CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
GHSA-5FFP-85MP-H2Q2
Vulnerability from github – Published: 2024-08-17 12:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
md: fix deadlock between mddev_suspend and flush bio
Deadlock occurs when mddev is being suspended while some flush bio is in progress. It is a complex issue.
T1. the first flush is at the ending stage, it clears 'mddev->flush_bio' and tries to submit data, but is blocked because mddev is suspended by T4. T2. the second flush sets 'mddev->flush_bio', and attempts to queue md_submit_flush_data(), which is already running (T1) and won't execute again if on the same CPU as T1. T3. the third flush inc active_io and tries to flush, but is blocked because 'mddev->flush_bio' is not NULL (set by T2). T4. mddev_suspend() is called and waits for active_io dec to 0 which is inc by T3.
T1 T2 T3 T4 (flush 1) (flush 2) (third 3) (suspend) md_submit_flush_data mddev->flush_bio = NULL; . . md_flush_request . mddev->flush_bio = bio . queue submit_flushes . . . . md_handle_request . . active_io + 1 . . md_flush_request . . wait !mddev->flush_bio . . . . mddev_suspend . . wait !active_io . . . submit_flushes . queue_work md_submit_flush_data . //md_submit_flush_data is already running (T1) . md_handle_request wait resume
The root issue is non-atomic inc/dec of active_io during flush process. active_io is dec before md_submit_flush_data is queued, and inc soon after md_submit_flush_data() run. md_flush_request active_io + 1 submit_flushes active_io - 1 md_submit_flush_data md_handle_request active_io + 1 make_request active_io - 1
If active_io is dec after md_handle_request() instead of within submit_flushes(), make_request() can be called directly intead of md_handle_request() in md_submit_flush_data(), and active_io will only inc and dec once in the whole flush process. Deadlock will be fixed.
Additionally, the only difference between fixing the issue and before is that there is no return error handling of make_request(). But after previous patch cleaned md_write_start(), make_requst() only return error in raid5_make_request() by dm-raid, see commit 41425f96d7aa ("dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape)". Since dm always splits data and flush operation into two separate io, io size of flush submitted by dm always is 0, make_request() will not be called in md_submit_flush_data(). To prevent future modifications from introducing issues, add WARN_ON to ensure make_request() no error is returned in this context.
{
"affected": [],
"aliases": [
"CVE-2024-43855"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-17T10:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix deadlock between mddev_suspend and flush bio\n\nDeadlock occurs when mddev is being suspended while some flush bio is in\nprogress. It is a complex issue.\n\nT1. the first flush is at the ending stage, it clears \u0027mddev-\u003eflush_bio\u0027\n and tries to submit data, but is blocked because mddev is suspended\n by T4.\nT2. the second flush sets \u0027mddev-\u003eflush_bio\u0027, and attempts to queue\n md_submit_flush_data(), which is already running (T1) and won\u0027t\n execute again if on the same CPU as T1.\nT3. the third flush inc active_io and tries to flush, but is blocked because\n \u0027mddev-\u003eflush_bio\u0027 is not NULL (set by T2).\nT4. mddev_suspend() is called and waits for active_io dec to 0 which is inc\n by T3.\n\n T1\t\tT2\t\tT3\t\tT4\n (flush 1)\t(flush 2)\t(third 3)\t(suspend)\n md_submit_flush_data\n mddev-\u003eflush_bio = NULL;\n .\n .\t \tmd_flush_request\n .\t \t mddev-\u003eflush_bio = bio\n .\t \t queue submit_flushes\n .\t\t .\n .\t\t .\t\tmd_handle_request\n .\t\t .\t\t active_io + 1\n .\t\t .\t\t md_flush_request\n .\t\t .\t\t wait !mddev-\u003eflush_bio\n .\t\t .\n .\t\t .\t\t\t\tmddev_suspend\n .\t\t .\t\t\t\t wait !active_io\n .\t\t .\n .\t\t submit_flushes\n .\t\t queue_work md_submit_flush_data\n .\t\t //md_submit_flush_data is already running (T1)\n .\n md_handle_request\n wait resume\n\nThe root issue is non-atomic inc/dec of active_io during flush process.\nactive_io is dec before md_submit_flush_data is queued, and inc soon\nafter md_submit_flush_data() run.\n md_flush_request\n active_io + 1\n submit_flushes\n active_io - 1\n md_submit_flush_data\n md_handle_request\n active_io + 1\n make_request\n active_io - 1\n\nIf active_io is dec after md_handle_request() instead of within\nsubmit_flushes(), make_request() can be called directly intead of\nmd_handle_request() in md_submit_flush_data(), and active_io will\nonly inc and dec once in the whole flush process. Deadlock will be\nfixed.\n\nAdditionally, the only difference between fixing the issue and before is\nthat there is no return error handling of make_request(). But after\nprevious patch cleaned md_write_start(), make_requst() only return error\nin raid5_make_request() by dm-raid, see commit 41425f96d7aa (\"dm-raid456,\nmd/raid456: fix a deadlock for dm-raid456 while io concurrent with\nreshape)\". Since dm always splits data and flush operation into two\nseparate io, io size of flush submitted by dm always is 0, make_request()\nwill not be called in md_submit_flush_data(). To prevent future\nmodifications from introducing issues, add WARN_ON to ensure\nmake_request() no error is returned in this context.",
"id": "GHSA-5ffp-85mp-h2q2",
"modified": "2025-11-04T00:31:16Z",
"published": "2024-08-17T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43855"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2d0738a8322bf4e5bfe693d16b3111928a9ccfbf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/32226070813140234b6c507084738e8e8385c5c6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/611d5cbc0b35a752e657a83eebadf40d814d006b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca963eefbc3331222b6121baa696d49ba2008811"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5FGJ-3HR2-9FMQ
Vulnerability from github – Published: 2023-05-24 21:30 – Updated: 2023-05-24 21:30A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2023-2875"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-24T19:15:09Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-5fgj-3hr2-9fmq",
"modified": "2023-05-24T21:30:19Z",
"published": "2023-05-24T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2875"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1fvlP0d9HmApjWhYDjgsdco7g7FPsbn0V/view?usp=sharing"
},
{
"type": "WEB",
"url": "https://github.com/zeze-zeze/WindowsKernelVuln/blob/master/CVE-2023-2875"
},
{
"type": "WEB",
"url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned48"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.229854"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.229854"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5FP7-MMWQ-GVMW
Vulnerability from github – Published: 2022-10-07 18:16 – Updated: 2022-10-13 19:00In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.
{
"affected": [],
"aliases": [
"CVE-2022-2928"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-07T05:15:00Z",
"severity": "HIGH"
},
"details": "In ISC DHCP 4.4.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option\u0027s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.",
"id": "GHSA-5fp7-mmwq-gvmw",
"modified": "2022-10-13T19:00:21Z",
"published": "2022-10-07T18:16:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2928"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/cve-2022-2928"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5FP7-Q8W5-MMWF
Vulnerability from github – Published: 2024-06-14 00:33 – Updated: 2024-06-14 00:33NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU plugin.
{
"affected": [],
"aliases": [
"CVE-2024-0086"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-13T22:15:11Z",
"severity": "MODERATE"
},
"details": "NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU plugin.",
"id": "GHSA-5fp7-q8w5-mmwf",
"modified": "2024-06-14T00:33:06Z",
"published": "2024-06-14T00:33:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0086"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5FW2-MJ64-QV7F
Vulnerability from github – Published: 2022-05-09 00:00 – Updated: 2022-05-17 00:00NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.
{
"affected": [],
"aliases": [
"CVE-2022-1620"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-08T11:15:00Z",
"severity": "HIGH"
},
"details": "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.",
"id": "GHSA-5fw2-mj64-qv7f",
"modified": "2022-05-17T00:00:53Z",
"published": "2022-05-09T00:00:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1620"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213488"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5FWX-5J9V-M6CP
Vulnerability from github – Published: 2025-09-05 18:31 – Updated: 2026-05-12 15:31In the Linux kernel, the following vulnerability has been resolved:
MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
Not all tasks have an ABI associated or vDSO mapped, for example kthreads never do. If such a task ever ends up calling stack_top(), it will derefence the NULL ABI pointer and crash.
This can for example happen when using kunit:
mips_stack_top+0x28/0xc0
arch_pick_mmap_layout+0x190/0x220
kunit_vm_mmap_init+0xf8/0x138
__kunit_add_resource+0x40/0xa8
kunit_vm_mmap+0x88/0xd8
usercopy_test_init+0xb8/0x240
kunit_try_run_case+0x5c/0x1a8
kunit_generic_run_threadfn_adapter+0x28/0x50
kthread+0x118/0x240
ret_from_kernel_thread+0x14/0x1c
Only dereference the ABI point if it is set.
The GIC page is also included as it is specific to the vDSO. Also move the randomization adjustment into the same conditional.
{
"affected": [],
"aliases": [
"CVE-2025-38696"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-04T16:15:38Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: Don\u0027t crash in stack_top() for tasks without ABI or vDSO\n\nNot all tasks have an ABI associated or vDSO mapped,\nfor example kthreads never do.\nIf such a task ever ends up calling stack_top(), it will derefence the\nNULL ABI pointer and crash.\n\nThis can for example happen when using kunit:\n\n mips_stack_top+0x28/0xc0\n arch_pick_mmap_layout+0x190/0x220\n kunit_vm_mmap_init+0xf8/0x138\n __kunit_add_resource+0x40/0xa8\n kunit_vm_mmap+0x88/0xd8\n usercopy_test_init+0xb8/0x240\n kunit_try_run_case+0x5c/0x1a8\n kunit_generic_run_threadfn_adapter+0x28/0x50\n kthread+0x118/0x240\n ret_from_kernel_thread+0x14/0x1c\n\nOnly dereference the ABI point if it is set.\n\nThe GIC page is also included as it is specific to the vDSO.\nAlso move the randomization adjustment into the same conditional.",
"id": "GHSA-5fwx-5j9v-m6cp",
"modified": "2026-05-12T15:31:00Z",
"published": "2025-09-05T18:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38696"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/24d098b6f69b0aa806ffcb3e18259bee31650b28"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5b6839b572b503609b9b58bc6c04a816eefa0794"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/82d140f6aab5e89a9d3972697a0dbe1498752d9b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ab18e48a503230d675e824a0d68a108bdff42503"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bd90dbd196831f5c2620736dc221db2634cf1e8e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cddf47d20b0325dc8a4e57b833fe96e8f36c42a4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e78033e59444d257d095b73ce5d20625294f6ec2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e9f4a6b3421e936c3ee9d74710243897d74dbaa2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f22de2027b206ddfb8a075800bb5d0dacf2da4b8"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5FXQ-XP5C-68MH
Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2016-5037"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-17T17:59:00Z",
"severity": "MODERATE"
},
"details": "The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.",
"id": "GHSA-5fxq-xp5c-68mh",
"modified": "2022-05-13T01:03:24Z",
"published": "2022-05-13T01:03:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5037"
},
{
"type": "WEB",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5G28-MMWC-H2CJ
Vulnerability from github – Published: 2022-05-14 01:22 – Updated: 2022-05-14 01:22When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer.
{
"affected": [],
"aliases": [
"CVE-2018-5206"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-06T16:29:00Z",
"severity": "CRITICAL"
},
"details": "When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer.",
"id": "GHSA-5g28-mmwc-h2cj",
"modified": "2022-05-14T01:22:28Z",
"published": "2022-05-14T01:22:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5206"
},
{
"type": "WEB",
"url": "https://irssi.org/security/irssi_sa_2018_01.txt"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4162"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5G69-HR8R-X577
Vulnerability from github – Published: 2024-04-26 03:30 – Updated: 2024-07-03 18:36cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.
{
"affected": [],
"aliases": [
"CVE-2024-31755"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-26T03:15:06Z",
"severity": "HIGH"
},
"details": "cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.",
"id": "GHSA-5g69-hr8r-x577",
"modified": "2024-07-03T18:36:54Z",
"published": "2024-04-26T03:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31755"
},
{
"type": "WEB",
"url": "https://github.com/DaveGamble/cJSON/issues/839"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5G7G-FPRM-CGPP
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-08 21:31In the Linux kernel, the following vulnerability has been resolved:
RDMA/ionic: Fix potential NULL pointer dereference in ionic_query_port
The function ionic_query_port() calls ib_device_get_netdev() without checking the return value which could lead to NULL pointer dereference, Fix it by checking the return value and return -ENODEV if the 'ndev' is NULL.
{
"affected": [],
"aliases": [
"CVE-2026-43282"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T12:16:49Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/ionic: Fix potential NULL pointer dereference in ionic_query_port\n\nThe function ionic_query_port() calls ib_device_get_netdev() without\nchecking the return value which could lead to NULL pointer dereference,\nFix it by checking the return value and return -ENODEV if the \u0027ndev\u0027 is\nNULL.",
"id": "GHSA-5g7g-fprm-cgpp",
"modified": "2026-05-08T21:31:22Z",
"published": "2026-05-06T12:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43282"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2b96156c927cd83c109e2e3946e6111dce73231f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/81932a46dfd0db10a03f46f0b1c7ef946ac4552f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fd80bd7105f88189f47d465ca8cb7d115570de30"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.