CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-VP8V-GJJ6-F34X
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-06-01 18:31In the Linux kernel, the following vulnerability has been resolved:
ipv4: icmp: fix null-ptr-deref in icmp_build_probe()
ipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the IPv6 stack is not active (CONFIG_IPV6=m and not loaded), and passing this error pointer to dev_hold() will cause a kernel crash with null-ptr-deref.
Instead, silently discard the request. RFC 8335 does not appear to define a specific response for the case where an IPv6 interface identifier is syntactically valid but the implementation cannot perform the lookup at runtime, and silently dropping the request may safer than misreporting "No Such Interface".
{
"affected": [],
"aliases": [
"CVE-2026-43099"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T10:16:23Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: icmp: fix null-ptr-deref in icmp_build_probe()\n\nipv6_stub-\u003eipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the\nIPv6 stack is not active (CONFIG_IPV6=m and not loaded), and passing\nthis error pointer to dev_hold() will cause a kernel crash with\nnull-ptr-deref.\n\nInstead, silently discard the request. RFC 8335 does not appear to\ndefine a specific response for the case where an IPv6 interface\nidentifier is syntactically valid but the implementation cannot perform\nthe lookup at runtime, and silently dropping the request may safer than\nmisreporting \"No Such Interface\".",
"id": "GHSA-vp8v-gjj6-f34x",
"modified": "2026-06-01T18:31:29Z",
"published": "2026-05-06T12:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43099"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0f21bc261e60f0c696c58841c4873ff77ed83673"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/47a8bf52156ac7e7a581eca31c1f964ba4258d4d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5b9911582d441f72fe6ccb15ffe3303bbc07f6f5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6be325206850a0891896d38bcf83a09d8b54ec48"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dc5db4db19766a61ad65d81d1f55b1c1e51ba78d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f91b3ed9e7fa82a70511b5f6901c88379acf2964"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fde29fd9349327acc50d19a0b5f3d5a6c964dfd8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VP9F-G82M-H958
Vulnerability from github – Published: 2025-04-01 18:30 – Updated: 2025-11-03 21:33In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix bad hist from corrupting named_triggers list
The following commands causes a crash:
~# cd /sys/kernel/tracing/events/rcu/rcu_callback ~# echo 'hist:name=bad:keys=common_pid:onmax(bogus).save(common_pid)' > trigger bash: echo: write error: Invalid argument ~# echo 'hist:name=bad:keys=common_pid' > trigger
Because the following occurs:
event_trigger_write() { trigger_process_regex() { event_hist_trigger_parse() {
data = event_trigger_alloc(..);
event_trigger_register(.., data) {
cmd_ops->reg(.., data, ..) [hist_register_trigger()] {
data->ops->init() [event_hist_trigger_init()] {
save_named_trigger(name, data) {
list_add(&data->named_list, &named_triggers);
}
}
}
}
ret = create_actions(); (return -EINVAL)
if (ret)
goto out_unreg;
[..] ret = hist_trigger_enable(data, ...) { list_add_tail_rcu(&data->list, &file->triggers); <<<---- SKIPPED!!! (this is important!) [..] out_unreg: event_hist_unregister(.., data) { cmd_ops->unreg(.., data, ..) [hist_unregister_trigger()] { list_for_each_entry(iter, &file->triggers, list) { if (!hist_trigger_match(data, iter, named_data, false)) <- never matches continue; [..] test = iter; } if (test && test->ops->free) <<<-- test is NULL
test->ops->free(test) [event_hist_trigger_free()] {
[..]
if (data->name)
del_named_trigger(data) {
list_del(&data->named_list); <<<<-- NEVER gets removed!
}
}
}
}
[..]
kfree(data); <<<-- frees item but it is still on list
The next time a hist with name is registered, it causes an u-a-f bug and the kernel can crash.
Move the code around such that if event_trigger_register() succeeds, the next thing called is hist_trigger_enable() which adds it to the list.
A bunch of actions is called if get_named_trigger_data() returns false. But that doesn't need to be called after event_trigger_register(), so it can be moved up, allowing event_trigger_register() to be called just before hist_trigger_enable() keeping them together and allowing the file->triggers to be properly populated.
{
"affected": [],
"aliases": [
"CVE-2025-21899"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-01T16:15:20Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix bad hist from corrupting named_triggers list\n\nThe following commands causes a crash:\n\n ~# cd /sys/kernel/tracing/events/rcu/rcu_callback\n ~# echo \u0027hist:name=bad:keys=common_pid:onmax(bogus).save(common_pid)\u0027 \u003e trigger\n bash: echo: write error: Invalid argument\n ~# echo \u0027hist:name=bad:keys=common_pid\u0027 \u003e trigger\n\nBecause the following occurs:\n\nevent_trigger_write() {\n trigger_process_regex() {\n event_hist_trigger_parse() {\n\n data = event_trigger_alloc(..);\n\n event_trigger_register(.., data) {\n cmd_ops-\u003ereg(.., data, ..) [hist_register_trigger()] {\n data-\u003eops-\u003einit() [event_hist_trigger_init()] {\n save_named_trigger(name, data) {\n list_add(\u0026data-\u003enamed_list, \u0026named_triggers);\n }\n }\n }\n }\n\n ret = create_actions(); (return -EINVAL)\n if (ret)\n goto out_unreg;\n[..]\n ret = hist_trigger_enable(data, ...) {\n list_add_tail_rcu(\u0026data-\u003elist, \u0026file-\u003etriggers); \u003c\u003c\u003c---- SKIPPED!!! (this is important!)\n[..]\n out_unreg:\n event_hist_unregister(.., data) {\n cmd_ops-\u003eunreg(.., data, ..) [hist_unregister_trigger()] {\n list_for_each_entry(iter, \u0026file-\u003etriggers, list) {\n if (!hist_trigger_match(data, iter, named_data, false)) \u003c- never matches\n continue;\n [..]\n test = iter;\n }\n if (test \u0026\u0026 test-\u003eops-\u003efree) \u003c\u003c\u003c-- test is NULL\n\n test-\u003eops-\u003efree(test) [event_hist_trigger_free()] {\n [..]\n if (data-\u003ename)\n del_named_trigger(data) {\n list_del(\u0026data-\u003enamed_list); \u003c\u003c\u003c\u003c-- NEVER gets removed!\n }\n }\n }\n }\n\n [..]\n kfree(data); \u003c\u003c\u003c-- frees item but it is still on list\n\nThe next time a hist with name is registered, it causes an u-a-f bug and\nthe kernel can crash.\n\nMove the code around such that if event_trigger_register() succeeds, the\nnext thing called is hist_trigger_enable() which adds it to the list.\n\nA bunch of actions is called if get_named_trigger_data() returns false.\nBut that doesn\u0027t need to be called after event_trigger_register(), so it\ncan be moved up, allowing event_trigger_register() to be called just\nbefore hist_trigger_enable() keeping them together and allowing the\nfile-\u003etriggers to be properly populated.",
"id": "GHSA-vp9f-g82m-h958",
"modified": "2025-11-03T21:33:20Z",
"published": "2025-04-01T18:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21899"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/435d2964af815aae456db554c62963b4515f19d0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/43b254d46c740bf9dbe65709afa021dd726dfa99"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5ae1b18f05ee2b849dc03b6c15d7da0c1c6efa77"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6f86bdeab633a56d5c6dccf1a2c5989b6a5e323e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f1ae50cfb818ce1ac7a674406dfadb7653e2552d"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VPJP-WPJG-XV5M
Vulnerability from github – Published: 2025-09-23 18:30 – Updated: 2025-09-23 18:30In the Linux kernel, the following vulnerability has been resolved:
arch/arm64: Fix topology initialization for core scheduling
Arm64 systems rely on store_cpu_topology() to call update_siblings_masks() to transfer the toplogy to the various cpu masks. This needs to be done before the call to notify_cpu_starting() which tells the scheduler about each cpu found, otherwise the core scheduling data structures are setup in a way that does not match the actual topology.
With smt_mask not setup correctly we bail on cpumask_weight(smt_mask) == 1
for !leaders in:
notify_cpu_starting() cpuhp_invoke_callback_range() sched_cpu_starting() sched_core_cpu_starting()
which leads to rq->core not being correctly set for !leader-rq's.
Without this change stress-ng (which enables core scheduling in its prctl tests in newer versions -- i.e. with PR_SCHED_CORE support) causes a warning and then a crash (trimmed for legibility):
[ 1853.805168] ------------[ cut here ]------------ [ 1853.809784] task_rq(b)->core != rq->core [ 1853.809792] WARNING: CPU: 117 PID: 0 at kernel/sched/fair.c:11102 cfs_prio_less+0x1b4/0x1c4 ... [ 1854.015210] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 ... [ 1854.231256] Call trace: [ 1854.233689] pick_next_task+0x3dc/0x81c [ 1854.237512] __schedule+0x10c/0x4cc [ 1854.240988] schedule_idle+0x34/0x54
{
"affected": [],
"aliases": [
"CVE-2022-49090"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:46Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\narch/arm64: Fix topology initialization for core scheduling\n\nArm64 systems rely on store_cpu_topology() to call update_siblings_masks()\nto transfer the toplogy to the various cpu masks. This needs to be done\nbefore the call to notify_cpu_starting() which tells the scheduler about\neach cpu found, otherwise the core scheduling data structures are setup\nin a way that does not match the actual topology.\n\nWith smt_mask not setup correctly we bail on `cpumask_weight(smt_mask) == 1`\nfor !leaders in:\n\n notify_cpu_starting()\n cpuhp_invoke_callback_range()\n sched_cpu_starting()\n sched_core_cpu_starting()\n\nwhich leads to rq-\u003ecore not being correctly set for !leader-rq\u0027s.\n\nWithout this change stress-ng (which enables core scheduling in its prctl\ntests in newer versions -- i.e. with PR_SCHED_CORE support) causes a warning\nand then a crash (trimmed for legibility):\n\n[ 1853.805168] ------------[ cut here ]------------\n[ 1853.809784] task_rq(b)-\u003ecore != rq-\u003ecore\n[ 1853.809792] WARNING: CPU: 117 PID: 0 at kernel/sched/fair.c:11102 cfs_prio_less+0x1b4/0x1c4\n...\n[ 1854.015210] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n...\n[ 1854.231256] Call trace:\n[ 1854.233689] pick_next_task+0x3dc/0x81c\n[ 1854.237512] __schedule+0x10c/0x4cc\n[ 1854.240988] schedule_idle+0x34/0x54",
"id": "GHSA-vpjp-wpjg-xv5m",
"modified": "2025-09-23T18:30:20Z",
"published": "2025-09-23T18:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49090"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5524cbb1bfcdff0cad0aaa9f94e6092002a07259"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/790c1567582bda8f1153015436e3330a7c6eb278"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/87f5d66daa5f457449bb95d6b8d18bb7596aa627"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c78a1b2d0bff678570c8dc9f14035606f5e5257d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VPJQ-9V86-RQF3
Vulnerability from github – Published: 2022-05-17 02:52 – Updated: 2025-04-20 03:30A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerability.
{
"affected": [],
"aliases": [
"CVE-2016-2369"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-06T21:59:00Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerability.",
"id": "GHSA-vpjq-9v86-rqf3",
"modified": "2025-04-20T03:30:48Z",
"published": "2022-05-17T02:52:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2369"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"type": "WEB",
"url": "http://www.pidgin.im/news/security/?id=102"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"type": "WEB",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0137"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VPQ6-7984-6W49
Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file.
{
"affected": [],
"aliases": [
"CVE-2016-5029"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-17T17:59:00Z",
"severity": "MODERATE"
},
"details": "The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file.",
"id": "GHSA-vpq6-7984-6w49",
"modified": "2022-05-13T01:03:26Z",
"published": "2022-05-13T01:03:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5029"
},
{
"type": "WEB",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VPQC-5PHG-HJVG
Vulnerability from github – Published: 2025-03-10 21:31 – Updated: 2025-03-10 21:31In the Linux kernel, the following vulnerability has been resolved:
KVM: Don't null dereference ops->destroy
A KVM device cleanup happens in either of two callbacks: 1) destroy() which is called when the VM is being destroyed; 2) release() which is called when a device fd is closed.
Most KVM devices use 1) but Book3s's interrupt controller KVM devices (XICS, XIVE, XIVE-native) use 2) as they need to close and reopen during the machine execution. The error handling in kvm_ioctl_create_device() assumes destroy() is always defined which leads to NULL dereference as discovered by Syzkaller.
This adds a checks for destroy!=NULL and adds a missing release().
This is not changing kvm_destroy_devices() as devices with defined release() should have been removed from the KVM devices list by then.
{
"affected": [],
"aliases": [
"CVE-2022-49568"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:32Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Don\u0027t null dereference ops-\u003edestroy\n\nA KVM device cleanup happens in either of two callbacks:\n1) destroy() which is called when the VM is being destroyed;\n2) release() which is called when a device fd is closed.\n\nMost KVM devices use 1) but Book3s\u0027s interrupt controller KVM devices\n(XICS, XIVE, XIVE-native) use 2) as they need to close and reopen during\nthe machine execution. The error handling in kvm_ioctl_create_device()\nassumes destroy() is always defined which leads to NULL dereference as\ndiscovered by Syzkaller.\n\nThis adds a checks for destroy!=NULL and adds a missing release().\n\nThis is not changing kvm_destroy_devices() as devices with defined\nrelease() should have been removed from the KVM devices list by then.",
"id": "GHSA-vpqc-5phg-hjvg",
"modified": "2025-03-10T21:31:10Z",
"published": "2025-03-10T21:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49568"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/170465715a60cbb7876e6b961b21bd3225469da8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3616776bc51cd3262bb1be60cc01c72e0a1959cf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d4a5a79b780891c5cbdfdc6124d46fdf8d13dba1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e8bc2427018826e02add7b0ed0fc625a60390ae5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e91665fbbf3ccb268b268a7d71a6513538d813ac"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VPRR-5687-F565
Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.
{
"affected": [],
"aliases": [
"CVE-2011-2691"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-07-17T20:55:00Z",
"severity": "MODERATE"
},
"details": "The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.",
"id": "GHSA-vprr-5687-f565",
"modified": "2022-05-13T01:24:25Z",
"published": "2022-05-13T01:24:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2691"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720608"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68537"
},
{
"type": "WEB",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=9dad5e37aef295b4ef8dea39392b652deebc9261"
},
{
"type": "WEB",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=9dad5e37aef295b4ef8dea39392b652deebc9261"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/45046"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/45405"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/45492"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/49660"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5002"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2011/dsa-2287"
},
{
"type": "WEB",
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/07/13/2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/48660"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VPWC-QJH8-Q22P
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-10-12 19:00A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2020-16593"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-09T21:15:00Z",
"severity": "MODERATE"
},
"details": "A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.",
"id": "GHSA-vpwc-qjh8-q22p",
"modified": "2022-10-12T19:00:36Z",
"published": "2022-05-24T17:35:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16593"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210122-0003"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25827"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aec72fda3b320c36eb99fc1c4cf95b10fc026729"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VQ2F-JGXP-899C
Vulnerability from github – Published: 2025-08-16 12:30 – Updated: 2025-11-18 18:32In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init()
devm_kasprintf() returns NULL on error. Currently, mt7925_thermal_init() does not check for this case, which results in a NULL pointer dereference.
Add NULL check after devm_kasprintf() to prevent this issue.
{
"affected": [],
"aliases": [
"CVE-2025-38541"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-16T12:15:29Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init()\n\ndevm_kasprintf() returns NULL on error. Currently, mt7925_thermal_init()\ndoes not check for this case, which results in a NULL pointer\ndereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"id": "GHSA-vq2f-jgxp-899c",
"modified": "2025-11-18T18:32:48Z",
"published": "2025-08-16T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38541"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/03ee8f73801a8f46d83dfc2bf73fb9ffa5a21602"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1bbdf4213711bb6dc365e7628430a63dd3280794"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e99e9b34ece0b6d3e82cb757e9f60fa414da999"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VQ42-379V-G652
Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service.
{
"affected": [],
"aliases": [
"CVE-2018-7361"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-16T15:29:00Z",
"severity": "MODERATE"
},
"details": "All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service.",
"id": "GHSA-vq42-379v-g652",
"modified": "2022-05-13T01:31:55Z",
"published": "2022-05-13T01:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7361"
},
{
"type": "WEB",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.