CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-VFH7-C9R4-5V6G
Vulnerability from github – Published: 2022-05-13 01:15 – Updated: 2024-10-17 21:31win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
{
"affected": [],
"aliases": [
"CVE-2011-1231"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-04-13T20:26:00Z",
"severity": "HIGH"
},
"details": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other \"Vulnerability Type 2\" CVEs listed in MS11-034, aka \"Win32k Null Pointer De-reference Vulnerability.\"",
"id": "GHSA-vfh7-c9r4-5v6g",
"modified": "2024-10-17T21:31:28Z",
"published": "2022-05-13T01:15:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1231"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66413"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12036"
},
{
"type": "WEB",
"url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx"
},
{
"type": "WEB",
"url": "http://osvdb.org/71737"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44156"
},
{
"type": "WEB",
"url": "http://support.avaya.com/css/P8/documents/100133352"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/47231"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1025345"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0952"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VFPQ-9G5Q-WQWP
Vulnerability from github – Published: 2022-05-14 01:16 – Updated: 2025-04-12 13:00The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
{
"affected": [],
"aliases": [
"CVE-2016-1813"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-05-20T10:59:00Z",
"severity": "HIGH"
},
"details": "The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.",
"id": "GHSA-vfpq-9g5q-wqwp",
"modified": "2025-04-12T13:00:11Z",
"published": "2022-05-14T01:16:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1813"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=778"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206564"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206566"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206567"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206568"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/39924"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/May/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/May/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/137400/OS-X-IOAccelSharedUserClient2-page_off_resource-NULL-Pointer-Dereference.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/90694"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1035890"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VFRV-G5J6-MGMV
Vulnerability from github – Published: 2025-03-10 21:31 – Updated: 2025-03-11 21:30there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-56188"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-10T19:15:39Z",
"severity": "MODERATE"
},
"details": "there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-vfrv-g5j6-mgmv",
"modified": "2025-03-11T21:30:34Z",
"published": "2025-03-10T21:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56188"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2025-03-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VFVP-R4J5-4Q92
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-25 21:31In the Linux kernel, the following vulnerability has been resolved:
net: caif: clear client service pointer on teardown
caif_connect() can tear down an existing client after remote shutdown by
calling caif_disconnect_client() followed by caif_free_client().
caif_free_client() releases the service layer referenced by
adap_layer->dn, but leaves that pointer stale.
When the socket is later destroyed, caif_sock_destructor() calls
caif_free_client() again and dereferences the freed service pointer.
Clear the client/service links before releasing the service object so repeated teardown becomes harmless.
{
"affected": [],
"aliases": [
"CVE-2026-46098"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:31Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: caif: clear client service pointer on teardown\n\n`caif_connect()` can tear down an existing client after remote shutdown by\ncalling `caif_disconnect_client()` followed by `caif_free_client()`.\n`caif_free_client()` releases the service layer referenced by\n`adap_layer-\u003edn`, but leaves that pointer stale.\n\nWhen the socket is later destroyed, `caif_sock_destructor()` calls\n`caif_free_client()` again and dereferences the freed service pointer.\n\nClear the client/service links before releasing the service object so\nrepeated teardown becomes harmless.",
"id": "GHSA-vfvp-r4j5-4q92",
"modified": "2026-06-25T21:31:21Z",
"published": "2026-05-27T15:33:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46098"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3ac6db584d9d420267bb8413115707eeec76d9cf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/63d21a3aa0108b9dde4e99b0d3d5d679ac68c0f9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7ef97d4675b05a103648bd9244d91dff7d8c08b0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/914c6456fcfc21a3d553945dff62fd1621d6155d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a4b191ddc12c55ddb62feb096536f819f384d6f1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cffca7a18b8f9de7c3d3013a1f5740c412b2a501"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e16859f3f4426fa349bc5519d582a93d28f5a15d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7cf8ece8cee3c1ee361991470cdb1eb65ab02e8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VFXW-CVP7-XXV4
Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-11-11 18:30Null pointer dereference for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
{
"affected": [],
"aliases": [
"CVE-2025-26694"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-11T17:15:44Z",
"severity": "MODERATE"
},
"details": "Null pointer dereference for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.",
"id": "GHSA-vfxw-cvp7-xxv4",
"modified": "2025-11-11T18:30:18Z",
"published": "2025-11-11T18:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26694"
},
{
"type": "WEB",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01373.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VG4C-4XC2-V43H
Vulnerability from github – Published: 2022-05-02 03:41 – Updated: 2025-04-09 04:13The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
{
"affected": [],
"aliases": [
"CVE-2009-3094"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-09-08T18:30:00Z",
"severity": "LOW"
},
"details": "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.",
"id": "GHSA-vg4c-4xc2-v43h",
"modified": "2025-04-09T04:13:58Z",
"published": "2022-05-02T03:41:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10981"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8087"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=126998684522511\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=133355494609819\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36549"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/37152"
},
{
"type": "WEB",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2009/dsa-1934"
},
{
"type": "WEB",
"url": "http://www.intevydis.com/blog/?p=59"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/0609"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VG4C-J58P-8F66
Vulnerability from github – Published: 2025-04-08 18:34 – Updated: 2025-04-08 18:34Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
{
"affected": [],
"aliases": [
"CVE-2025-30671"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T17:15:38Z",
"severity": "MODERATE"
},
"details": "Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.",
"id": "GHSA-vg4c-j58p-8f66",
"modified": "2025-04-08T18:34:43Z",
"published": "2025-04-08T18:34:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30671"
},
{
"type": "WEB",
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25015"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VG8W-8F3P-9P3C
Vulnerability from github – Published: 2026-06-24 09:30 – Updated: 2026-07-08 15:31In the Linux kernel, the following vulnerability has been resolved:
vrf: Fix a potential NPD when removing a port from a VRF
RCU readers that identified a net device as a VRF port using netif_is_l3_slave() assume that a subsequent call to netdev_master_upper_dev_get_rcu() will return a VRF device. They then continue to dereference its l3mdev operations.
This assumption is not always correct and can result in a NPD [1]. There is no RCU synchronization when removing a port from a VRF, so it is possible for an RCU reader to see a new master device (e.g., a bridge) that does not have l3mdev operations.
Fix by adding RCU synchronization after clearing the IFF_L3MDEV_SLAVE flag. Skip this synchronization when a net device is removed from a VRF as part of its deletion and when the VRF device itself is deleted. In the latter case an RCU grace period will pass by the time RTNL is released.
[1] BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] RIP: 0010:l3mdev_fib_table_rcu (net/l3mdev/l3mdev.c:181) [...] Call Trace: l3mdev_fib_table_by_index (net/l3mdev/l3mdev.c:201 net/l3mdev/l3mdev.c:189) __inet_bind (net/ipv4/af_inet.c:499 (discriminator 3)) inet_bind_sk (net/ipv4/af_inet.c:469) __sys_bind (./include/linux/file.h:62 (discriminator 1) ./include/linux/file.h:83 (discriminator 1) net/socket.c:1951 (discriminator 1)) __x64_sys_bind (net/socket.c:1969 (discriminator 1) net/socket.c:1967 (discriminator 1) net/socket.c:1967 (discriminator 1)) do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
{
"affected": [],
"aliases": [
"CVE-2026-52925"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-24T08:16:22Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: Fix a potential NPD when removing a port from a VRF\n\nRCU readers that identified a net device as a VRF port using\nnetif_is_l3_slave() assume that a subsequent call to\nnetdev_master_upper_dev_get_rcu() will return a VRF device. They then\ncontinue to dereference its l3mdev operations.\n\nThis assumption is not always correct and can result in a NPD [1]. There\nis no RCU synchronization when removing a port from a VRF, so it is\npossible for an RCU reader to see a new master device (e.g., a bridge)\nthat does not have l3mdev operations.\n\nFix by adding RCU synchronization after clearing the IFF_L3MDEV_SLAVE\nflag. Skip this synchronization when a net device is removed from a VRF\nas part of its deletion and when the VRF device itself is deleted. In\nthe latter case an RCU grace period will pass by the time RTNL is\nreleased.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nRIP: 0010:l3mdev_fib_table_rcu (net/l3mdev/l3mdev.c:181)\n[...]\nCall Trace:\n\u003cTASK\u003e\nl3mdev_fib_table_by_index (net/l3mdev/l3mdev.c:201 net/l3mdev/l3mdev.c:189)\n__inet_bind (net/ipv4/af_inet.c:499 (discriminator 3))\ninet_bind_sk (net/ipv4/af_inet.c:469)\n__sys_bind (./include/linux/file.h:62 (discriminator 1) ./include/linux/file.h:83 (discriminator 1) net/socket.c:1951 (discriminator 1))\n__x64_sys_bind (net/socket.c:1969 (discriminator 1) net/socket.c:1967 (discriminator 1) net/socket.c:1967 (discriminator 1))\ndo_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)",
"id": "GHSA-vg8w-8f3p-9p3c",
"modified": "2026-07-08T15:31:44Z",
"published": "2026-06-24T09:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52925"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2674d603a9e6970463b2b9ebcf8e31e90beae169"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2c022f582fd16a470df6ed9e7fb7e9fc48946d49"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3db8d078f7f652379ee394132b169d304f6eb4c1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/468defa0b70902a22f4478c1207624bc1b31c124"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4ab6fc60ed5a0344b60711b09bff1dc238d8d6a4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8c2b792f04a3db97c9d8d2a45817e93f8884baf5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7a97f2303e63ede105c1d55ef53dc497364e11d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d47204c127992da0c976ac9747070a575912e0fe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VG8W-F22R-5P2C
Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2025-04-12 12:59The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.
{
"affected": [],
"aliases": [
"CVE-2016-2782"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-04-27T17:59:00Z",
"severity": "MODERATE"
},
"details": "The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.",
"id": "GHSA-vg8w-f22r-5p2c",
"modified": "2025-04-12T12:59:17Z",
"published": "2022-05-13T01:04:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2782"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/cac9b50b0d75a1d50d6c056ff65c005f3224c8e0"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1312670"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/39539"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/02/28/9"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2929-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2929-2"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2930-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2930-2"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2930-3"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2932-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2948-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2948-2"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2967-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2967-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VGC6-QRRC-44JV
Vulnerability from github – Published: 2022-05-02 06:19 – Updated: 2025-04-11 03:33The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 and earlier allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a NULL nameidata (aka nd) field in a POSIX file-creation request to a server that supports UNIX extensions.
{
"affected": [],
"aliases": [
"CVE-2010-1148"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-04-12T17:30:00Z",
"severity": "MODERATE"
},
"details": "The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 and earlier allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a NULL nameidata (aka nd) field in a POSIX file-creation request to a server that supports UNIX extensions.",
"id": "GHSA-vgc6-qrrc-44jv",
"modified": "2025-04-11T03:33:41Z",
"published": "2022-05-02T06:19:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1148"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=579445"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57561"
},
{
"type": "WEB",
"url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005741.html"
},
{
"type": "WEB",
"url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005742.html"
},
{
"type": "WEB",
"url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005746.html"
},
{
"type": "WEB",
"url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005757.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=oss-security\u0026m=127045754521927\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=oss-security\u0026m=127045779122119\u0026w=2"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2010/04/06/2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/39344"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/39186"
},
{
"type": "WEB",
"url": "http://xorl.wordpress.com/2010/04/05/linux-kernel-unix-extensions-cifs-null-pointer-dereference"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.