CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-VGGP-P864-PH99
Vulnerability from github – Published: 2024-03-27 06:30 – Updated: 2025-11-04 21:31LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem.
{
"affected": [],
"aliases": [
"CVE-2023-46049"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-27T06:15:10Z",
"severity": "MODERATE"
},
"details": "LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem.",
"id": "GHSA-vggp-p864-ph99",
"modified": "2025-11-04T21:31:23Z",
"published": "2024-03-27T06:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46049"
},
{
"type": "WEB",
"url": "https://github.com/llvm/llvm-project/issues/67388"
},
{
"type": "WEB",
"url": "https://llvm.org/docs/Security.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/176820/llvm-LLVM-15-Null-Pointer.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jan/66"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VGJQ-43QM-8F24
Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 21:30In log service, there is a missing permission check. This could lead to local denial of service in log service.
{
"affected": [],
"aliases": [
"CVE-2022-47360"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-12T04:15:00Z",
"severity": "MODERATE"
},
"details": "In log service, there is a missing permission check. This could lead to local denial of service in log service.",
"id": "GHSA-vgjq-43qm-8f24",
"modified": "2023-02-21T21:30:19Z",
"published": "2023-02-12T06:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47360"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1621031430231134210"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VGPC-PFPM-223H
Vulnerability from github – Published: 2022-05-14 02:19 – Updated: 2022-05-14 02:19Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
{
"affected": [],
"aliases": [
"CVE-2018-2912"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-17T01:31:00Z",
"severity": "HIGH"
},
"details": "Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"id": "GHSA-vgpc-pfpm-223h",
"modified": "2022-05-14T02:19:19Z",
"published": "2022-05-14T02:19:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-2912"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2018-31"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105651"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VGQP-GGFV-3XF6
Vulnerability from github – Published: 2026-06-01 21:30 – Updated: 2026-06-29 21:31A NULL pointer dereference in the ext4_dir_en_get_name_len function in include/ext4_dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the directory entry pointer before accessing the name_len field, resulting in a segmentation fault. This affects versions based on (or equivalent to) the 2016-era codebase (1.0.0).
{
"affected": [],
"aliases": [
"CVE-2025-70099"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T21:16:24Z",
"severity": "HIGH"
},
"details": "A NULL pointer dereference in the ext4_dir_en_get_name_len function in include/ext4_dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the directory entry pointer before accessing the name_len field, resulting in a segmentation fault. This affects versions based on (or equivalent to) the 2016-era codebase (1.0.0).",
"id": "GHSA-vgqp-ggfv-3xf6",
"modified": "2026-06-29T21:31:55Z",
"published": "2026-06-01T21:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70099"
},
{
"type": "WEB",
"url": "https://github.com/gkostka/lwext4/issues/89"
},
{
"type": "WEB",
"url": "https://github.com/sigdevel/pocs/blob/main/res/lwext4/1/sig11_2_1_lwext4_ext4_dir_h_126"
},
{
"type": "WEB",
"url": "https://infosec.exchange/@sigdevel/116668939725424227"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/06/29/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VGRC-X22Q-WC53
Vulnerability from github – Published: 2026-06-24 09:30 – Updated: 2026-07-08 21:30In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix NULL pointer dereference in bpf_sk_storage_clone and diag paths
bpf_selem_unlink_nofail() sets SDATA(selem)->smap to NULL before removing the selem from the storage hlist. A concurrent RCU reader in bpf_sk_storage_clone() can observe the selem still on the list with smap already NULL, causing a NULL pointer dereference.
general protection fault, probably for non-canonical address 0xdffffc000000000a: KASAN: null-ptr-deref in range [0x0000000000000050-0x0000000000000057] RIP: 0010:bpf_sk_storage_clone+0x1cd/0xaa0 net/core/bpf_sk_storage.c:174 Call Trace: sk_clone+0xfed/0x1980 net/core/sock.c:2591 inet_csk_clone_lock+0x30/0x760 net/ipv4/inet_connection_sock.c:1222 tcp_create_openreq_child+0x35/0x2680 net/ipv4/tcp_minisocks.c:571 tcp_v4_syn_recv_sock+0x123/0xf90 net/ipv4/tcp_ipv4.c:1729 tcp_check_req+0x8e1/0x2580 include/net/tcp.h:855 tcp_v4_rcv+0x1845/0x3b80 net/ipv4/tcp_ipv4.c:2347
Add a NULL check for smap in bpf_sk_storage_clone().
bpf_sk_storage_diag_put_all() has the same issue. Add a NULL check and pass the validated smap directly to diag_get(), which is refactored to take smap as a parameter instead of reading it internally.
bpf_sk_storage_diag_put() uses diag->maps[i] which is always valid under its refcount, so diag->maps[i] is passed directly to diag_get().
{
"affected": [],
"aliases": [
"CVE-2026-52938"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-24T08:16:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix NULL pointer dereference in bpf_sk_storage_clone and diag paths\n\nbpf_selem_unlink_nofail() sets SDATA(selem)-\u003esmap to NULL before\nremoving the selem from the storage hlist. A concurrent RCU reader in\nbpf_sk_storage_clone() can observe the selem still on the list with\nsmap already NULL, causing a NULL pointer dereference.\n\n general protection fault, probably for non-canonical address 0xdffffc000000000a:\n KASAN: null-ptr-deref in range [0x0000000000000050-0x0000000000000057]\n RIP: 0010:bpf_sk_storage_clone+0x1cd/0xaa0 net/core/bpf_sk_storage.c:174\n Call Trace:\n \u003cIRQ\u003e\n sk_clone+0xfed/0x1980 net/core/sock.c:2591\n inet_csk_clone_lock+0x30/0x760 net/ipv4/inet_connection_sock.c:1222\n tcp_create_openreq_child+0x35/0x2680 net/ipv4/tcp_minisocks.c:571\n tcp_v4_syn_recv_sock+0x123/0xf90 net/ipv4/tcp_ipv4.c:1729\n tcp_check_req+0x8e1/0x2580 include/net/tcp.h:855\n tcp_v4_rcv+0x1845/0x3b80 net/ipv4/tcp_ipv4.c:2347\n\nAdd a NULL check for smap in bpf_sk_storage_clone().\n\nbpf_sk_storage_diag_put_all() has the same issue. Add a NULL check\nand pass the validated smap directly to diag_get(), which is refactored\nto take smap as a parameter instead of reading it internally.\n\nbpf_sk_storage_diag_put() uses diag-\u003emaps[i] which is always valid\nunder its refcount, so diag-\u003emaps[i] is passed directly to diag_get().",
"id": "GHSA-vgrc-x22q-wc53",
"modified": "2026-07-08T21:30:22Z",
"published": "2026-06-24T09:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52938"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/16af24fea29c209dea53595c99f6da9398548e1b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/375e4e33c18dfa05c5dfd5f3dfffeb29343dd4c7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VH24-HCWV-P2H7
Vulnerability from github – Published: 2022-05-14 01:16 – Updated: 2022-05-14 01:16IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
{
"affected": [],
"aliases": [
"CVE-2016-1814"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-05-20T10:59:00Z",
"severity": "MODERATE"
},
"details": "IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.",
"id": "GHSA-vh24-hcwv-p2h7",
"modified": "2022-05-14T01:16:00Z",
"published": "2022-05-14T01:16:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1814"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206564"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206567"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206568"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/May/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/90696"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1035890"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VH2F-HF8G-78J4
Vulnerability from github – Published: 2025-05-06 09:31 – Updated: 2025-05-06 09:31Null pointer dereference vulnerability in the USB HDI driver module Impact: Successful exploitation of this vulnerability may affect availability.
{
"affected": [],
"aliases": [
"CVE-2025-46592"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-06T08:15:17Z",
"severity": "MODERATE"
},
"details": "Null pointer dereference vulnerability in the USB HDI driver module\nImpact: Successful exploitation of this vulnerability may affect availability.",
"id": "GHSA-vh2f-hf8g-78j4",
"modified": "2025-05-06T09:31:32Z",
"published": "2025-05-06T09:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46592"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2025/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-VHCX-WHWC-3WX5
Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-04-24 18:30In the Linux kernel, the following vulnerability has been resolved:
i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock"
This reverts commit f707d6b9e7c18f669adfdb443906d46cfbaaa0c1.
Under rare circumstances, multiple udev threads can collect i801 device info on boot and walk i801_acpi_io_handler somewhat concurrently. The first will note the area is reserved by acpi to prevent further touches. This ultimately causes the area to be deregistered. The second will enter i801_acpi_io_handler after the area is unregistered but before a check can be made that the area is unregistered. i2c_lock_bus relies on the now unregistered area containing lock_ops to lock the bus. The end result is a kernel panic on boot with the following backtrace;
[ 14.971872] ioatdma 0000:09:00.2: enabling device (0100 -> 0102) [ 14.971873] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 14.971880] #PF: supervisor read access in kernel mode [ 14.971884] #PF: error_code(0x0000) - not-present page [ 14.971887] PGD 0 P4D 0 [ 14.971894] Oops: 0000 [#1] PREEMPT SMP PTI [ 14.971900] CPU: 5 PID: 956 Comm: systemd-udevd Not tainted 5.14.0-611.5.1.el9_7.x86_64 #1 [ 14.971905] Hardware name: XXXXXXXXXXXXXXXXXXXXXXX BIOS 1.20.10.SV91 01/30/2023 [ 14.971908] RIP: 0010:i801_acpi_io_handler+0x2d/0xb0 [i2c_i801] [ 14.971929] Code: 00 00 49 8b 40 20 41 57 41 56 4d 8b b8 30 04 00 00 49 89 ce 41 55 41 89 d5 41 54 49 89 f4 be 02 00 00 00 55 4c 89 c5 53 89 fb <48> 8b 00 4c 89 c7 e8 18 61 54 e9 80 bd 80 04 00 00 00 75 09 4c 3b [ 14.971933] RSP: 0018:ffffbaa841483838 EFLAGS: 00010282 [ 14.971938] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9685e01ba568 [ 14.971941] RDX: 0000000000000008 RSI: 0000000000000002 RDI: 0000000000000000 [ 14.971944] RBP: ffff9685ca22f028 R08: ffff9685ca22f028 R09: ffff9685ca22f028 [ 14.971948] R10: 000000000000000b R11: 0000000000000580 R12: 0000000000000580 [ 14.971951] R13: 0000000000000008 R14: ffff9685e01ba568 R15: ffff9685c222f000 [ 14.971954] FS: 00007f8287c0ab40(0000) GS:ffff96a47f940000(0000) knlGS:0000000000000000 [ 14.971959] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 14.971963] CR2: 0000000000000000 CR3: 0000000168090001 CR4: 00000000003706f0 [ 14.971966] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 14.971968] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 14.971972] Call Trace: [ 14.971977] [ 14.971981] ? show_trace_log_lvl+0x1c4/0x2df [ 14.971994] ? show_trace_log_lvl+0x1c4/0x2df [ 14.972003] ? acpi_ev_address_space_dispatch+0x16e/0x3c0 [ 14.972014] ? __die_body.cold+0x8/0xd [ 14.972021] ? page_fault_oops+0x132/0x170 [ 14.972028] ? exc_page_fault+0x61/0x150 [ 14.972036] ? asm_exc_page_fault+0x22/0x30 [ 14.972045] ? i801_acpi_io_handler+0x2d/0xb0 [i2c_i801] [ 14.972061] acpi_ev_address_space_dispatch+0x16e/0x3c0 [ 14.972069] ? __pfx_i801_acpi_io_handler+0x10/0x10 [i2c_i801] [ 14.972085] acpi_ex_access_region+0x5b/0xd0 [ 14.972093] acpi_ex_field_datum_io+0x73/0x2e0 [ 14.972100] acpi_ex_read_data_from_field+0x8e/0x230 [ 14.972106] acpi_ex_resolve_node_to_value+0x23d/0x310 [ 14.972114] acpi_ds_evaluate_name_path+0xad/0x110 [ 14.972121] acpi_ds_exec_end_op+0x321/0x510 [ 14.972127] acpi_ps_parse_loop+0xf7/0x680 [ 14.972136] acpi_ps_parse_aml+0x17a/0x3d0 [ 14.972143] acpi_ps_execute_method+0x137/0x270 [ 14.972150] acpi_ns_evaluate+0x1f4/0x2e0 [ 14.972158] acpi_evaluate_object+0x134/0x2f0 [ 14.972164] acpi_evaluate_integer+0x50/0xe0 [ 14.972173] ? vsnprintf+0x24b/0x570 [ 14.972181] acpi_ac_get_state.part.0+0x23/0x70 [ 14.972189] get_ac_property+0x4e/0x60 [ 14.972195] power_supply_show_property+0x90/0x1f0 [ 14.972205] add_prop_uevent+0x29/0x90 [ 14.972213] power_supply_uevent+0x109/0x1d0 [ 14.972222] dev_uevent+0x10e/0x2f0 [ 14.972228] uevent_show+0x8e/0x100 [ 14.972236] dev_attr_show+0x19 ---truncated---
{
"affected": [],
"aliases": [
"CVE-2026-23369"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T11:16:36Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: i801: Revert \"i2c: i801: replace acpi_lock with I2C bus lock\"\n\nThis reverts commit f707d6b9e7c18f669adfdb443906d46cfbaaa0c1.\n\nUnder rare circumstances, multiple udev threads can collect i801 device\ninfo on boot and walk i801_acpi_io_handler somewhat concurrently. The\nfirst will note the area is reserved by acpi to prevent further touches.\nThis ultimately causes the area to be deregistered. The second will\nenter i801_acpi_io_handler after the area is unregistered but before a\ncheck can be made that the area is unregistered. i2c_lock_bus relies on\nthe now unregistered area containing lock_ops to lock the bus. The end\nresult is a kernel panic on boot with the following backtrace;\n\n[ 14.971872] ioatdma 0000:09:00.2: enabling device (0100 -\u003e 0102)\n[ 14.971873] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 14.971880] #PF: supervisor read access in kernel mode\n[ 14.971884] #PF: error_code(0x0000) - not-present page\n[ 14.971887] PGD 0 P4D 0\n[ 14.971894] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 14.971900] CPU: 5 PID: 956 Comm: systemd-udevd Not tainted 5.14.0-611.5.1.el9_7.x86_64 #1\n[ 14.971905] Hardware name: XXXXXXXXXXXXXXXXXXXXXXX BIOS 1.20.10.SV91 01/30/2023\n[ 14.971908] RIP: 0010:i801_acpi_io_handler+0x2d/0xb0 [i2c_i801]\n[ 14.971929] Code: 00 00 49 8b 40 20 41 57 41 56 4d 8b b8 30 04 00 00 49 89 ce 41 55 41 89 d5 41 54 49 89 f4 be 02 00 00 00 55 4c 89 c5 53 89 fb \u003c48\u003e 8b 00 4c 89 c7 e8 18 61 54 e9 80 bd 80 04 00 00 00 75 09 4c 3b\n[ 14.971933] RSP: 0018:ffffbaa841483838 EFLAGS: 00010282\n[ 14.971938] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9685e01ba568\n[ 14.971941] RDX: 0000000000000008 RSI: 0000000000000002 RDI: 0000000000000000\n[ 14.971944] RBP: ffff9685ca22f028 R08: ffff9685ca22f028 R09: ffff9685ca22f028\n[ 14.971948] R10: 000000000000000b R11: 0000000000000580 R12: 0000000000000580\n[ 14.971951] R13: 0000000000000008 R14: ffff9685e01ba568 R15: ffff9685c222f000\n[ 14.971954] FS: 00007f8287c0ab40(0000) GS:ffff96a47f940000(0000) knlGS:0000000000000000\n[ 14.971959] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 14.971963] CR2: 0000000000000000 CR3: 0000000168090001 CR4: 00000000003706f0\n[ 14.971966] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 14.971968] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 14.971972] Call Trace:\n[ 14.971977] \u003cTASK\u003e\n[ 14.971981] ? show_trace_log_lvl+0x1c4/0x2df\n[ 14.971994] ? show_trace_log_lvl+0x1c4/0x2df\n[ 14.972003] ? acpi_ev_address_space_dispatch+0x16e/0x3c0\n[ 14.972014] ? __die_body.cold+0x8/0xd\n[ 14.972021] ? page_fault_oops+0x132/0x170\n[ 14.972028] ? exc_page_fault+0x61/0x150\n[ 14.972036] ? asm_exc_page_fault+0x22/0x30\n[ 14.972045] ? i801_acpi_io_handler+0x2d/0xb0 [i2c_i801]\n[ 14.972061] acpi_ev_address_space_dispatch+0x16e/0x3c0\n[ 14.972069] ? __pfx_i801_acpi_io_handler+0x10/0x10 [i2c_i801]\n[ 14.972085] acpi_ex_access_region+0x5b/0xd0\n[ 14.972093] acpi_ex_field_datum_io+0x73/0x2e0\n[ 14.972100] acpi_ex_read_data_from_field+0x8e/0x230\n[ 14.972106] acpi_ex_resolve_node_to_value+0x23d/0x310\n[ 14.972114] acpi_ds_evaluate_name_path+0xad/0x110\n[ 14.972121] acpi_ds_exec_end_op+0x321/0x510\n[ 14.972127] acpi_ps_parse_loop+0xf7/0x680\n[ 14.972136] acpi_ps_parse_aml+0x17a/0x3d0\n[ 14.972143] acpi_ps_execute_method+0x137/0x270\n[ 14.972150] acpi_ns_evaluate+0x1f4/0x2e0\n[ 14.972158] acpi_evaluate_object+0x134/0x2f0\n[ 14.972164] acpi_evaluate_integer+0x50/0xe0\n[ 14.972173] ? vsnprintf+0x24b/0x570\n[ 14.972181] acpi_ac_get_state.part.0+0x23/0x70\n[ 14.972189] get_ac_property+0x4e/0x60\n[ 14.972195] power_supply_show_property+0x90/0x1f0\n[ 14.972205] add_prop_uevent+0x29/0x90\n[ 14.972213] power_supply_uevent+0x109/0x1d0\n[ 14.972222] dev_uevent+0x10e/0x2f0\n[ 14.972228] uevent_show+0x8e/0x100\n[ 14.972236] dev_attr_show+0x19\n---truncated---",
"id": "GHSA-vhcx-whwc-3wx5",
"modified": "2026-04-24T18:30:40Z",
"published": "2026-03-25T12:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23369"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1c72e7b0b442ce21a1348d9b8237cfddb67048eb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9507f9953a2a5647eb42668d0c243fdbd7e72954"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c726273044a5a8308a889d19d6884135c0f3321d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cfc69c2e6c699c96949f7b0455195b0bfb7dc715"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VHF9-5F69-9HJM
Vulnerability from github – Published: 2023-07-11 18:31 – Updated: 2024-03-11 18:31A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.
{
"affected": [],
"aliases": [
"CVE-2023-3354"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-11T17:15:13Z",
"severity": "HIGH"
},
"details": "A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.",
"id": "GHSA-vhf9-5f69-9hjm",
"modified": "2024-03-11T18:31:07Z",
"published": "2023-07-11T18:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3354"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-3354"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216478"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VHGM-7R9M-6MC8
Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2024-04-04 00:54In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client application.
{
"affected": [],
"aliases": [
"CVE-2018-20014"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-07T16:29:00Z",
"severity": "HIGH"
},
"details": "In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client application.",
"id": "GHSA-vhgm-7r9m-6mc8",
"modified": "2024-04-04T00:54:09Z",
"published": "2022-05-24T16:47:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20014"
},
{
"type": "WEB",
"url": "https://github.com/MostafaSoliman/Security-Advisories/blob/master/CVE-2018-20014"
},
{
"type": "WEB",
"url": "http://www.urbackup.org/client_changelog.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.