CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-V5PJ-64CF-6WC9
Vulnerability from github – Published: 2022-01-15 00:00 – Updated: 2022-01-22 00:01Modex v2.11 was discovered to contain a NULL pointer dereference in set_create_id() at xtract.c.
{
"affected": [],
"aliases": [
"CVE-2021-46171"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-14T21:15:00Z",
"severity": "MODERATE"
},
"details": "Modex v2.11 was discovered to contain a NULL pointer dereference in set_create_id() at xtract.c.",
"id": "GHSA-v5pj-64cf-6wc9",
"modified": "2022-01-22T00:01:44Z",
"published": "2022-01-15T00:00:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46171"
},
{
"type": "WEB",
"url": "https://github.com/nimble-code/Modex/issues/8"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-V5R4-G8JP-RVXF
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-24 18:30In the Linux kernel, the following vulnerability has been resolved:
udf: Fix NULL pointer dereference in udf_symlink function
In function udf_symlink, epos.bh is assigned with the value returned by udf_tgetblk. The function udf_tgetblk is defined in udf/misc.c and returns the value of sb_getblk function that could be NULL. Then, epos.bh is used without any check, causing a possible NULL pointer dereference when sb_getblk fails.
This fix adds a check to validate the value of epos.bh.
{
"affected": [],
"aliases": [
"CVE-2021-47353"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:21Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix NULL pointer dereference in udf_symlink function\n\nIn function udf_symlink, epos.bh is assigned with the value returned\nby udf_tgetblk. The function udf_tgetblk is defined in udf/misc.c\nand returns the value of sb_getblk function that could be NULL.\nThen, epos.bh is used without any check, causing a possible\nNULL pointer dereference when sb_getblk fails.\n\nThis fix adds a check to validate the value of epos.bh.",
"id": "GHSA-v5r4-g8jp-rvxf",
"modified": "2024-12-24T18:30:49Z",
"published": "2024-05-21T15:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47353"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/21bf1414580c36ffc8d8de043beb3508cf812238"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2f3d9ddd32a28803baa547e6274983b67d5e287c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3638705ecd5ad2785e996f820121c0ad15ce64b5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/371566f63cbd0bb6fbb25b8fe9d5798268d35af9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5150877e4d99f85057a458daac7cd7c01005d5c6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/80d505aee6398cf8beb72475c7edcf1733c1c68b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aebed6b19e51a34003d998da5ebb1dfdd2cb1d02"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/baea588a42d675e35daeaddd10fbc9700550bc4d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fa236c2b2d4436d9f19ee4e5d5924e90ffd7bb43"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V66F-JQGM-8687
Vulnerability from github – Published: 2026-03-20 09:32 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit
teql_master_xmit() calls netdev_start_xmit(skb, slave) to transmit through slave devices, but does not update skb->dev to the slave device beforehand.
When a gretap tunnel is a TEQL slave, the transmit path reaches iptunnel_xmit() which saves dev = skb->dev (still pointing to teql0 master) and later calls iptunnel_xmit_stats(dev, pkt_len). This function does:
get_cpu_ptr(dev->tstats)
Since teql_master_setup() does not set dev->pcpu_stat_type to NETDEV_PCPU_STAT_TSTATS, the core network stack never allocates tstats for teql0, so dev->tstats is NULL. get_cpu_ptr(NULL) computes NULL + __per_cpu_offset[cpu], resulting in a page fault.
BUG: unable to handle page fault for address: ffff8880e6659018 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 68bc067 P4D 68bc067 PUD 0 Oops: Oops: 0002 [#1] SMP KASAN PTI RIP: 0010:iptunnel_xmit (./include/net/ip_tunnels.h:664 net/ipv4/ip_tunnel_core.c:89) Call Trace: ip_tunnel_xmit (net/ipv4/ip_tunnel.c:847) __gre_xmit (net/ipv4/ip_gre.c:478) gre_tap_xmit (net/ipv4/ip_gre.c:779) teql_master_xmit (net/sched/sch_teql.c:319) dev_hard_start_xmit (net/core/dev.c:3887) sch_direct_xmit (net/sched/sch_generic.c:347) __dev_queue_xmit (net/core/dev.c:4802) neigh_direct_output (net/core/neighbour.c:1660) ip_finish_output2 (net/ipv4/ip_output.c:237) __ip_finish_output.part.0 (net/ipv4/ip_output.c:315) ip_mc_output (net/ipv4/ip_output.c:369) ip_send_skb (net/ipv4/ip_output.c:1508) udp_send_skb (net/ipv4/udp.c:1195) udp_sendmsg (net/ipv4/udp.c:1485) inet_sendmsg (net/ipv4/af_inet.c:859) __sys_sendto (net/socket.c:2206)
Fix this by setting skb->dev = slave before calling netdev_start_xmit(), so that tunnel xmit functions see the correct slave device with properly allocated tstats.
{
"affected": [],
"aliases": [
"CVE-2026-23277"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-20T09:16:13Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit\n\nteql_master_xmit() calls netdev_start_xmit(skb, slave) to transmit\nthrough slave devices, but does not update skb-\u003edev to the slave device\nbeforehand.\n\nWhen a gretap tunnel is a TEQL slave, the transmit path reaches\niptunnel_xmit() which saves dev = skb-\u003edev (still pointing to teql0\nmaster) and later calls iptunnel_xmit_stats(dev, pkt_len). This\nfunction does:\n\n get_cpu_ptr(dev-\u003etstats)\n\nSince teql_master_setup() does not set dev-\u003epcpu_stat_type to\nNETDEV_PCPU_STAT_TSTATS, the core network stack never allocates tstats\nfor teql0, so dev-\u003etstats is NULL. get_cpu_ptr(NULL) computes\nNULL + __per_cpu_offset[cpu], resulting in a page fault.\n\n BUG: unable to handle page fault for address: ffff8880e6659018\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 68bc067 P4D 68bc067 PUD 0\n Oops: Oops: 0002 [#1] SMP KASAN PTI\n RIP: 0010:iptunnel_xmit (./include/net/ip_tunnels.h:664 net/ipv4/ip_tunnel_core.c:89)\n Call Trace:\n \u003cTASK\u003e\n ip_tunnel_xmit (net/ipv4/ip_tunnel.c:847)\n __gre_xmit (net/ipv4/ip_gre.c:478)\n gre_tap_xmit (net/ipv4/ip_gre.c:779)\n teql_master_xmit (net/sched/sch_teql.c:319)\n dev_hard_start_xmit (net/core/dev.c:3887)\n sch_direct_xmit (net/sched/sch_generic.c:347)\n __dev_queue_xmit (net/core/dev.c:4802)\n neigh_direct_output (net/core/neighbour.c:1660)\n ip_finish_output2 (net/ipv4/ip_output.c:237)\n __ip_finish_output.part.0 (net/ipv4/ip_output.c:315)\n ip_mc_output (net/ipv4/ip_output.c:369)\n ip_send_skb (net/ipv4/ip_output.c:1508)\n udp_send_skb (net/ipv4/udp.c:1195)\n udp_sendmsg (net/ipv4/udp.c:1485)\n inet_sendmsg (net/ipv4/af_inet.c:859)\n __sys_sendto (net/socket.c:2206)\n\nFix this by setting skb-\u003edev = slave before calling\nnetdev_start_xmit(), so that tunnel xmit functions see the correct\nslave device with properly allocated tstats.",
"id": "GHSA-v66f-jqgm-8687",
"modified": "2026-07-14T15:31:40Z",
"published": "2026-03-20T09:32:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23277"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0bad9c86edd22dec4df83c2b29872d66fd8a2ff4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0cc0c2e661af418bbf7074179ea5cfffc0a5c466"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/21ea283c2750c8307aa35ee832b0951cc993c27d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/383493b9940e3d1b5517424081b3e072e20ec43c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/57c153249143333bbf4ecf927bdf8aa2696ee397"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/59b06d8b9bdb6b64b3c534c18da68bce5ccd31be"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6b1f563d670162e188a0f2aec39c24b67b106e17"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/81a43e8005366f16e629d8c95dfe05beaa8d36a7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V683-5725-54RP
Vulnerability from github – Published: 2022-05-17 00:22 – Updated: 2022-05-17 00:22The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.
{
"affected": [],
"aliases": [
"CVE-2015-7549"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-30T14:29:00Z",
"severity": "MODERATE"
},
"details": "The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.",
"id": "GHSA-v683-5725-54rp",
"modified": "2022-05-17T00:22:31Z",
"published": "2022-05-17T00:22:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7549"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291137"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=43b11a91dd861a946b231b89b754285"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=43b11a91dd861a946b231b89b754285"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175380.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/80761"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V6GX-HF69-Q84X
Vulnerability from github – Published: 2024-07-30 09:31 – Updated: 2025-09-26 15:30In the Linux kernel, the following vulnerability has been resolved:
clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common
In order to set the rate range of a hw sunxi_ccu_probe calls hw_to_ccu_common() assuming all entries in desc->ccu_clks are contained in a ccu_common struct. This assumption is incorrect and, in consequence, causes invalid pointer de-references.
Remove the faulty call. Instead, add one more loop that iterates over the ccu_clks and sets the rate range, if required.
{
"affected": [],
"aliases": [
"CVE-2024-42100"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-30T08:15:02Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: common: Don\u0027t call hw_to_ccu_common on hw without common\n\nIn order to set the rate range of a hw sunxi_ccu_probe calls\nhw_to_ccu_common() assuming all entries in desc-\u003eccu_clks are contained\nin a ccu_common struct. This assumption is incorrect and, in\nconsequence, causes invalid pointer de-references.\n\nRemove the faulty call. Instead, add one more loop that iterates over\nthe ccu_clks and sets the rate range, if required.",
"id": "GHSA-v6gx-hf69-q84x",
"modified": "2025-09-26T15:30:23Z",
"published": "2024-07-30T09:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42100"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/14c78d69dbca6a28af14095f639ec4318ec07fdc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7a0e2738cb6da5a55c9908dff333600aeb263e07"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ea977d742507e534d9fe4f4d74256f6b7f589338"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V6MX-FMFW-P682
Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.
{
"affected": [],
"aliases": [
"CVE-2011-4081"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-05-24T23:55:00Z",
"severity": "MODERATE"
},
"details": "crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.",
"id": "GHSA-v6mx-fmfw-p682",
"modified": "2022-05-13T01:24:59Z",
"published": "2022-05-13T01:24:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4081"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/7ed47b7d142ec99ad6880bbbec51e9f12b3af74c"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2012:0010"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2012:0350"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2011-4081"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=749475"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/10/27/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V6QX-2FM9-87CJ
Vulnerability from github – Published: 2022-05-14 03:21 – Updated: 2022-05-14 03:21The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval.
{
"affected": [],
"aliases": [
"CVE-2018-10074"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-12T18:29:00Z",
"severity": "MODERATE"
},
"details": "The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval.",
"id": "GHSA-v6qx-2fm9-87cj",
"modified": "2022-05-14T03:21:41Z",
"published": "2022-05-14T03:21:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10074"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/9903e41ae1f5d50c93f268ca3304d4d7c64b9311"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9903e41ae1f5d50c93f268ca3304d4d7c64b9311"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V6R4-6V6M-8669
Vulnerability from github – Published: 2024-03-04 12:31 – Updated: 2024-03-04 12:31Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render.
{
"affected": [],
"aliases": [
"CVE-2023-43541"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-04T11:15:12Z",
"severity": "HIGH"
},
"details": "Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render.",
"id": "GHSA-v6r4-6v6m-8669",
"modified": "2024-03-04T12:31:10Z",
"published": "2024-03-04T12:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43541"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V6VP-5X68-QQFC
Vulnerability from github – Published: 2022-01-13 00:00 – Updated: 2023-05-27 06:30A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service.
{
"affected": [],
"aliases": [
"CVE-2021-40559"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-12T21:15:00Z",
"severity": "MODERATE"
},
"details": "A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service.",
"id": "GHSA-v6vp-5x68-qqfc",
"modified": "2023-05-27T06:30:37Z",
"published": "2022-01-13T00:00:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40559"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1886"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5411"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V6X9-7PMQ-VRF2
Vulnerability from github – Published: 2025-07-10 09:32 – Updated: 2025-11-18 15:30In the Linux kernel, the following vulnerability has been resolved:
ASoC: Intel: avs: Verify content returned by parse_int_array()
The first element of the returned array stores its length. If it is 0, any manipulation beyond the element at index 0 ends with null-ptr-deref.
{
"affected": [],
"aliases": [
"CVE-2025-38307"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-10T08:15:29Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: avs: Verify content returned by parse_int_array()\n\nThe first element of the returned array stores its length. If it is 0,\nany manipulation beyond the element at index 0 ends with null-ptr-deref.",
"id": "GHSA-v6x9-7pmq-vrf2",
"modified": "2025-11-18T15:30:40Z",
"published": "2025-07-10T09:32:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38307"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/18ff538aac63de1866e5a49d57e22788b5c21d12"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2916794ffbce604cc2cda105f6b8a4a7c748dd7f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/93e246b6769bdacb09cfff4ea0f00fe5ab4f0d7a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cc03c899e6d9812b25c3754c9a95c3830c4aec26"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.