Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-MV84-GGQF-6Q3W

Vulnerability from github – Published: 2024-08-26 12:31 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr

Check return value and conduct null pointer handling to avoid null pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43905"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-26T11:15:04Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix the null pointer dereference for vega10_hwmgr\n\nCheck return value and conduct null pointer handling to avoid null pointer dereference.",
  "id": "GHSA-mv84-ggqf-6q3w",
  "modified": "2025-11-04T00:31:18Z",
  "published": "2024-08-26T12:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43905"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0fa11f9df96217c2785b040629ff1a16900fb51c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2ac9deb7e087f0b461c3559d9eaa6b9cf19d3fa8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2e538944996d0dd497faf8ee81f8bfcd3aca7d80"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/50151b7f1c79a09117837eb95b76c2de76841dab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/69a441473fec2fc2aa2cf56122d6c42c4266a239"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c2629daf218a325f4d69754452cd42fe8451c15b"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MV8H-Q9CX-PF93

Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16
VLAI
Details

An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-19870"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-26T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.",
  "id": "GHSA-mv8h-q9cx-pf93",
  "modified": "2022-05-13T01:16:05Z",
  "published": "2022-05-13T01:16:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19870"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2135"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3390"
    },
    {
      "type": "WEB",
      "url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates"
    },
    {
      "type": "WEB",
      "url": "https://codereview.qt-project.org/#/c/235998"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4003-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4374"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MVGV-7373-M999

Vulnerability from github – Published: 2022-11-15 12:00 – Updated: 2022-11-18 06:30
VLAI
Details

Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-25741"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-15T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
  "id": "GHSA-mvgv-7373-m999",
  "modified": "2022-11-18T06:30:31Z",
  "published": "2022-11-15T12:00:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25741"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/november-2022-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MVJM-XVHC-97RR

Vulnerability from github – Published: 2022-01-14 00:02 – Updated: 2023-04-19 18:30
VLAI
Details

Possible null pointer dereference due to improper validation of APE clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-30330"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-13T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "Possible null pointer dereference due to improper validation of APE clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
  "id": "GHSA-mvjm-xvhc-97rr",
  "modified": "2023-04-19T18:30:59Z",
  "published": "2022-01-14T00:02:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30330"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2022-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MVP7-6JPM-FHMR

Vulnerability from github – Published: 2025-03-17 18:31 – Updated: 2025-03-17 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/omap: fix NULL but dereferenced coccicheck error

Fix the following coccicheck warning: ./drivers/gpu/drm/omapdrm/omap_overlay.c:89:22-25: ERROR: r_ovl is NULL but dereferenced.

Here should be ovl->idx rather than r_ovl->idx.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49510"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:27Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/omap: fix NULL but dereferenced coccicheck error\n\nFix the following coccicheck warning:\n./drivers/gpu/drm/omapdrm/omap_overlay.c:89:22-25: ERROR: r_ovl is NULL\nbut dereferenced.\n\nHere should be ovl-\u003eidx rather than r_ovl-\u003eidx.",
  "id": "GHSA-mvp7-6jpm-fhmr",
  "modified": "2025-03-17T18:31:51Z",
  "published": "2025-03-17T18:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49510"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/08d9a75eab594ca508a440db7c73064498d26687"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8f2a3970c969d0d8d7289a4c65edcedafc16fd92"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d2507be660310bb9bcca918f81f49b8bba07e462"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MVQG-P94V-J4RG

Vulnerability from github – Published: 2024-08-17 12:30 – Updated: 2024-09-30 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Add null check before access structs

In enable_phantom_plane, we should better check null pointer before accessing various structs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43827"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-17T10:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check before access structs\n\nIn enable_phantom_plane, we should better check null pointer before\naccessing various structs.",
  "id": "GHSA-mvqg-p94v-j4rg",
  "modified": "2024-09-30T15:30:43Z",
  "published": "2024-08-17T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43827"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/081ff4c0ef1884ae55f7adb8944efd22e22d8724"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c96140000915b610d86f941450e15ca552de154a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MVV8-9C49-M8G7

Vulnerability from github – Published: 2022-05-17 00:53 – Updated: 2022-05-17 00:53
VLAI
Details

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8394"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-01T18:59:00Z",
    "severity": "HIGH"
  },
  "details": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.",
  "id": "GHSA-mvv8-9c49-m8g7",
  "modified": "2022-05-17T00:53:08Z",
  "published": "2022-05-17T00:53:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8394"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201709-02"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21414"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MVVW-5WW4-3HGM

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-02 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ovl: fix null pointer dereference in ovl_permission()

Following process: P1 P2 path_lookupat link_path_walk inode_permission ovl_permission ovl_i_path_real(inode, &realpath) path->dentry = ovl_i_dentry_upper(inode) drop_cache __dentry_kill(ovl_dentry) iput(ovl_inode) ovl_destroy_inode(ovl_inode) dput(oi->__upperdentry) dentry_kill(upperdentry) dentry_unlink_inode upperdentry->d_inode = NULL realinode = d_inode(realpath.dentry) // return NULL inode_permission(realinode) inode->i_sb // NULL pointer dereference , will trigger an null pointer dereference at realinode: [ 335.664979] BUG: kernel NULL pointer dereference, address: 0000000000000002 [ 335.668032] CPU: 0 PID: 2592 Comm: ls Not tainted 6.3.0 [ 335.669956] RIP: 0010:inode_permission+0x33/0x2c0 [ 335.678939] Call Trace: [ 335.679165] [ 335.679371] ovl_permission+0xde/0x320 [ 335.679723] inode_permission+0x15e/0x2c0 [ 335.680090] link_path_walk+0x115/0x550 [ 335.680771] path_lookupat.isra.0+0xb2/0x200 [ 335.681170] filename_lookup+0xda/0x240 [ 335.681922] vfs_statx+0xa6/0x1f0 [ 335.682233] vfs_fstatat+0x7b/0xb0

Fetch a reproducer in [Link].

Use the helper ovl_i_path_realinode() to get realinode and then do non-nullptr checking.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53260"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:53Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix null pointer dereference in ovl_permission()\n\nFollowing process:\n          P1                     P2\n path_lookupat\n  link_path_walk\n   inode_permission\n    ovl_permission\n      ovl_i_path_real(inode, \u0026realpath)\n        path-\u003edentry = ovl_i_dentry_upper(inode)\n                          drop_cache\n\t\t\t   __dentry_kill(ovl_dentry)\n\t\t            iput(ovl_inode)\n\t\t             ovl_destroy_inode(ovl_inode)\n\t\t              dput(oi-\u003e__upperdentry)\n\t\t               dentry_kill(upperdentry)\n\t\t                dentry_unlink_inode\n\t\t\t\t upperdentry-\u003ed_inode = NULL\n      realinode = d_inode(realpath.dentry) // return NULL\n      inode_permission(realinode)\n       inode-\u003ei_sb  // NULL pointer dereference\n, will trigger an null pointer dereference at realinode:\n  [  335.664979] BUG: kernel NULL pointer dereference,\n                 address: 0000000000000002\n  [  335.668032] CPU: 0 PID: 2592 Comm: ls Not tainted 6.3.0\n  [  335.669956] RIP: 0010:inode_permission+0x33/0x2c0\n  [  335.678939] Call Trace:\n  [  335.679165]  \u003cTASK\u003e\n  [  335.679371]  ovl_permission+0xde/0x320\n  [  335.679723]  inode_permission+0x15e/0x2c0\n  [  335.680090]  link_path_walk+0x115/0x550\n  [  335.680771]  path_lookupat.isra.0+0xb2/0x200\n  [  335.681170]  filename_lookup+0xda/0x240\n  [  335.681922]  vfs_statx+0xa6/0x1f0\n  [  335.682233]  vfs_fstatat+0x7b/0xb0\n\nFetch a reproducer in [Link].\n\nUse the helper ovl_i_path_realinode() to get realinode and then do\nnon-nullptr checking.",
  "id": "GHSA-mvvw-5ww4-3hgm",
  "modified": "2025-12-02T21:31:25Z",
  "published": "2025-09-15T15:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53260"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1a73f5b8f079fd42a544c1600beface50c63af7c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/53dd2ca2c02fdcfe3aad2345091d371063f97d17"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/69f9ae7edf9ec0ff500429101923347fcba5c8c4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MW2C-85QX-PGMH

Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2025-04-11 03:39
VLAI
Details

Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-3437"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-10-04T21:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call.",
  "id": "GHSA-mw2c-85qx-pgmh",
  "modified": "2025-04-11T03:39:25Z",
  "published": "2022-05-13T01:23:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3437"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=638085"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=252a52aa4fa22a668f019e55b3aac3ff71ec1c29"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=252a52aa4fa22a668f019e55b3aac3ff71ec1c29"
    },
    {
      "type": "WEB",
      "url": "http://jon.oberheide.org/files/cve-2010-3437.c"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42778"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42801"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42932"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2010/dsa-2126"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/15150"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc6"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2010/09/28/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2010/09/28/6"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/43551"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1000-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0012"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0124"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0298"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MW2G-8699-96XP

Vulnerability from github – Published: 2022-01-26 00:00 – Updated: 2022-02-02 00:02
VLAI
Details

On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when a virtual server is configured with a DNS profile with the Rapid Response Mode setting enabled and is configured on a BIG-IP system, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23017"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-25T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when a virtual server is configured with a DNS profile with the Rapid Response Mode setting enabled and is configured on a BIG-IP system, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-mw2g-8699-96xp",
  "modified": "2022-02-02T00:02:01Z",
  "published": "2022-01-26T00:00:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23017"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K28042514"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.