CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-W5GW-F5VP-R675
Vulnerability from github – Published: 2024-12-24 12:30 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scpi: Check the DVFS OPP count returned by the firmware
Fix a kernel crash with the below call trace when the SCPI firmware returns OPP count of zero.
dvfs_info.opp_count may be zero on some platforms during the reboot test, and the kernel will crash after dereferencing the pointer to kcalloc(info->count, sizeof(*opp), GFP_KERNEL).
| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028 | Mem abort info: | ESR = 0x96000004 | Exception class = DABT (current EL), IL = 32 bits | SET = 0, FnV = 0 | EA = 0, S1PTW = 0 | Data abort info: | ISV = 0, ISS = 0x00000004 | CM = 0, WnR = 0 | user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000faefa08c | [0000000000000028] pgd=0000000000000000 | Internal error: Oops: 96000004 [#1] SMP | scpi-hwmon: probe of PHYT000D:00 failed with error -110 | Process systemd-udevd (pid: 1701, stack limit = 0x00000000aaede86c) | CPU: 2 PID: 1701 Comm: systemd-udevd Not tainted 4.19.90+ #1 | Hardware name: PHYTIUM LTD Phytium FT2000/4/Phytium FT2000/4, BIOS | pstate: 60000005 (nZCv daif -PAN -UAO) | pc : scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi] | lr : clk_register+0x438/0x720 | Call trace: | scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi] | devm_clk_hw_register+0x50/0xa0 | scpi_clk_ops_init.isra.2+0xa0/0x138 [clk_scpi] | scpi_clocks_probe+0x528/0x70c [clk_scpi] | platform_drv_probe+0x58/0xa8 | really_probe+0x260/0x3d0 | driver_probe_device+0x12c/0x148 | device_driver_attach+0x74/0x98 | __driver_attach+0xb4/0xe8 | bus_for_each_dev+0x88/0xe0 | driver_attach+0x30/0x40 | bus_add_driver+0x178/0x2b0 | driver_register+0x64/0x118 | __platform_driver_register+0x54/0x60 | scpi_clocks_driver_init+0x24/0x1000 [clk_scpi] | do_one_initcall+0x54/0x220 | do_init_module+0x54/0x1c8 | load_module+0x14a4/0x1668 | __se_sys_finit_module+0xf8/0x110 | __arm64_sys_finit_module+0x24/0x30 | el0_svc_common+0x78/0x170 | el0_svc_handler+0x38/0x78 | el0_svc+0x8/0x340 | Code: 937d7c00 a94153f3 a8c27bfd f9400421 (b8606820) | ---[ end trace 06feb22469d89fa8 ]--- | Kernel panic - not syncing: Fatal exception | SMP: stopping secondary CPUs | Kernel Offset: disabled | CPU features: 0x10,a0002008 | Memory Limit: none
{
"affected": [],
"aliases": [
"CVE-2024-53157"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-24T12:15:23Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scpi: Check the DVFS OPP count returned by the firmware\n\nFix a kernel crash with the below call trace when the SCPI firmware\nreturns OPP count of zero.\n\ndvfs_info.opp_count may be zero on some platforms during the reboot\ntest, and the kernel will crash after dereferencing the pointer to\nkcalloc(info-\u003ecount, sizeof(*opp), GFP_KERNEL).\n\n | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028\n | Mem abort info:\n | ESR = 0x96000004\n | Exception class = DABT (current EL), IL = 32 bits\n | SET = 0, FnV = 0\n | EA = 0, S1PTW = 0\n | Data abort info:\n | ISV = 0, ISS = 0x00000004\n | CM = 0, WnR = 0\n | user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000faefa08c\n | [0000000000000028] pgd=0000000000000000\n | Internal error: Oops: 96000004 [#1] SMP\n | scpi-hwmon: probe of PHYT000D:00 failed with error -110\n | Process systemd-udevd (pid: 1701, stack limit = 0x00000000aaede86c)\n | CPU: 2 PID: 1701 Comm: systemd-udevd Not tainted 4.19.90+ #1\n | Hardware name: PHYTIUM LTD Phytium FT2000/4/Phytium FT2000/4, BIOS\n | pstate: 60000005 (nZCv daif -PAN -UAO)\n | pc : scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi]\n | lr : clk_register+0x438/0x720\n | Call trace:\n | scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi]\n | devm_clk_hw_register+0x50/0xa0\n | scpi_clk_ops_init.isra.2+0xa0/0x138 [clk_scpi]\n | scpi_clocks_probe+0x528/0x70c [clk_scpi]\n | platform_drv_probe+0x58/0xa8\n | really_probe+0x260/0x3d0\n | driver_probe_device+0x12c/0x148\n | device_driver_attach+0x74/0x98\n | __driver_attach+0xb4/0xe8\n | bus_for_each_dev+0x88/0xe0\n | driver_attach+0x30/0x40\n | bus_add_driver+0x178/0x2b0\n | driver_register+0x64/0x118\n | __platform_driver_register+0x54/0x60\n | scpi_clocks_driver_init+0x24/0x1000 [clk_scpi]\n | do_one_initcall+0x54/0x220\n | do_init_module+0x54/0x1c8\n | load_module+0x14a4/0x1668\n | __se_sys_finit_module+0xf8/0x110\n | __arm64_sys_finit_module+0x24/0x30\n | el0_svc_common+0x78/0x170\n | el0_svc_handler+0x38/0x78\n | el0_svc+0x8/0x340\n | Code: 937d7c00 a94153f3 a8c27bfd f9400421 (b8606820)\n | ---[ end trace 06feb22469d89fa8 ]---\n | Kernel panic - not syncing: Fatal exception\n | SMP: stopping secondary CPUs\n | Kernel Offset: disabled\n | CPU features: 0x10,a0002008\n | Memory Limit: none",
"id": "GHSA-w5gw-f5vp-r675",
"modified": "2025-11-03T21:31:45Z",
"published": "2024-12-24T12:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53157"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/025067eeb945aa17c7dd483a63960125b7efb577"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/06258e57fee253f4046d3a6a86d7fde09f596eac"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/109aa654f85c5141e813b2cd1bd36d90be678407"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/12e2c520a0a4202575e4a45ea41f06a8e9aa3417"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2a5b8de6fcb944f9af0c5fcb30bb0c039705e051"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/380c0e1d96f3b522f3170c18ee5e0f1a28fec5d6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8be4e51f3ecfb0915e3510b600c4cce0dc68a383"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9beaff47bcea5eec7d4ead98f5043057161fd71a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dfc9c2aa7f04f7db7e7225a5e118a24bf1c3b325"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W5J2-J3WP-2GC3
Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2025-04-20 03:45ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.
{
"affected": [],
"aliases": [
"CVE-2017-14532"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-18T01:29:00Z",
"severity": "CRITICAL"
},
"details": "ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.",
"id": "GHSA-w5j2-j3wp-2gc3",
"modified": "2025-04-20T03:45:24Z",
"published": "2022-05-13T01:17:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14532"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/719"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3681-1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100883"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W5J3-2FJ8-5X8C
Vulnerability from github – Published: 2025-10-21 12:31 – Updated: 2025-10-21 12:31In the Linux kernel, the following vulnerability has been resolved:
md/bitmap: don't set sb values if can't pass sanity check
If bitmap area contains invalid data, kernel will crash then mdadm triggers "Segmentation fault". This is cluster-md speical bug. In non-clustered env, mdadm will handle broken metadata case. In clustered array, only kernel space handles bitmap slot info. But even this bug only happened in clustered env, current sanity check is wrong, the code should be changed.
How to trigger: (faulty injection)
dd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sda dd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sdb mdadm -C /dev/md0 -b clustered -e 1.2 -n 2 -l mirror /dev/sda /dev/sdb mdadm -Ss echo aaa > magic.txt == below modifying slot 2 bitmap data == dd if=magic.txt of=/dev/sda seek=16384 bs=1 count=3 <== destroy magic dd if=/dev/zero of=/dev/sda seek=16436 bs=1 count=4 <== ZERO chunksize mdadm -A /dev/md0 /dev/sda /dev/sdb == kernel crashes. mdadm outputs "Segmentation fault" ==
Reason of kernel crash:
In md_bitmap_read_sb (called by md_bitmap_create), bad bitmap magic didn't block chunksize assignment, and zero value made DIV_ROUND_UP_SECTOR_T() trigger "divide error".
Crash log:
kernel: md: md0 stopped. kernel: md/raid1:md0: not clean -- starting background reconstruction kernel: md/raid1:md0: active with 2 out of 2 mirrors kernel: dlm: ... ... kernel: md-cluster: Joined cluster 44810aba-38bb-e6b8-daca-bc97a0b254aa slot 1 kernel: md0: invalid bitmap file superblock: bad magic kernel: md_bitmap_copy_from_slot can't get bitmap from slot 2 kernel: md-cluster: Could not gather bitmaps from slot 2 kernel: divide error: 0000 [#1] SMP NOPTI kernel: CPU: 0 PID: 1603 Comm: mdadm Not tainted 5.14.6-1-default kernel: Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) kernel: RIP: 0010:md_bitmap_create+0x1d1/0x850 [md_mod] kernel: RSP: 0018:ffffc22ac0843ba0 EFLAGS: 00010246 kernel: ... ... kernel: Call Trace: kernel: ? dlm_lock_sync+0xd0/0xd0 [md_cluster 77fe..7a0] kernel: md_bitmap_copy_from_slot+0x2c/0x290 [md_mod 24ea..d3a] kernel: load_bitmaps+0xec/0x210 [md_cluster 77fe..7a0] kernel: md_bitmap_load+0x81/0x1e0 [md_mod 24ea..d3a] kernel: do_md_run+0x30/0x100 [md_mod 24ea..d3a] kernel: md_ioctl+0x1290/0x15a0 [md_mod 24ea....d3a] kernel: ? mddev_unlock+0xaa/0x130 [md_mod 24ea..d3a] kernel: ? blkdev_ioctl+0xb1/0x2b0 kernel: block_ioctl+0x3b/0x40 kernel: __x64_sys_ioctl+0x7f/0xb0 kernel: do_syscall_64+0x59/0x80 kernel: ? exit_to_user_mode_prepare+0x1ab/0x230 kernel: ? syscall_exit_to_user_mode+0x18/0x40 kernel: ? do_syscall_64+0x69/0x80 kernel: entry_SYSCALL_64_after_hwframe+0x44/0xae kernel: RIP: 0033:0x7f4a15fa722b kernel: ... ... kernel: ---[ end trace 8afa7612f559c868 ]--- kernel: RIP: 0010:md_bitmap_create+0x1d1/0x850 [md_mod]
{
"affected": [],
"aliases": [
"CVE-2022-49526"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:28Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/bitmap: don\u0027t set sb values if can\u0027t pass sanity check\n\nIf bitmap area contains invalid data, kernel will crash then mdadm\ntriggers \"Segmentation fault\".\nThis is cluster-md speical bug. In non-clustered env, mdadm will\nhandle broken metadata case. In clustered array, only kernel space\nhandles bitmap slot info. But even this bug only happened in clustered\nenv, current sanity check is wrong, the code should be changed.\n\nHow to trigger: (faulty injection)\n\ndd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sda\ndd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sdb\nmdadm -C /dev/md0 -b clustered -e 1.2 -n 2 -l mirror /dev/sda /dev/sdb\nmdadm -Ss\necho aaa \u003e magic.txt\n == below modifying slot 2 bitmap data ==\ndd if=magic.txt of=/dev/sda seek=16384 bs=1 count=3 \u003c== destroy magic\ndd if=/dev/zero of=/dev/sda seek=16436 bs=1 count=4 \u003c== ZERO chunksize\nmdadm -A /dev/md0 /dev/sda /dev/sdb\n == kernel crashes. mdadm outputs \"Segmentation fault\" ==\n\nReason of kernel crash:\n\nIn md_bitmap_read_sb (called by md_bitmap_create), bad bitmap magic didn\u0027t\nblock chunksize assignment, and zero value made DIV_ROUND_UP_SECTOR_T()\ntrigger \"divide error\".\n\nCrash log:\n\nkernel: md: md0 stopped.\nkernel: md/raid1:md0: not clean -- starting background reconstruction\nkernel: md/raid1:md0: active with 2 out of 2 mirrors\nkernel: dlm: ... ...\nkernel: md-cluster: Joined cluster 44810aba-38bb-e6b8-daca-bc97a0b254aa slot 1\nkernel: md0: invalid bitmap file superblock: bad magic\nkernel: md_bitmap_copy_from_slot can\u0027t get bitmap from slot 2\nkernel: md-cluster: Could not gather bitmaps from slot 2\nkernel: divide error: 0000 [#1] SMP NOPTI\nkernel: CPU: 0 PID: 1603 Comm: mdadm Not tainted 5.14.6-1-default\nkernel: Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nkernel: RIP: 0010:md_bitmap_create+0x1d1/0x850 [md_mod]\nkernel: RSP: 0018:ffffc22ac0843ba0 EFLAGS: 00010246\nkernel: ... ...\nkernel: Call Trace:\nkernel: ? dlm_lock_sync+0xd0/0xd0 [md_cluster 77fe..7a0]\nkernel: md_bitmap_copy_from_slot+0x2c/0x290 [md_mod 24ea..d3a]\nkernel: load_bitmaps+0xec/0x210 [md_cluster 77fe..7a0]\nkernel: md_bitmap_load+0x81/0x1e0 [md_mod 24ea..d3a]\nkernel: do_md_run+0x30/0x100 [md_mod 24ea..d3a]\nkernel: md_ioctl+0x1290/0x15a0 [md_mod 24ea....d3a]\nkernel: ? mddev_unlock+0xaa/0x130 [md_mod 24ea..d3a]\nkernel: ? blkdev_ioctl+0xb1/0x2b0\nkernel: block_ioctl+0x3b/0x40\nkernel: __x64_sys_ioctl+0x7f/0xb0\nkernel: do_syscall_64+0x59/0x80\nkernel: ? exit_to_user_mode_prepare+0x1ab/0x230\nkernel: ? syscall_exit_to_user_mode+0x18/0x40\nkernel: ? do_syscall_64+0x69/0x80\nkernel: entry_SYSCALL_64_after_hwframe+0x44/0xae\nkernel: RIP: 0033:0x7f4a15fa722b\nkernel: ... ...\nkernel: ---[ end trace 8afa7612f559c868 ]---\nkernel: RIP: 0010:md_bitmap_create+0x1d1/0x850 [md_mod]",
"id": "GHSA-w5j3-2fj8-5x8c",
"modified": "2025-10-21T12:31:26Z",
"published": "2025-10-21T12:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49526"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0959aa00f9765bd8c654b1365012e41b51c733cc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/27f672af28a8e9b783ff7f0eaf7ef2fbd5a2f4ba"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/422e8f7ba1e08c8e0e88d375bcb550bc2bbfe96d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cf9392282a2cf5a8d83dd1c5aa1a097e12f172bc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d8f1558e1daf54f53a90b4c5700ae3e3a4b13412"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e68cb83a57a458b01c9739e2ad9cb70b04d1e6d2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e69e93120f6219b9cc4fba3b515b6ababd8548aa"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W5M6-6H93-74M4
Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-20 18:31In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace()
The kernel log indicates a crash in ufshcd_add_command_trace, due to a NULL pointer dereference when accessing hwq->id. This can happen if ufshcd_mcq_req_to_hwq() returns NULL.
This patch adds a NULL check for hwq before accessing its id field to prevent a kernel crash.
Kernel log excerpt: [] notify_die+0x4c/0x8c [] __die+0x60/0xb0 [] die+0x4c/0xe0 [] die_kernel_fault+0x74/0x88 [] __do_kernel_fault+0x314/0x318 [] do_page_fault+0xa4/0x5f8 [] do_translation_fault+0x34/0x54 [] do_mem_abort+0x50/0xa8 [] el1_abort+0x3c/0x64 [] el1h_64_sync_handler+0x44/0xcc [] el1h_64_sync+0x80/0x88 [] ufshcd_add_command_trace+0x23c/0x320 [] ufshcd_compl_one_cqe+0xa4/0x404 [] ufshcd_mcq_poll_cqe_lock+0xac/0x104 [] ufs_mtk_mcq_intr+0x54/0x74 [ufs_mediatek_mod] [] __handle_irq_event_percpu+0xc8/0x348 [] handle_irq_event+0x3c/0xa8 [] handle_fasteoi_irq+0xf8/0x294 [] generic_handle_domain_irq+0x54/0x80 [] gic_handle_irq+0x1d4/0x330 [] call_on_irq_stack+0x44/0x68 [] do_interrupt_handler+0x78/0xd8 [] el1_interrupt+0x48/0xa8 [] el1h_64_irq_handler+0x14/0x24 [] el1h_64_irq+0x80/0x88 [] arch_local_irq_enable+0x4/0x1c [] cpuidle_enter+0x34/0x54 [] do_idle+0x1dc/0x2f8 [] cpu_startup_entry+0x30/0x3c [] secondary_start_kernel+0x134/0x1ac [] __secondary_switched+0xc4/0xcc
{
"affected": [],
"aliases": [
"CVE-2026-43471"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T15:17:00Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace()\n\nThe kernel log indicates a crash in ufshcd_add_command_trace, due to a NULL\npointer dereference when accessing hwq-\u003eid. This can happen if\nufshcd_mcq_req_to_hwq() returns NULL.\n\nThis patch adds a NULL check for hwq before accessing its id field to\nprevent a kernel crash.\n\nKernel log excerpt:\n[\u003cffffffd5d192dc4c\u003e] notify_die+0x4c/0x8c\n[\u003cffffffd5d1814e58\u003e] __die+0x60/0xb0\n[\u003cffffffd5d1814d64\u003e] die+0x4c/0xe0\n[\u003cffffffd5d181575c\u003e] die_kernel_fault+0x74/0x88\n[\u003cffffffd5d1864db4\u003e] __do_kernel_fault+0x314/0x318\n[\u003cffffffd5d2a3cdf8\u003e] do_page_fault+0xa4/0x5f8\n[\u003cffffffd5d2a3cd34\u003e] do_translation_fault+0x34/0x54\n[\u003cffffffd5d1864524\u003e] do_mem_abort+0x50/0xa8\n[\u003cffffffd5d2a297dc\u003e] el1_abort+0x3c/0x64\n[\u003cffffffd5d2a29718\u003e] el1h_64_sync_handler+0x44/0xcc\n[\u003cffffffd5d181133c\u003e] el1h_64_sync+0x80/0x88\n[\u003cffffffd5d255c1dc\u003e] ufshcd_add_command_trace+0x23c/0x320\n[\u003cffffffd5d255bad8\u003e] ufshcd_compl_one_cqe+0xa4/0x404\n[\u003cffffffd5d2572968\u003e] ufshcd_mcq_poll_cqe_lock+0xac/0x104\n[\u003cffffffd5d11c7460\u003e] ufs_mtk_mcq_intr+0x54/0x74 [ufs_mediatek_mod]\n[\u003cffffffd5d19ab92c\u003e] __handle_irq_event_percpu+0xc8/0x348\n[\u003cffffffd5d19abca8\u003e] handle_irq_event+0x3c/0xa8\n[\u003cffffffd5d19b1f0c\u003e] handle_fasteoi_irq+0xf8/0x294\n[\u003cffffffd5d19aa778\u003e] generic_handle_domain_irq+0x54/0x80\n[\u003cffffffd5d18102bc\u003e] gic_handle_irq+0x1d4/0x330\n[\u003cffffffd5d1838210\u003e] call_on_irq_stack+0x44/0x68\n[\u003cffffffd5d183af30\u003e] do_interrupt_handler+0x78/0xd8\n[\u003cffffffd5d2a29c00\u003e] el1_interrupt+0x48/0xa8\n[\u003cffffffd5d2a29ba8\u003e] el1h_64_irq_handler+0x14/0x24\n[\u003cffffffd5d18113c4\u003e] el1h_64_irq+0x80/0x88\n[\u003cffffffd5d2527fb4\u003e] arch_local_irq_enable+0x4/0x1c\n[\u003cffffffd5d25282e4\u003e] cpuidle_enter+0x34/0x54\n[\u003cffffffd5d195a678\u003e] do_idle+0x1dc/0x2f8\n[\u003cffffffd5d195a7c4\u003e] cpu_startup_entry+0x30/0x3c\n[\u003cffffffd5d18155c4\u003e] secondary_start_kernel+0x134/0x1ac\n[\u003cffffffd5d18640bc\u003e] __secondary_switched+0xc4/0xcc",
"id": "GHSA-w5m6-6h93-74m4",
"modified": "2026-05-20T18:31:31Z",
"published": "2026-05-08T15:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43471"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0614f5618c24fbc3d555efade22887b102ad7ad6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/30df81f2228d65bddf492db3929d9fcaffd38fc5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/93b9e7ee9e93629db80bbc9dab8a874215b89ccf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/be730f9ee92ae08f2bc4b336967bcfd8183c06fe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f4f590c6c9df7453bbda2ef9170b1b09e42a124c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W5M8-86XC-XFR5
Vulnerability from github – Published: 2025-02-27 03:34 – Updated: 2025-03-06 12:30In the Linux kernel, the following vulnerability has been resolved:
HID: winwing: Add NULL check in winwing_init_led()
devm_kasprintf() can return a NULL pointer on failure,but this returned value in winwing_init_led() is not checked. Add NULL check in winwing_init_led(), to handle kernel NULL pointer dereference error.
{
"affected": [],
"aliases": [
"CVE-2024-58021"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-27T03:15:13Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: winwing: Add NULL check in winwing_init_led()\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in winwing_init_led() is not checked.\nAdd NULL check in winwing_init_led(), to handle kernel NULL\npointer dereference error.",
"id": "GHSA-w5m8-86xc-xfr5",
"modified": "2025-03-06T12:30:41Z",
"published": "2025-02-27T03:34:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58021"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4001f6f79183b8868d80dd2036dfb4ea3d325e8f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/45ab5166a82d038c898985b0ad43ead69c1f9573"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b99dbdee8a89c44d03ae9830ab19f31e124a3f32"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W5XQ-H3XV-J2FJ
Vulnerability from github – Published: 2024-04-03 18:30 – Updated: 2025-05-02 09:30In the Linux kernel, the following vulnerability has been resolved:
RDMA/srpt: Support specifying the srpt_service_guid parameter
Make loading ib_srpt with this parameter set work. The current behavior is that setting that parameter while loading the ib_srpt kernel module triggers the following kernel crash:
BUG: kernel NULL pointer dereference, address: 0000000000000000 Call Trace: parse_one+0x18c/0x1d0 parse_args+0xe1/0x230 load_module+0x8de/0xa60 init_module_from_file+0x8b/0xd0 idempotent_init_module+0x181/0x240 __x64_sys_finit_module+0x5a/0xb0 do_syscall_64+0x5f/0xe0 entry_SYSCALL_64_after_hwframe+0x6e/0x76
{
"affected": [],
"aliases": [
"CVE-2024-26744"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-03T17:15:51Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srpt: Support specifying the srpt_service_guid parameter\n\nMake loading ib_srpt with this parameter set work. The current behavior is\nthat setting that parameter while loading the ib_srpt kernel module\ntriggers the following kernel crash:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCall Trace:\n \u003cTASK\u003e\n parse_one+0x18c/0x1d0\n parse_args+0xe1/0x230\n load_module+0x8de/0xa60\n init_module_from_file+0x8b/0xd0\n idempotent_init_module+0x181/0x240\n __x64_sys_finit_module+0x5a/0xb0\n do_syscall_64+0x5f/0xe0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76",
"id": "GHSA-w5xq-h3xv-j2fj",
"modified": "2025-05-02T09:30:25Z",
"published": "2024-04-03T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26744"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5a5c039dac1b1b7ba3e91c791f4421052bf79b82"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/84f1dac960cfa210a3b7a7522e6c2320ae91932b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/989af2f29342a9a7c7515523d879b698ac8465f4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aee4dcfe17219fe60f2821923adea98549060af8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c99a827d3cff9f84e1cb997b7cc6386d107aa74d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e0055d6461b36bfc25a9d2ab974eef78d36a6738"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fdfa083549de5d50ebf7f6811f33757781e838c0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fe2a73d57319feab4b3b175945671ce43492172f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W627-2227-4GVP
Vulnerability from github – Published: 2022-05-17 02:51 – Updated: 2022-05-17 02:51The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
{
"affected": [],
"aliases": [
"CVE-2017-7383"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-03T05:59:00Z",
"severity": "MODERATE"
},
"details": "The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.",
"id": "GHSA-w627-2227-4gvp",
"modified": "2022-05-17T02:51:02Z",
"published": "2022-05-17T02:51:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7383"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97296"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W62F-8H3G-5R69
Vulnerability from github – Published: 2024-08-14 15:31 – Updated: 2024-08-14 15:31InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-41866"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-14T15:15:31Z",
"severity": "MODERATE"
},
"details": "InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-w62f-8h3g-5r69",
"modified": "2024-08-14T15:31:18Z",
"published": "2024-08-14T15:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41866"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/indesign/apsb24-56.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W643-VJWG-3CFX
Vulnerability from github – Published: 2022-05-14 03:54 – Updated: 2022-05-14 03:54The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the "dead" type.
{
"affected": [],
"aliases": [
"CVE-2017-6951"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-16T18:59:00Z",
"severity": "MODERATE"
},
"details": "The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the \"dead\" type.",
"id": "GHSA-w643-vjwg-3cfx",
"modified": "2022-05-14T03:54:00Z",
"published": "2022-05-14T03:54:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6951"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96943"
},
{
"type": "WEB",
"url": "http://www.spinics.net/lists/keyrings/msg01845.html"
},
{
"type": "WEB",
"url": "http://www.spinics.net/lists/keyrings/msg01846.html"
},
{
"type": "WEB",
"url": "http://www.spinics.net/lists/keyrings/msg01849.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W649-2QR9-FG6V
Vulnerability from github – Published: 2022-05-13 01:15 – Updated: 2024-10-17 21:31The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability."
{
"affected": [],
"aliases": [
"CVE-2011-1271"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-05-10T19:55:00Z",
"severity": "MODERATE"
},
"details": "The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \".NET Framework JIT Optimization Vulnerability.\"",
"id": "GHSA-w649-2qr9-fg6v",
"modified": "2024-10-17T21:31:28Z",
"published": "2022-05-13T01:15:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1271"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-044"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12686"
},
{
"type": "WEB",
"url": "http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.