Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-6WMM-RQ3J-5C47

Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-07 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: fix NULL dereference in get_queue_ids()

When usr_queue_id_array is NULL and num_queues is non-zero, get_queue_ids() returns NULL. The callers check only IS_ERR() on the return value; since IS_ERR(NULL) == false the check passes, and suspend_queues() calls q_array_invalidate() which immediately dereferences NULL while iterating num_queues times.

Userspace can trigger this via kfd_ioctl_set_debug_trap() by supplying num_queues > 0 with a zero queue_array_ptr, causing a kernel panic.

A NULL usr_queue_id_array with num_queues == 0 is a legitimate no-op (q_array_invalidate never executes, and resume_queues already guards all queue_ids dereferences behind a NULL check). Return ERR_PTR(-EINVAL) only when num_queues is non-zero and the pointer is absent; both callers already propagate IS_ERR() returns correctly to userspace.

(cherry picked from commit f165a82cdf503884bb1797771c61b2fcc72113d4)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53144"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T09:16:31Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: fix NULL dereference in get_queue_ids()\n\nWhen usr_queue_id_array is NULL and num_queues is non-zero,\nget_queue_ids() returns NULL. The callers check only IS_ERR() on the\nreturn value; since IS_ERR(NULL) == false the check passes, and\nsuspend_queues() calls q_array_invalidate() which immediately\ndereferences NULL while iterating num_queues times.\n\nUserspace can trigger this via kfd_ioctl_set_debug_trap() by supplying\nnum_queues \u003e 0 with a zero queue_array_ptr, causing a kernel panic.\n\nA NULL usr_queue_id_array with num_queues == 0 is a legitimate no-op\n(q_array_invalidate never executes, and resume_queues already guards\nall queue_ids dereferences behind a NULL check). Return ERR_PTR(-EINVAL)\nonly when num_queues is non-zero and the pointer is absent; both callers\nalready propagate IS_ERR() returns correctly to userspace.\n\n(cherry picked from commit f165a82cdf503884bb1797771c61b2fcc72113d4)",
  "id": "GHSA-6wmm-rq3j-5c47",
  "modified": "2026-07-07T18:30:28Z",
  "published": "2026-06-25T09:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53144"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2bd550b547deabef98bd3b017ff743b7c34d3a6d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/62bd09e23a23da70f9aae02748eba3e6bd93095d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/72e259a32084c42816152c346096d2edd4213e23"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/daeceb0fe2a19651c58bbfa3d9d515ecb6ca8996"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e1965e8913cfbf17622ca12638e7a07f68ba0848"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6WQ6-XJ8V-GVFQ

Vulnerability from github – Published: 2024-06-24 15:31 – Updated: 2025-02-03 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

fpga: region: add owner module and take its refcount

The current implementation of the fpga region assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcount. This approach is problematic since it can lead to a null pointer dereference while attempting to get the region during programming if the parent device does not have a driver.

To address this problem, add a module owner pointer to the fpga_region struct and use it to take the module's refcount. Modify the functions for registering a region to take an additional owner module parameter and rename them to avoid conflicts. Use the old function names for helper macros that automatically set the module that registers the region as the owner. This ensures compatibility with existing low-level control modules and reduces the chances of registering a region without setting the owner.

Also, update the documentation to keep it consistent with the new interface for registering an fpga region.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35247"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-24T14:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfpga: region: add owner module and take its refcount\n\nThe current implementation of the fpga region assumes that the low-level\nmodule registers a driver for the parent device and uses its owner pointer\nto take the module\u0027s refcount. This approach is problematic since it can\nlead to a null pointer dereference while attempting to get the region\nduring programming if the parent device does not have a driver.\n\nTo address this problem, add a module owner pointer to the fpga_region\nstruct and use it to take the module\u0027s refcount. Modify the functions for\nregistering a region to take an additional owner module parameter and\nrename them to avoid conflicts. Use the old function names for helper\nmacros that automatically set the module that registers the region as the\nowner. This ensures compatibility with existing low-level control modules\nand reduces the chances of registering a region without setting the owner.\n\nAlso, update the documentation to keep it consistent with the new interface\nfor registering an fpga region.",
  "id": "GHSA-6wq6-xj8v-gvfq",
  "modified": "2025-02-03T18:30:37Z",
  "published": "2024-06-24T15:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35247"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2279c09c36165ccded4d506d11a7714e13b56019"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/26e6e25d742e29885cf44274fcf6b744366c4702"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4d7d12b643c00e7eea51b49a60a2ead182633ec8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/75a001914a8d2ccdcbe4b8cc7e94ac71d0e66093"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9b4eee8572dcf82b2ed17d9a328c7fb87df2f0e8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b7c0e1ecee403a43abc89eb3e75672b01ff2ece9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6WQW-FV93-6J54

Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30
VLAI
Details

Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-62466"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-09T18:15:58Z",
    "severity": "HIGH"
  },
  "details": "Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-6wqw-fv93-6j54",
  "modified": "2025-12-09T18:30:46Z",
  "published": "2025-12-09T18:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62466"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62466"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6WX9-5WQ9-RR87

Vulnerability from github – Published: 2025-09-25 18:30 – Updated: 2025-09-26 21:30
VLAI
Details

A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2022506 allows attackers to cause a Denial of Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-57623"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-25T18:15:43Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2022506 allows attackers to cause a Denial of Service.",
  "id": "GHSA-6wx9-5wq9-rr87",
  "modified": "2025-09-26T21:30:28Z",
  "published": "2025-09-25T18:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57623"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/z472421519/d17061ea79a72d39fe69c000fa1a6280"
    },
    {
      "type": "WEB",
      "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/NPD/TOTOLink/CONTENT_LENGTH.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6X25-7HX6-JXF2

Vulnerability from github – Published: 2024-06-21 12:31 – Updated: 2024-09-09 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules

rx_create no longer allocates a modify_hdr instance that needs to be cleaned up. The mlx5_modify_header_dealloc call will lead to a NULL pointer dereference. A leak in the rules also previously occurred since there are now two rules populated related to status.

BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 109907067 P4D 109907067 PUD 116890067 PMD 0 Oops: 0000 [#1] SMP CPU: 1 PID: 484 Comm: ip Not tainted 6.9.0-rc2-rrameshbabu+ #254 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS Arch Linux 1.16.3-1-1 04/01/2014 RIP: 0010:mlx5_modify_header_dealloc+0xd/0x70 Call Trace: ? show_regs+0x60/0x70 ? __die+0x24/0x70 ? page_fault_oops+0x15f/0x430 ? free_to_partial_list.constprop.0+0x79/0x150 ? do_user_addr_fault+0x2c9/0x5c0 ? exc_page_fault+0x63/0x110 ? asm_exc_page_fault+0x27/0x30 ? mlx5_modify_header_dealloc+0xd/0x70 rx_create+0x374/0x590 rx_add_rule+0x3ad/0x500 ? rx_add_rule+0x3ad/0x500 ? mlx5_cmd_exec+0x2c/0x40 ? mlx5_create_ipsec_obj+0xd6/0x200 mlx5e_accel_ipsec_fs_add_rule+0x31/0xf0 mlx5e_xfrm_add_state+0x426/0xc00

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36281"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-21T11:15:10Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules\n\nrx_create no longer allocates a modify_hdr instance that needs to be\ncleaned up. The mlx5_modify_header_dealloc call will lead to a NULL pointer\ndereference. A leak in the rules also previously occurred since there are\nnow two rules populated related to status.\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000000\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 109907067 P4D 109907067 PUD 116890067 PMD 0\n  Oops: 0000 [#1] SMP\n  CPU: 1 PID: 484 Comm: ip Not tainted 6.9.0-rc2-rrameshbabu+ #254\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n  RIP: 0010:mlx5_modify_header_dealloc+0xd/0x70\n  \u003csnip\u003e\n  Call Trace:\n   \u003cTASK\u003e\n   ? show_regs+0x60/0x70\n   ? __die+0x24/0x70\n   ? page_fault_oops+0x15f/0x430\n   ? free_to_partial_list.constprop.0+0x79/0x150\n   ? do_user_addr_fault+0x2c9/0x5c0\n   ? exc_page_fault+0x63/0x110\n   ? asm_exc_page_fault+0x27/0x30\n   ? mlx5_modify_header_dealloc+0xd/0x70\n   rx_create+0x374/0x590\n   rx_add_rule+0x3ad/0x500\n   ? rx_add_rule+0x3ad/0x500\n   ? mlx5_cmd_exec+0x2c/0x40\n   ? mlx5_create_ipsec_obj+0xd6/0x200\n   mlx5e_accel_ipsec_fs_add_rule+0x31/0xf0\n   mlx5e_xfrm_add_state+0x426/0xc00\n  \u003csnip\u003e",
  "id": "GHSA-6x25-7hx6-jxf2",
  "modified": "2024-09-09T15:30:37Z",
  "published": "2024-06-21T12:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36281"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/16d66a4fa81da07bc4ed19f4e53b87263c2f8d38"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b0a15cde37a8388e57573686f650a17208ae1212"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cc9ac559f2e21894c21ac5b0c85fb24a5cab266c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6X27-FRWR-PW8H

Vulnerability from github – Published: 2026-06-13 00:34 – Updated: 2026-06-13 00:34
VLAI
Details

Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process.

This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-7018"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-12T22:16:49Z",
    "severity": "MODERATE"
  },
  "details": "Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process.\n\nThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64.",
  "id": "GHSA-6x27-frwr-pw8h",
  "modified": "2026-06-13T00:34:31Z",
  "published": "2026-06-13T00:34:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7018"
    },
    {
      "type": "WEB",
      "url": "https://www.gendigital.com/us/en/contact-us/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6X2M-4V7J-22H4

Vulnerability from github – Published: 2022-09-22 00:00 – Updated: 2022-09-23 00:00
VLAI
Details

XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-38928"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-21T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.",
  "id": "GHSA-6x2m-4v7j-22h4",
  "modified": "2022-09-23T00:00:41Z",
  "published": "2022-09-22T00:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38928"
    },
    {
      "type": "WEB",
      "url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42325\u0026sid=7b08ba9a518a99ce3c5ff40e53fc6421"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6X52-X3XM-XR89

Vulnerability from github – Published: 2025-03-12 00:31 – Updated: 2025-03-12 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: ralink: Check for null return of devm_kcalloc

Because of the possible failure of the allocation, data->domains might be NULL pointer and will cause the dereference of the NULL pointer later. Therefore, it might be better to check it and directly return -ENOMEM without releasing data manually if fails, because the comment of the devm_kmalloc() says "Memory allocated with this function is automatically freed on driver detach.".

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49608"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:36Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: ralink: Check for null return of devm_kcalloc\n\nBecause of the possible failure of the allocation, data-\u003edomains might\nbe NULL pointer and will cause the dereference of the NULL pointer\nlater.\nTherefore, it might be better to check it and directly return -ENOMEM\nwithout releasing data manually if fails, because the comment of the\ndevm_kmalloc() says \"Memory allocated with this function is\nautomatically freed on driver detach.\".",
  "id": "GHSA-6x52-x3xm-xr89",
  "modified": "2025-03-12T00:31:46Z",
  "published": "2025-03-12T00:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49608"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/13596e6c9e541e90e5fc2c52b23f08b951370da9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/44016a85419ca0d4f1e4d0127b330f8e4e2a57d0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5595d30c4dc27d939635c3188c68203b6ece1711"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5694b162f275fb9a9f89422701b2b963be11e496"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6194c021496addc11763d1ffa89ce5751889fe3c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c3b821e8e406d5650e587b7ac624ac24e9b780a8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6X7G-3W67-HJ7P

Vulnerability from github – Published: 2024-02-14 18:30 – Updated: 2024-12-12 21:30
VLAI
Details

When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with "Apply value and content signatures and detect threat campaigns."  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23308"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-14T17:15:13Z",
    "severity": "HIGH"
  },
  "details": "\nWhen a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with \"Apply value and content signatures and detect threat campaigns.\"\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",
  "id": "GHSA-6x7g-3w67-hj7p",
  "modified": "2024-12-12T21:30:45Z",
  "published": "2024-02-14T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23308"
    },
    {
      "type": "WEB",
      "url": "https://my.f5.com/manage/s/article/K000137416"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6X8F-VPGX-H5H9

Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2024-12-30 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: qca: fix NULL-deref on non-serdev setup

Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL.

Add the missing sanity check to prevent a NULL-pointer dereference when setup() is called for a non-serdev controller.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35850"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T15:15:21Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: fix NULL-deref on non-serdev setup\n\nQualcomm ROME controllers can be registered from the Bluetooth line\ndiscipline and in this case the HCI UART serdev pointer is NULL.\n\nAdd the missing sanity check to prevent a NULL-pointer dereference when\nsetup() is called for a non-serdev controller.",
  "id": "GHSA-6x8f-vpgx-h5h9",
  "modified": "2024-12-30T18:30:40Z",
  "published": "2024-05-17T15:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35850"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/67459f1a707aae6d590454de07956c2752e21ea4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bec4d4c6fa5c6526409f582e4f31144e20c86c21"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.