_tunnels.h:664 net/ipv4/ip_tunnel_core.c:89) Call Trace: ip_tunnel_xmit (net/ipv4/ip_tunnel.c:847) __gre_xmit (net/ipv4/ip_gre.c:478) gre_tap_xmit (net/ipv4/ip_gre.c:779) teql_master_xmit (net/sched/sch_teql.c:319) dev_hard_start_xmit (net/core/dev.c:3887) sch_direct_xmit (net/sched/sch_generic.c:347) __dev_queue_xmit (net/core/dev.c:4802) neigh_direct_output (net/core/neighbour.c:1660) ip_finish_output2 (net/ipv4/ip_output.c:237) __ip_finish_output.part.0 (net/ipv4/ip_output.c:315) ip_mc_output (net/ipv4/ip_output.c:369) ip_send_skb (net/ipv4/ip_output.c:1508) udp_send_skb (net/ipv4/udp.c:1195) udp_sendmsg (net/ipv4/udp.c:1485) inet_sendmsg (net/ipv4/af_inet.c:859) __sys_sendto (net/socket.c:2206)

Fix this by setting skb->dev = slave before calling netdev_start_xmit(), so that tunnel xmit functions see the correct slave device with properly allocated tstats.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23277"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-20T09:16:13Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit\n\nteql_master_xmit() calls netdev_start_xmit(skb, slave) to transmit\nthrough slave devices, but does not update skb-\u003edev to the slave device\nbeforehand.\n\nWhen a gretap tunnel is a TEQL slave, the transmit path reaches\niptunnel_xmit() which saves dev = skb-\u003edev (still pointing to teql0\nmaster) and later calls iptunnel_xmit_stats(dev, pkt_len). This\nfunction does:\n\n    get_cpu_ptr(dev-\u003etstats)\n\nSince teql_master_setup() does not set dev-\u003epcpu_stat_type to\nNETDEV_PCPU_STAT_TSTATS, the core network stack never allocates tstats\nfor teql0, so dev-\u003etstats is NULL. get_cpu_ptr(NULL) computes\nNULL + __per_cpu_offset[cpu], resulting in a page fault.\n\n BUG: unable to handle page fault for address: ffff8880e6659018\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 68bc067 P4D 68bc067 PUD 0\n Oops: Oops: 0002 [#1] SMP KASAN PTI\n RIP: 0010:iptunnel_xmit (./include/net/ip_tunnels.h:664 net/ipv4/ip_tunnel_core.c:89)\n Call Trace:\n  \u003cTASK\u003e\n  ip_tunnel_xmit (net/ipv4/ip_tunnel.c:847)\n  __gre_xmit (net/ipv4/ip_gre.c:478)\n  gre_tap_xmit (net/ipv4/ip_gre.c:779)\n  teql_master_xmit (net/sched/sch_teql.c:319)\n  dev_hard_start_xmit (net/core/dev.c:3887)\n  sch_direct_xmit (net/sched/sch_generic.c:347)\n  __dev_queue_xmit (net/core/dev.c:4802)\n  neigh_direct_output (net/core/neighbour.c:1660)\n  ip_finish_output2 (net/ipv4/ip_output.c:237)\n  __ip_finish_output.part.0 (net/ipv4/ip_output.c:315)\n  ip_mc_output (net/ipv4/ip_output.c:369)\n  ip_send_skb (net/ipv4/ip_output.c:1508)\n  udp_send_skb (net/ipv4/udp.c:1195)\n  udp_sendmsg (net/ipv4/udp.c:1485)\n  inet_sendmsg (net/ipv4/af_inet.c:859)\n  __sys_sendto (net/socket.c:2206)\n\nFix this by setting skb-\u003edev = slave before calling\nnetdev_start_xmit(), so that tunnel xmit functions see the correct\nslave device with properly allocated tstats.",
  "id": "GHSA-v66f-jqgm-8687",
  "modified": "2026-07-14T15:31:40Z",
  "published": "2026-03-20T09:32:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23277"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0bad9c86edd22dec4df83c2b29872d66fd8a2ff4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0cc0c2e661af418bbf7074179ea5cfffc0a5c466"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/21ea283c2750c8307aa35ee832b0951cc993c27d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/383493b9940e3d1b5517424081b3e072e20ec43c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/57c153249143333bbf4ecf927bdf8aa2696ee397"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/59b06d8b9bdb6b64b3c534c18da68bce5ccd31be"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6b1f563d670162e188a0f2aec39c24b67b106e17"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/81a43e8005366f16e629d8c95dfe05beaa8d36a7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V683-5725-54RP

Vulnerability from github – Published: 2022-05-17 00:22 – Updated: 2022-05-17 00:22
VLAI
Details

The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-7549"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-30T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.",
  "id": "GHSA-v683-5725-54rp",
  "modified": "2022-05-17T00:22:31Z",
  "published": "2022-05-17T00:22:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7549"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291137"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201602-01"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=43b11a91dd861a946b231b89b754285"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=43b11a91dd861a946b231b89b754285"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175380.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3471"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/12/14/2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/80761"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V6GX-HF69-Q84X

Vulnerability from github – Published: 2024-07-30 09:31 – Updated: 2025-09-26 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common

In order to set the rate range of a hw sunxi_ccu_probe calls hw_to_ccu_common() assuming all entries in desc->ccu_clks are contained in a ccu_common struct. This assumption is incorrect and, in consequence, causes invalid pointer de-references.

Remove the faulty call. Instead, add one more loop that iterates over the ccu_clks and sets the rate range, if required.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42100"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-30T08:15:02Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: common: Don\u0027t call hw_to_ccu_common on hw without common\n\nIn order to set the rate range of a hw sunxi_ccu_probe calls\nhw_to_ccu_common() assuming all entries in desc-\u003eccu_clks are contained\nin a ccu_common struct. This assumption is incorrect and, in\nconsequence, causes invalid pointer de-references.\n\nRemove the faulty call. Instead, add one more loop that iterates over\nthe ccu_clks and sets the rate range, if required.",
  "id": "GHSA-v6gx-hf69-q84x",
  "modified": "2025-09-26T15:30:23Z",
  "published": "2024-07-30T09:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42100"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/14c78d69dbca6a28af14095f639ec4318ec07fdc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7a0e2738cb6da5a55c9908dff333600aeb263e07"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ea977d742507e534d9fe4f4d74256f6b7f589338"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V6MX-FMFW-P682

Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24
VLAI
Details

crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-4081"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-05-24T23:55:00Z",
    "severity": "MODERATE"
  },
  "details": "crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.",
  "id": "GHSA-v6mx-fmfw-p682",
  "modified": "2022-05-13T01:24:59Z",
  "published": "2022-05-13T01:24:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4081"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/7ed47b7d142ec99ad6880bbbec51e9f12b3af74c"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2012:0010"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2012:0350"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2011-4081"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=749475"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/10/27/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V6QX-2FM9-87CJ

Vulnerability from github – Published: 2022-05-14 03:21 – Updated: 2022-05-14 03:21
VLAI
Details

The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-10074"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-12T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval.",
  "id": "GHSA-v6qx-2fm9-87cj",
  "modified": "2022-05-14T03:21:41Z",
  "published": "2022-05-14T03:21:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10074"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/9903e41ae1f5d50c93f268ca3304d4d7c64b9311"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9903e41ae1f5d50c93f268ca3304d4d7c64b9311"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V6R4-6V6M-8669

Vulnerability from github – Published: 2024-03-04 12:31 – Updated: 2024-03-04 12:31
VLAI
Details

Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-43541"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-04T11:15:12Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render.",
  "id": "GHSA-v6r4-6v6m-8669",
  "modified": "2024-03-04T12:31:10Z",
  "published": "2024-03-04T12:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43541"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V6VP-5X68-QQFC

Vulnerability from github – Published: 2022-01-13 00:00 – Updated: 2023-05-27 06:30
VLAI
Details

A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40559"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-12T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service.",
  "id": "GHSA-v6vp-5x68-qqfc",
  "modified": "2023-05-27T06:30:37Z",
  "published": "2022-01-13T00:00:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40559"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/1886"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5411"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V6X9-7PMQ-VRF2

Vulnerability from github – Published: 2025-07-10 09:32 – Updated: 2025-11-18 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: Intel: avs: Verify content returned by parse_int_array()

The first element of the returned array stores its length. If it is 0, any manipulation beyond the element at index 0 ends with null-ptr-deref.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38307"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-10T08:15:29Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: avs: Verify content returned by parse_int_array()\n\nThe first element of the returned array stores its length. If it is 0,\nany manipulation beyond the element at index 0 ends with null-ptr-deref.",
  "id": "GHSA-v6x9-7pmq-vrf2",
  "modified": "2025-11-18T15:30:40Z",
  "published": "2025-07-10T09:32:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38307"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/18ff538aac63de1866e5a49d57e22788b5c21d12"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2916794ffbce604cc2cda105f6b8a4a7c748dd7f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/93e246b6769bdacb09cfff4ea0f00fe5ab4f0d7a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cc03c899e6d9812b25c3754c9a95c3830c4aec26"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.