CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
GHSA-67QQ-RJ26-WJ76
Vulnerability from github – Published: 2026-01-28 18:30 – Updated: 2026-01-28 18:30NVIDIA HD Audio Driver for Windows contains a vulnerability where an attacker could exploit a NULL pointer dereference issue. A successful exploit of this vulnerability might lead to a denial of service.
{
"affected": [],
"aliases": [
"CVE-2025-33237"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-28T18:16:49Z",
"severity": "MODERATE"
},
"details": "NVIDIA HD Audio Driver for Windows contains a vulnerability where an attacker could exploit a NULL pointer dereference issue. A successful exploit of this vulnerability might lead to a denial of service.",
"id": "GHSA-67qq-rj26-wj76",
"modified": "2026-01-28T18:30:49Z",
"published": "2026-01-28T18:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33237"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5747"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33237"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-67VX-3F64-R6H9
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-01-06 18:31In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Dereference null return value
In the function pqm_uninit there is a call-assignment of "pdd = kfd_get_process_device_data" which could be null, and this value was later dereferenced without checking.
{
"affected": [],
"aliases": [
"CVE-2024-56666"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T15:15:26Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Dereference null return value\n\nIn the function pqm_uninit there is a call-assignment of \"pdd =\nkfd_get_process_device_data\" which could be null, and this value was\nlater dereferenced without checking.",
"id": "GHSA-67vx-3f64-r6h9",
"modified": "2025-01-06T18:31:00Z",
"published": "2024-12-27T15:31:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56666"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/768442d918932c4da09003f1fd6be1750b93a4ba"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a592bb19abdc2072875c87da606461bfd7821b08"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-67XW-5WFX-QCMC
Vulnerability from github – Published: 2025-01-19 12:31 – Updated: 2025-01-31 18:31In the Linux kernel, the following vulnerability has been resolved:
net: hns3: fix kernel crash when 1588 is sent on HIP08 devices
Currently, HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL. But the tx process would still try to set hardware time stamp info with SKBTX_HW_TSTAMP flag and cause a kernel crash.
[ 128.087798] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 ... [ 128.280251] pc : hclge_ptp_set_tx_info+0x2c/0x140 [hclge] [ 128.286600] lr : hclge_ptp_set_tx_info+0x20/0x140 [hclge] [ 128.292938] sp : ffff800059b93140 [ 128.297200] x29: ffff800059b93140 x28: 0000000000003280 [ 128.303455] x27: ffff800020d48280 x26: ffff0cb9dc814080 [ 128.309715] x25: ffff0cb9cde93fa0 x24: 0000000000000001 [ 128.315969] x23: 0000000000000000 x22: 0000000000000194 [ 128.322219] x21: ffff0cd94f986000 x20: 0000000000000000 [ 128.328462] x19: ffff0cb9d2a166c0 x18: 0000000000000000 [ 128.334698] x17: 0000000000000000 x16: ffffcf1fc523ed24 [ 128.340934] x15: 0000ffffd530a518 x14: 0000000000000000 [ 128.347162] x13: ffff0cd6bdb31310 x12: 0000000000000368 [ 128.353388] x11: ffff0cb9cfbc7070 x10: ffff2cf55dd11e02 [ 128.359606] x9 : ffffcf1f85a212b4 x8 : ffff0cd7cf27dab0 [ 128.365831] x7 : 0000000000000a20 x6 : ffff0cd7cf27d000 [ 128.372040] x5 : 0000000000000000 x4 : 000000000000ffff [ 128.378243] x3 : 0000000000000400 x2 : ffffcf1f85a21294 [ 128.384437] x1 : ffff0cb9db520080 x0 : ffff0cb9db500080 [ 128.390626] Call trace: [ 128.393964] hclge_ptp_set_tx_info+0x2c/0x140 [hclge] [ 128.399893] hns3_nic_net_xmit+0x39c/0x4c4 [hns3] [ 128.405468] xmit_one.constprop.0+0xc4/0x200 [ 128.410600] dev_hard_start_xmit+0x54/0xf0 [ 128.415556] sch_direct_xmit+0xe8/0x634 [ 128.420246] __dev_queue_xmit+0x224/0xc70 [ 128.425101] dev_queue_xmit+0x1c/0x40 [ 128.429608] ovs_vport_send+0xac/0x1a0 [openvswitch] [ 128.435409] do_output+0x60/0x17c [openvswitch] [ 128.440770] do_execute_actions+0x898/0x8c4 [openvswitch] [ 128.446993] ovs_execute_actions+0x64/0xf0 [openvswitch] [ 128.453129] ovs_dp_process_packet+0xa0/0x224 [openvswitch] [ 128.459530] ovs_vport_receive+0x7c/0xfc [openvswitch] [ 128.465497] internal_dev_xmit+0x34/0xb0 [openvswitch] [ 128.471460] xmit_one.constprop.0+0xc4/0x200 [ 128.476561] dev_hard_start_xmit+0x54/0xf0 [ 128.481489] __dev_queue_xmit+0x968/0xc70 [ 128.486330] dev_queue_xmit+0x1c/0x40 [ 128.490856] ip_finish_output2+0x250/0x570 [ 128.495810] __ip_finish_output+0x170/0x1e0 [ 128.500832] ip_finish_output+0x3c/0xf0 [ 128.505504] ip_output+0xbc/0x160 [ 128.509654] ip_send_skb+0x58/0xd4 [ 128.513892] udp_send_skb+0x12c/0x354 [ 128.518387] udp_sendmsg+0x7a8/0x9c0 [ 128.522793] inet_sendmsg+0x4c/0x8c [ 128.527116] __sock_sendmsg+0x48/0x80 [ 128.531609] __sys_sendto+0x124/0x164 [ 128.536099] __arm64_sys_sendto+0x30/0x5c [ 128.540935] invoke_syscall+0x50/0x130 [ 128.545508] el0_svc_common.constprop.0+0x10c/0x124 [ 128.551205] do_el0_svc+0x34/0xdc [ 128.555347] el0_svc+0x20/0x30 [ 128.559227] el0_sync_handler+0xb8/0xc0 [ 128.563883] el0_sync+0x160/0x180
{
"affected": [],
"aliases": [
"CVE-2025-21649"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-19T11:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when 1588 is sent on HIP08 devices\n\nCurrently, HIP08 devices does not register the ptp devices, so the\nhdev-\u003eptp is NULL. But the tx process would still try to set hardware time\nstamp info with SKBTX_HW_TSTAMP flag and cause a kernel crash.\n\n[ 128.087798] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018\n...\n[ 128.280251] pc : hclge_ptp_set_tx_info+0x2c/0x140 [hclge]\n[ 128.286600] lr : hclge_ptp_set_tx_info+0x20/0x140 [hclge]\n[ 128.292938] sp : ffff800059b93140\n[ 128.297200] x29: ffff800059b93140 x28: 0000000000003280\n[ 128.303455] x27: ffff800020d48280 x26: ffff0cb9dc814080\n[ 128.309715] x25: ffff0cb9cde93fa0 x24: 0000000000000001\n[ 128.315969] x23: 0000000000000000 x22: 0000000000000194\n[ 128.322219] x21: ffff0cd94f986000 x20: 0000000000000000\n[ 128.328462] x19: ffff0cb9d2a166c0 x18: 0000000000000000\n[ 128.334698] x17: 0000000000000000 x16: ffffcf1fc523ed24\n[ 128.340934] x15: 0000ffffd530a518 x14: 0000000000000000\n[ 128.347162] x13: ffff0cd6bdb31310 x12: 0000000000000368\n[ 128.353388] x11: ffff0cb9cfbc7070 x10: ffff2cf55dd11e02\n[ 128.359606] x9 : ffffcf1f85a212b4 x8 : ffff0cd7cf27dab0\n[ 128.365831] x7 : 0000000000000a20 x6 : ffff0cd7cf27d000\n[ 128.372040] x5 : 0000000000000000 x4 : 000000000000ffff\n[ 128.378243] x3 : 0000000000000400 x2 : ffffcf1f85a21294\n[ 128.384437] x1 : ffff0cb9db520080 x0 : ffff0cb9db500080\n[ 128.390626] Call trace:\n[ 128.393964] hclge_ptp_set_tx_info+0x2c/0x140 [hclge]\n[ 128.399893] hns3_nic_net_xmit+0x39c/0x4c4 [hns3]\n[ 128.405468] xmit_one.constprop.0+0xc4/0x200\n[ 128.410600] dev_hard_start_xmit+0x54/0xf0\n[ 128.415556] sch_direct_xmit+0xe8/0x634\n[ 128.420246] __dev_queue_xmit+0x224/0xc70\n[ 128.425101] dev_queue_xmit+0x1c/0x40\n[ 128.429608] ovs_vport_send+0xac/0x1a0 [openvswitch]\n[ 128.435409] do_output+0x60/0x17c [openvswitch]\n[ 128.440770] do_execute_actions+0x898/0x8c4 [openvswitch]\n[ 128.446993] ovs_execute_actions+0x64/0xf0 [openvswitch]\n[ 128.453129] ovs_dp_process_packet+0xa0/0x224 [openvswitch]\n[ 128.459530] ovs_vport_receive+0x7c/0xfc [openvswitch]\n[ 128.465497] internal_dev_xmit+0x34/0xb0 [openvswitch]\n[ 128.471460] xmit_one.constprop.0+0xc4/0x200\n[ 128.476561] dev_hard_start_xmit+0x54/0xf0\n[ 128.481489] __dev_queue_xmit+0x968/0xc70\n[ 128.486330] dev_queue_xmit+0x1c/0x40\n[ 128.490856] ip_finish_output2+0x250/0x570\n[ 128.495810] __ip_finish_output+0x170/0x1e0\n[ 128.500832] ip_finish_output+0x3c/0xf0\n[ 128.505504] ip_output+0xbc/0x160\n[ 128.509654] ip_send_skb+0x58/0xd4\n[ 128.513892] udp_send_skb+0x12c/0x354\n[ 128.518387] udp_sendmsg+0x7a8/0x9c0\n[ 128.522793] inet_sendmsg+0x4c/0x8c\n[ 128.527116] __sock_sendmsg+0x48/0x80\n[ 128.531609] __sys_sendto+0x124/0x164\n[ 128.536099] __arm64_sys_sendto+0x30/0x5c\n[ 128.540935] invoke_syscall+0x50/0x130\n[ 128.545508] el0_svc_common.constprop.0+0x10c/0x124\n[ 128.551205] do_el0_svc+0x34/0xdc\n[ 128.555347] el0_svc+0x20/0x30\n[ 128.559227] el0_sync_handler+0xb8/0xc0\n[ 128.563883] el0_sync+0x160/0x180",
"id": "GHSA-67xw-5wfx-qcmc",
"modified": "2025-01-31T18:31:05Z",
"published": "2025-01-19T12:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21649"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9741e72b2286de8b38de9db685588ac421a95c87"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f19ab3ef96d9626e5f1bdc56d3574c355e83d623"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6839-RV39-32JH
Vulnerability from github – Published: 2025-03-30 21:30 – Updated: 2025-03-30 21:30A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub_41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-2960"
],
"database_specific": {
"cwe_ids": [
"CWE-404",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-30T21:15:32Z",
"severity": "HIGH"
},
"details": "A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub_41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-6839-rv39-32jh",
"modified": "2025-03-30T21:30:27Z",
"published": "2025-03-30T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2960"
},
{
"type": "WEB",
"url": "https://docs.google.com/document/d/17FadWn-UWXjvcYNzDI4JRjag-lGUU9pJ/edit#heading=h.gjdgxs"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1SS7jsYBNl0faSOy_vH5tNn_xJJ_HA1xU/view?usp=drive_link"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.302013"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.302013"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.521727"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-6847-M387-4WWV
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30NULL Pointer Dereference vulnerability in ravynsoft ravynos.This issue affects ravynos: through 0.5.2.
{
"affected": [],
"aliases": [
"CVE-2025-14309"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T16:17:38Z",
"severity": "HIGH"
},
"details": "NULL Pointer Dereference vulnerability in ravynsoft ravynos.This issue affects ravynos: through 0.5.2.",
"id": "GHSA-6847-m387-4wwv",
"modified": "2025-12-09T18:30:35Z",
"published": "2025-12-09T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14309"
},
{
"type": "WEB",
"url": "https://github.com/ravynsoft/ravynos/pull/502"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6855-RWXJ-9XGR
Vulnerability from github – Published: 2022-10-25 19:00 – Updated: 2024-06-27 18:31An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference,
{
"affected": [],
"aliases": [
"CVE-2022-39837"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-25T17:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference,",
"id": "GHSA-6855-rwxj-9xgr",
"modified": "2024-06-27T18:31:29Z",
"published": "2022-10-25T19:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39837"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00021.html"
},
{
"type": "WEB",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-memory-corruption-vulnerabilities-in-covesa-dlt-daemon"
},
{
"type": "WEB",
"url": "https://seclists.org/fulldisclosure/2022/Sep/24"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-68CQ-J9F2-GGV4
Vulnerability from github – Published: 2024-12-29 09:30 – Updated: 2025-01-08 18:30In the Linux kernel, the following vulnerability has been resolved:
drm/panel: himax-hx83102: Add a check to prevent NULL pointer dereference
drm_mode_duplicate() could return NULL due to lack of memory, which will then call NULL pointer dereference. Add a check to prevent it.
{
"affected": [],
"aliases": [
"CVE-2024-56711"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-29T09:15:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panel: himax-hx83102: Add a check to prevent NULL pointer dereference\n\ndrm_mode_duplicate() could return NULL due to lack of memory,\nwhich will then call NULL pointer dereference. Add a check to\nprevent it.",
"id": "GHSA-68cq-j9f2-ggv4",
"modified": "2025-01-08T18:30:48Z",
"published": "2024-12-29T09:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56711"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/747547972e647509815ad8530ff09d62220a56c2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e1e1af9148dc4c866eda3fb59cd6ec3c7ea34b1d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-68CV-5W6P-W3XJ
Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.
{
"affected": [],
"aliases": [
"CVE-2016-7131"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-09-12T01:59:00Z",
"severity": "HIGH"
},
"details": "ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a \u003c (less than) character.",
"id": "GHSA-68cv-5w6p-w3xj",
"modified": "2022-05-13T01:13:31Z",
"published": "2022-05-13T01:13:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7131"
},
{
"type": "WEB",
"url": "https://github.com/php/php-src/commit/0c8a2a2cd1056b7dc403eacb5d2c0eec6ce47c6f"
},
{
"type": "WEB",
"url": "https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b?w=1"
},
{
"type": "WEB",
"url": "https://bugs.php.net/bug.php?id=72790"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2016/09/02/9"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"type": "WEB",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"type": "WEB",
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/92768"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036680"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-68FH-262X-P9GV
Vulnerability from github – Published: 2022-05-14 03:16 – Updated: 2022-05-14 03:16VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.
{
"affected": [],
"aliases": [
"CVE-2018-6963"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-22T13:29:00Z",
"severity": "MODERATE"
},
"details": "VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.",
"id": "GHSA-68fh-262x-p9gv",
"modified": "2022-05-14T03:16:19Z",
"published": "2022-05-14T03:16:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6963"
},
{
"type": "WEB",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0013.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104237"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040957"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-68GG-F4CJ-W6G2
Vulnerability from github – Published: 2025-04-03 09:32 – Updated: 2025-04-10 18:32In the Linux kernel, the following vulnerability has been resolved:
netfs: Call invalidate_cache only if implemented
Many filesystems such as NFS and Ceph do not implement the
invalidate_cache method. On those filesystems, if writing to the
cache (NETFS_WRITE_TO_CACHE) fails for some reason, the kernel
crashes like this:
BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor instruction fetch in kernel mode #PF: error_code(0x0010) - not-present page PGD 0 P4D 0 Oops: Oops: 0010 [#1] SMP PTI CPU: 9 UID: 0 PID: 3380 Comm: kworker/u193:11 Not tainted 6.13.3-cm4all1-hp #437 Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018 Workqueue: events_unbound netfs_write_collection_worker RIP: 0010:0x0 Code: Unable to access opcode bytes at 0xffffffffffffffd6. RSP: 0018:ffff9b86e2ca7dc0 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 7fffffffffffffff RDX: 0000000000000001 RSI: ffff89259d576a18 RDI: ffff89259d576900 RBP: ffff89259d5769b0 R08: ffff9b86e2ca7d28 R09: 0000000000000002 R10: ffff89258ceaca80 R11: 0000000000000001 R12: 0000000000000020 R13: ffff893d158b9338 R14: ffff89259d576900 R15: ffff89259d5769b0 FS: 0000000000000000(0000) GS:ffff893c9fa40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 000000054442e003 CR4: 00000000001706f0 Call Trace: ? __die+0x1f/0x60 ? page_fault_oops+0x15c/0x460 ? try_to_wake_up+0x2d2/0x530 ? exc_page_fault+0x5e/0x100 ? asm_exc_page_fault+0x22/0x30 netfs_write_collection_worker+0xe9f/0x12b0 ? xs_poll_check_readable+0x3f/0x80 ? xs_stream_data_receive_workfn+0x8d/0x110 process_one_work+0x134/0x2d0 worker_thread+0x299/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xba/0xe0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x30/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 Modules linked in: CR2: 0000000000000000
This patch adds the missing NULL check.
{
"affected": [],
"aliases": [
"CVE-2025-22002"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-03T08:15:15Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Call `invalidate_cache` only if implemented\n\nMany filesystems such as NFS and Ceph do not implement the\n`invalidate_cache` method. On those filesystems, if writing to the\ncache (`NETFS_WRITE_TO_CACHE`) fails for some reason, the kernel\ncrashes like this:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor instruction fetch in kernel mode\n #PF: error_code(0x0010) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0010 [#1] SMP PTI\n CPU: 9 UID: 0 PID: 3380 Comm: kworker/u193:11 Not tainted 6.13.3-cm4all1-hp #437\n Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018\n Workqueue: events_unbound netfs_write_collection_worker\n RIP: 0010:0x0\n Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n RSP: 0018:ffff9b86e2ca7dc0 EFLAGS: 00010202\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 7fffffffffffffff\n RDX: 0000000000000001 RSI: ffff89259d576a18 RDI: ffff89259d576900\n RBP: ffff89259d5769b0 R08: ffff9b86e2ca7d28 R09: 0000000000000002\n R10: ffff89258ceaca80 R11: 0000000000000001 R12: 0000000000000020\n R13: ffff893d158b9338 R14: ffff89259d576900 R15: ffff89259d5769b0\n FS: 0000000000000000(0000) GS:ffff893c9fa40000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffffffffffffd6 CR3: 000000054442e003 CR4: 00000000001706f0\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x1f/0x60\n ? page_fault_oops+0x15c/0x460\n ? try_to_wake_up+0x2d2/0x530\n ? exc_page_fault+0x5e/0x100\n ? asm_exc_page_fault+0x22/0x30\n netfs_write_collection_worker+0xe9f/0x12b0\n ? xs_poll_check_readable+0x3f/0x80\n ? xs_stream_data_receive_workfn+0x8d/0x110\n process_one_work+0x134/0x2d0\n worker_thread+0x299/0x3a0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xba/0xe0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x30/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n Modules linked in:\n CR2: 0000000000000000\n\nThis patch adds the missing `NULL` check.",
"id": "GHSA-68gg-f4cj-w6g2",
"modified": "2025-04-10T18:32:01Z",
"published": "2025-04-03T09:32:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22002"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0def1a40c3e76a468f8f66aa572caed44ec37277"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/344b7ef248f420ed4ba3a3539cb0a0fc18df9a6c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c2d5d14a7bcbb045d0cd0095cefe95f2a4b91159"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.