CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-VXH7-4MVV-VR86
Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.
{
"affected": [],
"aliases": [
"CVE-2016-7132"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-09-12T01:59:00Z",
"severity": "HIGH"
},
"details": "ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.",
"id": "GHSA-vxh7-4mvv-vr86",
"modified": "2022-05-13T01:13:32Z",
"published": "2022-05-13T01:13:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7132"
},
{
"type": "WEB",
"url": "https://github.com/php/php-src/commit/0c8a2a2cd1056b7dc403eacb5d2c0eec6ce47c6f"
},
{
"type": "WEB",
"url": "https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b?w=1"
},
{
"type": "WEB",
"url": "https://bugs.php.net/bug.php?id=72799"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2016/09/02/9"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"type": "WEB",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"type": "WEB",
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/92767"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036680"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VXHQ-JP57-MCRM
Vulnerability from github – Published: 2022-05-17 00:24 – Updated: 2022-05-17 00:24A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service.
{
"affected": [],
"aliases": [
"CVE-2017-15096"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-26T17:29:00Z",
"severity": "LOW"
},
"details": "A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service.",
"id": "GHSA-vxhq-jp57-mcrm",
"modified": "2022-05-17T00:24:35Z",
"published": "2022-05-17T00:24:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15096"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHEA-2019:3249"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2017-15096"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1504255"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-VXMC-W576-MQXX
Vulnerability from github – Published: 2024-04-03 18:30 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: fixed integer types and null check locations
[why]: issues fixed: - comparison with wider integer type in loop condition which can cause infinite loops - pointer dereference before null check
{
"affected": [],
"aliases": [
"CVE-2024-26767"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-03T17:15:52Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fixed integer types and null check locations\n\n[why]:\nissues fixed:\n- comparison with wider integer type in loop condition which can cause\ninfinite loops\n- pointer dereference before null check",
"id": "GHSA-vxmc-w576-mqxx",
"modified": "2025-11-03T21:31:02Z",
"published": "2024-04-03T18:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26767"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0484e05d048b66d01d1f3c1d2306010bb57d8738"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/070fda699dfdce560755379bc428d9edada7a54e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/71783d1ff65204d69207fd156d4b2eb1d3882375"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/beea9ab9080cd2ef46296070bb327af066ee09d7"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VXPV-RV2Q-V5R7
Vulnerability from github – Published: 2024-05-01 15:30 – Updated: 2024-11-01 18:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()
Since 'adev->dm.dc' in amdgpu_dm_fini() might turn out to be NULL before the call to dc_enable_dmub_notifications(), check beforehand to ensure there will not be a possible NULL-ptr-deref there.
Also, since commit 1e88eb1b2c25 ("drm/amd/display: Drop CONFIG_DRM_AMD_DC_HDCP") there are two separate checks for NULL in 'adev->dm.dc' before dc_deinit_callbacks() and dc_dmub_srv_destroy(). Clean up by combining them all under one 'if'.
Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE.
{
"affected": [],
"aliases": [
"CVE-2024-27041"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T13:15:49Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix NULL checks for adev-\u003edm.dc in amdgpu_dm_fini()\n\nSince \u0027adev-\u003edm.dc\u0027 in amdgpu_dm_fini() might turn out to be NULL\nbefore the call to dc_enable_dmub_notifications(), check\nbeforehand to ensure there will not be a possible NULL-ptr-deref\nthere.\n\nAlso, since commit 1e88eb1b2c25 (\"drm/amd/display: Drop\nCONFIG_DRM_AMD_DC_HDCP\") there are two separate checks for NULL in\n\u0027adev-\u003edm.dc\u0027 before dc_deinit_callbacks() and dc_dmub_srv_destroy().\nClean up by combining them all under one \u0027if\u0027.\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE.",
"id": "GHSA-vxpv-rv2q-v5r7",
"modified": "2024-11-01T18:31:25Z",
"published": "2024-05-01T15:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27041"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1c62697e4086de988b31124fb8c79c244ea05f2b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2a3cfb9a24a28da9cc13d2c525a76548865e182c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca2eb375db76fd50f31afdd67d6ca4f833254957"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e040f1fbe9abae91b12b074cfc3bbb5367b79811"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VXRH-CPG7-8VJR
Vulnerability from github – Published: 2023-02-08 22:22 – Updated: 2025-02-13 18:40An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack.
The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "openssl-src"
},
"ranges": [
{
"events": [
{
"introduced": "300.0.0"
},
{
"fixed": "300.0.12"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-0217"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-08T22:22:12Z",
"nvd_published_at": "2023-02-08T20:15:00Z",
"severity": "HIGH"
},
"details": "An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the `EVP_PKEY_public_check()` function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack.\n\nThe TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.",
"id": "GHSA-vxrh-cpg7-8vjr",
"modified": "2025-02-13T18:40:46Z",
"published": "2023-02-08T22:22:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0217"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2023-0012.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202402-08"
},
{
"type": "WEB",
"url": "https://www.openssl.org/news/secadv/20230207.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "openssl-src subject to NULL dereference validating DSA public key"
}
GHSA-VXW7-7P85-3X75
Vulnerability from github – Published: 2023-07-18 15:30 – Updated: 2024-04-04 06:13In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modified during loop execution.
{
"affected": [],
"aliases": [
"CVE-2023-31441"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-18T15:15:11Z",
"severity": "MODERATE"
},
"details": "In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modified during loop execution.",
"id": "GHSA-vxw7-7p85-3x75",
"modified": "2024-04-04T06:13:40Z",
"published": "2023-07-18T15:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31441"
},
{
"type": "WEB",
"url": "https://github.com/NCI-Agency/anet/issues/4408"
},
{
"type": "WEB",
"url": "https://github.com/NCI-Agency/anet/blob/0662b99dfdec1ce07439eb7bed02d90320acc721/src/main/java/mil/dds/anet/utils/Utils.java"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W24X-3WRX-8Q34
Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-06-01 18:31In the Linux kernel, the following vulnerability has been resolved:
batman-adv: hold claim backbone gateways by reference
batadv_bla_add_claim() can replace claim->backbone_gw and drop the old gateway's last reference while readers still follow the pointer.
The netlink claim dump path dereferences claim->backbone_gw->orig and takes claim->backbone_gw->crc_lock without pinning the underlying backbone gateway. batadv_bla_check_claim() still has the same naked pointer access pattern.
Reuse batadv_bla_claim_get_backbone_gw() in both readers so they operate on a stable gateway reference until the read-side work is complete. This keeps the dump and claim-check paths aligned with the lifetime rules introduced for the other BLA claim readers.
{
"affected": [],
"aliases": [
"CVE-2026-31657"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-24T15:16:45Z",
"severity": "CRITICAL"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: hold claim backbone gateways by reference\n\nbatadv_bla_add_claim() can replace claim-\u003ebackbone_gw and drop the old\ngateway\u0027s last reference while readers still follow the pointer.\n\nThe netlink claim dump path dereferences claim-\u003ebackbone_gw-\u003eorig and\ntakes claim-\u003ebackbone_gw-\u003ecrc_lock without pinning the underlying\nbackbone gateway. batadv_bla_check_claim() still has the same naked\npointer access pattern.\n\nReuse batadv_bla_claim_get_backbone_gw() in both readers so they operate\non a stable gateway reference until the read-side work is complete.\nThis keeps the dump and claim-check paths aligned with the lifetime\nrules introduced for the other BLA claim readers.",
"id": "GHSA-w24x-3wrx-8q34",
"modified": "2026-06-01T18:31:28Z",
"published": "2026-04-24T15:32:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31657"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1f2dc36c297d27733f1b380ea644cf15a361bd7b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2f55b58b5a0bbed192d60c444a45a49cdf1b545f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4dee4c0688443aaf5bbec74aa203c851d1d53c35"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5202f071b367ffbc8e279fc7a00db14f5e587f52"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/69d1ce9c72eca91203ffdb8d08bacd511100aec6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7962b522222628596ca9ecc8722efc95367aadbd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/82d8701b2c930d0e96b0dbc9115a218d791cb0d2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f4858832ddef2f39f21e30b7226bbcd3c4b2bc96"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W26Q-7WF7-M5PH
Vulnerability from github – Published: 2022-05-14 01:15 – Updated: 2022-05-14 01:15A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.
{
"affected": [],
"aliases": [
"CVE-2018-7492"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-26T20:29:00Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.",
"id": "GHSA-w26q-7wf7-m5ph",
"modified": "2022-05-14T01:15:20Z",
"published": "2022-05-14T01:15:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7492"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/f3069c6d33f6ae63a1668737bc78aaaa51bff7ca"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1527393"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"type": "WEB",
"url": "https://patchwork.kernel.org/patch/10096441"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3619-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3619-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3674-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3674-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3677-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3677-2"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"type": "WEB",
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7"
},
{
"type": "WEB",
"url": "https://xorl.wordpress.com/2017/12/18/linux-kernel-rdma-null-pointer-dereference"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3069c6d33f6ae63a1668737bc78aaaa51bff7ca"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103185"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W2V8-X9HV-74WH
Vulnerability from github – Published: 2025-09-18 18:30 – Updated: 2025-12-11 15:30In the Linux kernel, the following vulnerability has been resolved:
rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access
For kernels built with CONFIG_PREEMPT_RCU=y, the following scenario can result in a NULL-pointer dereference:
CPU1 CPU2
rcu_preempt_deferred_qs_irqrestore rcu_print_task_exp_stall if (special.b.blocked) READ_ONCE(rnp->exp_tasks) != NULL raw_spin_lock_rcu_node np = rcu_next_node_entry(t, rnp) if (&t->rcu_node_entry == rnp->exp_tasks) WRITE_ONCE(rnp->exp_tasks, np) .... raw_spin_unlock_irqrestore_rcu_node raw_spin_lock_irqsave_rcu_node t = list_entry(rnp->exp_tasks->prev, struct task_struct, rcu_node_entry) (if rnp->exp_tasks is NULL, this will dereference a NULL pointer)
The problem is that CPU2 accesses the rcu_node structure's->exp_tasks field without holding the rcu_node structure's ->lock and CPU2 did not observe CPU1's change to rcu_node structure's ->exp_tasks in time. Therefore, if CPU1 sets rcu_node structure's->exp_tasks pointer to NULL, then CPU2 might dereference that NULL pointer.
This commit therefore holds the rcu_node structure's ->lock while accessing that structure's->exp_tasks field.
[ paulmck: Apply Frederic Weisbecker feedback. ]
{
"affected": [],
"aliases": [
"CVE-2023-53419"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T16:15:45Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu: Protect rcu_print_task_exp_stall() -\u003eexp_tasks access\n\nFor kernels built with CONFIG_PREEMPT_RCU=y, the following scenario can\nresult in a NULL-pointer dereference:\n\n CPU1 CPU2\nrcu_preempt_deferred_qs_irqrestore rcu_print_task_exp_stall\n if (special.b.blocked) READ_ONCE(rnp-\u003eexp_tasks) != NULL\n raw_spin_lock_rcu_node\n np = rcu_next_node_entry(t, rnp)\n if (\u0026t-\u003ercu_node_entry == rnp-\u003eexp_tasks)\n WRITE_ONCE(rnp-\u003eexp_tasks, np)\n ....\n raw_spin_unlock_irqrestore_rcu_node\n raw_spin_lock_irqsave_rcu_node\n t = list_entry(rnp-\u003eexp_tasks-\u003eprev,\n struct task_struct, rcu_node_entry)\n (if rnp-\u003eexp_tasks is NULL, this\n will dereference a NULL pointer)\n\nThe problem is that CPU2 accesses the rcu_node structure\u0027s-\u003eexp_tasks\nfield without holding the rcu_node structure\u0027s -\u003elock and CPU2 did\nnot observe CPU1\u0027s change to rcu_node structure\u0027s -\u003eexp_tasks in time.\nTherefore, if CPU1 sets rcu_node structure\u0027s-\u003eexp_tasks pointer to NULL,\nthen CPU2 might dereference that NULL pointer.\n\nThis commit therefore holds the rcu_node structure\u0027s -\u003elock while\naccessing that structure\u0027s-\u003eexp_tasks field.\n\n[ paulmck: Apply Frederic Weisbecker feedback. ]",
"id": "GHSA-w2v8-x9hv-74wh",
"modified": "2025-12-11T15:30:30Z",
"published": "2025-09-18T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53419"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2bc0ae94ef1f9ed322d8ee439de3239ea3632ab2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3c1566bca3f8349f12b75d0a2d5e4a20ad6262ec"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7d21b8585894e6fff973f6ddae42f02b13f600f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d0a8c0e31a09ec1efd53079083e2a677956b4d91"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e30a55e98ae6c44253d8b129efefd5da5bc6e3bc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W2VJ-J8WH-3C7W
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash.
{
"affected": [],
"aliases": [
"CVE-2020-27830"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-13T15:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash.",
"id": "GHSA-w2vj-j8wh-3c7w",
"modified": "2022-05-24T19:02:22Z",
"published": "2022-05-24T19:02:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27830"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919900"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210625-0004"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/12/08/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/12/08/4"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.