CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-6P6G-2H65-337P
Vulnerability from github – Published: 2022-05-14 01:54 – Updated: 2022-05-14 01:54The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
{
"affected": [],
"aliases": [
"CVE-2018-18459"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-18T06:29:00Z",
"severity": "MODERATE"
},
"details": "The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.",
"id": "GHSA-6p6g-2h65-337p",
"modified": "2022-05-14T01:54:36Z",
"published": "2022-05-14T01:54:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18459"
},
{
"type": "WEB",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41217"
},
{
"type": "WEB",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6P8G-X822-G299
Vulnerability from github – Published: 2024-05-19 09:34 – Updated: 2025-09-23 15:31In the Linux kernel, the following vulnerability has been resolved:
s390/bpf: Fix bpf_plt pointer arithmetic
Kui-Feng Lee reported a crash on s390x triggered by the dummy_st_ops/dummy_init_ptr_arg test [1]:
[<0000000000000002>] 0x2 [<00000000009d5cde>] bpf_struct_ops_test_run+0x156/0x250 [<000000000033145a>] __sys_bpf+0xa1a/0xd00 [<00000000003319dc>] __s390x_sys_bpf+0x44/0x50 [<0000000000c4382c>] __do_syscall+0x244/0x300 [<0000000000c59a40>] system_call+0x70/0x98
This is caused by GCC moving memcpy() after assignments in bpf_jit_plt(), resulting in NULL pointers being written instead of the return and the target addresses.
Looking at the GCC internals, the reordering is allowed because the alias analysis thinks that the memcpy() destination and the assignments' left-hand-sides are based on different objects: new_plt and bpf_plt_ret/bpf_plt_target respectively, and therefore they cannot alias.
This is in turn due to a violation of the C standard:
When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object ...
From the C's perspective, bpf_plt_ret and bpf_plt are distinct objects and cannot be subtracted. In the practical terms, doing so confuses the GCC's alias analysis.
The code was written this way in order to let the C side know a few offsets defined in the assembly. While nice, this is by no means necessary. Fix the noncompliance by hardcoding these offsets.
[1] https://lore.kernel.org/bpf/c9923c1d-971d-4022-8dc8-1364e929d34c@gmail.com/
{
"affected": [],
"aliases": [
"CVE-2024-35917"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-19T09:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/bpf: Fix bpf_plt pointer arithmetic\n\nKui-Feng Lee reported a crash on s390x triggered by the\ndummy_st_ops/dummy_init_ptr_arg test [1]:\n\n [\u003c0000000000000002\u003e] 0x2\n [\u003c00000000009d5cde\u003e] bpf_struct_ops_test_run+0x156/0x250\n [\u003c000000000033145a\u003e] __sys_bpf+0xa1a/0xd00\n [\u003c00000000003319dc\u003e] __s390x_sys_bpf+0x44/0x50\n [\u003c0000000000c4382c\u003e] __do_syscall+0x244/0x300\n [\u003c0000000000c59a40\u003e] system_call+0x70/0x98\n\nThis is caused by GCC moving memcpy() after assignments in\nbpf_jit_plt(), resulting in NULL pointers being written instead of\nthe return and the target addresses.\n\nLooking at the GCC internals, the reordering is allowed because the\nalias analysis thinks that the memcpy() destination and the assignments\u0027\nleft-hand-sides are based on different objects: new_plt and\nbpf_plt_ret/bpf_plt_target respectively, and therefore they cannot\nalias.\n\nThis is in turn due to a violation of the C standard:\n\n When two pointers are subtracted, both shall point to elements of the\n same array object, or one past the last element of the array object\n ...\n\nFrom the C\u0027s perspective, bpf_plt_ret and bpf_plt are distinct objects\nand cannot be subtracted. In the practical terms, doing so confuses the\nGCC\u0027s alias analysis.\n\nThe code was written this way in order to let the C side know a few\noffsets defined in the assembly. While nice, this is by no means\nnecessary. Fix the noncompliance by hardcoding these offsets.\n\n[1] https://lore.kernel.org/bpf/c9923c1d-971d-4022-8dc8-1364e929d34c@gmail.com/",
"id": "GHSA-6p8g-x822-g299",
"modified": "2025-09-23T15:31:04Z",
"published": "2024-05-19T09:34:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35917"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7ded842b356d151ece8ac4985940438e6d3998bb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c3062bdb859b6e2567e7f5c8cde20c0250bb130f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d3d74e45a060d218fe4b0c9174f0a77517509d8e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6P9H-CFCV-PC5F
Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-11 18:30In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: Can't set dst buffer to done when lat decode error
Core thread will call v4l2_m2m_buf_done to set dst buffer done for lat architecture. If lat call v4l2_m2m_buf_done_and_job_finish to free dst buffer when lat decode error, core thread will access kernel NULL pointer dereference, then crash.
{
"affected": [],
"aliases": [
"CVE-2022-50383"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T14:15:37Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Can\u0027t set dst buffer to done when lat decode error\n\nCore thread will call v4l2_m2m_buf_done to set dst buffer done for\nlat architecture. If lat call v4l2_m2m_buf_done_and_job_finish to\nfree dst buffer when lat decode error, core thread will access kernel\nNULL pointer dereference, then crash.",
"id": "GHSA-6p9h-cfcv-pc5f",
"modified": "2025-12-11T18:30:33Z",
"published": "2025-09-18T15:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50383"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3568ecd3f3a6d133ab7feffbba34955c8c79bbc4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/66d26ed30056e7d2da3e9c14125ffe6049a4f907"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eeb090420f3477eb5011586709409fc655c2b16c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6PCV-R3VC-XFCC
Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2025-04-12 12:31The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.
{
"affected": [],
"aliases": [
"CVE-2013-7339"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-03-24T16:40:00Z",
"severity": "MODERATE"
},
"details": "The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.",
"id": "GHSA-6pcv-r3vc-xfcc",
"modified": "2025-04-12T12:31:49Z",
"published": "2022-05-13T01:17:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7339"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/c2349758acf1874e4c2b93fe41d072336f1a31d0"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079214"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c2349758acf1874e4c2b93fe41d072336f1a31d0"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c2349758acf1874e4c2b93fe41d072336f1a31d0"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59386"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2014/03/20/14"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/66351"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6PG5-WF6R-XVH8
Vulnerability from github – Published: 2025-04-16 15:34 – Updated: 2025-11-03 21:33In the Linux kernel, the following vulnerability has been resolved:
arcnet: Add NULL check in com20020pci_probe()
devm_kasprintf() returns NULL when memory allocation fails. Currently, com20020pci_probe() does not check for this case, which results in a NULL pointer dereference.
Add NULL check after devm_kasprintf() to prevent this issue and ensure no resources are left allocated.
{
"affected": [],
"aliases": [
"CVE-2025-22054"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-16T15:15:58Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\narcnet: Add NULL check in com20020pci_probe()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\ncom20020pci_probe() does not check for this case, which results in a\nNULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue and ensure\nno resources are left allocated.",
"id": "GHSA-6pg5-wf6r-xvh8",
"modified": "2025-11-03T21:33:35Z",
"published": "2025-04-16T15:34:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22054"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/661cf5d102949898c931e81fd4e1c773afcdeafa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/887226163504494ea7e58033a97c2d2ab12e05d4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/905a34dc1ad9a53a8aaaf8a759ea5dbaaa30418d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a654f31b33515d39bb56c75fd8b26bef025ced7e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/be8a0decd0b59a52a07276f9ef3b33ef820b2179"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ebebeb58d48e25525fa654f2c53a24713fe141c3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ececf8eff6c25acc239fa8f0fd837c76bc770547"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ef8b29398ea6061ac8257f3e45c9be45cc004ce2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fda8c491db2a90ff3e6fbbae58e495b4ddddeca3"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6PH5-GF8V-WVM9
Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2022-03-19 00:01Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
{
"affected": [],
"aliases": [
"CVE-2022-0562"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-11T18:15:00Z",
"severity": "MODERATE"
},
"details": "Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.",
"id": "GHSA-6ph5-gf8v-wvm9",
"modified": "2022-03-19T00:01:46Z",
"published": "2022-02-12T00:00:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0562"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/362"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-10"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220318-0001"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5108"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6PHW-P8VC-Q8GP
Vulnerability from github – Published: 2026-01-10 12:30 – Updated: 2026-01-12 18:30NULL Pointer Dereference vulnerability in Apache Nimble.
Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.8.0.
Users are recommended to upgrade to version 1.9.0, which fixes the issue.
{
"affected": [],
"aliases": [
"CVE-2025-53477"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-10T10:15:50Z",
"severity": "HIGH"
},
"details": "NULL Pointer Dereference vulnerability in Apache Nimble.\n\nMissing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference.\nThis issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low.\n\nThis issue affects Apache NimBLE: through 1.8.0.\n\nUsers are recommended to upgrade to version 1.9.0, which fixes the issue.",
"id": "GHSA-6phw-p8vc-q8gp",
"modified": "2026-01-12T18:30:30Z",
"published": "2026-01-10T12:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53477"
},
{
"type": "WEB",
"url": "https://github.com/apache/mynewt-nimble/commit/0caf9baeb271ede85fcc5237ab87ddbf938600da"
},
{
"type": "WEB",
"url": "https://github.com/apache/mynewt-nimble/commit/3160b8c4c7ff8db4e0f9badcdf7df684b151e077"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/1dxthc132hwm2tzvjblrtnschcsbw2vo"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/01/08/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6PMM-J8MH-QWGF
Vulnerability from github – Published: 2026-04-13 15:31 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
net/sched: cls_flow: fix NULL pointer dereference on shared blocks
flow_change() calls tcf_block_q() and dereferences q->handle to derive a default baseclass. Shared blocks leave block->q NULL, causing a NULL deref when a flow filter without a fully qualified baseclass is created on a shared block.
Check tcf_block_shared() before accessing block->q and return -EINVAL for shared blocks. This avoids the null-deref shown below:
======================================================================= KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f] RIP: 0010:flow_change (net/sched/cls_flow.c:508) Call Trace: tc_new_tfilter (net/sched/cls_api.c:2432) rtnetlink_rcv_msg (net/core/rtnetlink.c:6980) [...] =======================================================================
{
"affected": [],
"aliases": [
"CVE-2026-31422"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-13T14:16:11Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_flow: fix NULL pointer dereference on shared blocks\n\nflow_change() calls tcf_block_q() and dereferences q-\u003ehandle to derive\na default baseclass. Shared blocks leave block-\u003eq NULL, causing a NULL\nderef when a flow filter without a fully qualified baseclass is created\non a shared block.\n\nCheck tcf_block_shared() before accessing block-\u003eq and return -EINVAL\nfor shared blocks. This avoids the null-deref shown below:\n\n=======================================================================\nKASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]\nRIP: 0010:flow_change (net/sched/cls_flow.c:508)\nCall Trace:\n tc_new_tfilter (net/sched/cls_api.c:2432)\n rtnetlink_rcv_msg (net/core/rtnetlink.c:6980)\n [...]\n=======================================================================",
"id": "GHSA-6pmm-j8mh-qwgf",
"modified": "2026-07-14T15:31:51Z",
"published": "2026-04-13T15:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31422"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1a280dd4bd1d616a01d6ffe0de284c907b555504"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/415ea0c973c754b9f375225807810eb9045f4293"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4a09f72007201c9f667dc47f64517ec23eea65e5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/57f94ac7e953eece5ed4819605a18f3cdfc63dcc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/942813276edeb1741fa5b0a73471beb4e495fa08"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9bf5fc36a43f7b8b5507c96e74fb81f1e8b4957e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a208c3e1232997e9317887294c20008dfcb75449"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cc707a4fd4c3b6ab2722e06bc359aa010e13d408"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6PP9-R78Q-5HWX
Vulnerability from github – Published: 2026-02-14 15:32 – Updated: 2026-03-18 15:30In the Linux kernel, the following vulnerability has been resolved:
ice: add missing ice_deinit_hw() in devlink reinit path
devlink-reload results in ice_init_hw failed error, and then removing the ice driver causes a NULL pointer dereference.
[ +0.102213] ice 0000:ca:00.0: ice_init_hw failed: -16 ... [ +0.000001] Call Trace: [ +0.000003] [ +0.000006] ice_unload+0x8f/0x100 [ice] [ +0.000081] ice_remove+0xba/0x300 [ice]
Commit 1390b8b3d2be ("ice: remove duplicate call to ice_deinit_hw() on error paths") removed ice_deinit_hw() from ice_deinit_dev(). As a result ice_devlink_reinit_down() no longer calls ice_deinit_hw(), but ice_devlink_reinit_up() still calls ice_init_hw(). Since the control queues are not uninitialized, ice_init_hw() fails with -EBUSY.
Add ice_deinit_hw() to ice_devlink_reinit_down() to correspond with ice_init_hw() in ice_devlink_reinit_up().
{
"affected": [],
"aliases": [
"CVE-2026-23117"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-14T15:16:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: add missing ice_deinit_hw() in devlink reinit path\n\ndevlink-reload results in ice_init_hw failed error, and then removing\nthe ice driver causes a NULL pointer dereference.\n\n[ +0.102213] ice 0000:ca:00.0: ice_init_hw failed: -16\n...\n[ +0.000001] Call Trace:\n[ +0.000003] \u003cTASK\u003e\n[ +0.000006] ice_unload+0x8f/0x100 [ice]\n[ +0.000081] ice_remove+0xba/0x300 [ice]\n\nCommit 1390b8b3d2be (\"ice: remove duplicate call to ice_deinit_hw() on\nerror paths\") removed ice_deinit_hw() from ice_deinit_dev(). As a result\nice_devlink_reinit_down() no longer calls ice_deinit_hw(), but\nice_devlink_reinit_up() still calls ice_init_hw(). Since the control\nqueues are not uninitialized, ice_init_hw() fails with -EBUSY.\n\nAdd ice_deinit_hw() to ice_devlink_reinit_down() to correspond with\nice_init_hw() in ice_devlink_reinit_up().",
"id": "GHSA-6pp9-r78q-5hwx",
"modified": "2026-03-18T15:30:40Z",
"published": "2026-02-14T15:32:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23117"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/42fb5f3deb582cb96440e4683745017dbabb83d6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a3d99e2fbf01446d31a0d0dfc46444e915a1f6d4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6PPV-9JP4-GPRM
Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2025-02-21 15:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags
[WHAT & HOW] "dcn20_validate_apply_pipe_split_flags" dereferences merge, and thus it cannot be a null pointer. Let's pass a valid pointer to avoid null dereference.
This fixes 2 FORWARD_NULL issues reported by Coverity.
{
"affected": [],
"aliases": [
"CVE-2024-49923"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:14Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags\n\n[WHAT \u0026 HOW]\n\"dcn20_validate_apply_pipe_split_flags\" dereferences merge, and thus it\ncannot be a null pointer. Let\u0027s pass a valid pointer to avoid null\ndereference.\n\nThis fixes 2 FORWARD_NULL issues reported by Coverity.",
"id": "GHSA-6ppv-9jp4-gprm",
"modified": "2025-02-21T15:31:57Z",
"published": "2024-10-21T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49923"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/39a580cd15397e102aaec25986ae5acf492f8930"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5559598742fb4538e4c51c48ef70563c49c2af23"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/85aa996ecfaa95d1e922867390502d23ce21b905"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9a05270869f40c89f8d184fe2d37cb86e0d7e5f5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.