Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-7PXG-RRCR-GQM5

Vulnerability from github – Published: 2025-07-03 09:30 – Updated: 2025-12-17 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO

gve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo() did not check for this case before dereferencing the returned pointer.

Add a missing NULL check to prevent a potential NULL pointer dereference when allocation fails.

This improves robustness in low-memory scenarios.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38122"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-03T09:15:26Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: add missing NULL check for gve_alloc_pending_packet() in TX DQO\n\ngve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo()\ndid not check for this case before dereferencing the returned pointer.\n\nAdd a missing NULL check to prevent a potential NULL pointer\ndereference when allocation fails.\n\nThis improves robustness in low-memory scenarios.",
  "id": "GHSA-7pxg-rrcr-gqm5",
  "modified": "2025-12-17T18:31:32Z",
  "published": "2025-07-03T09:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38122"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/12c331b29c7397ac3b03584e12902990693bc248"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2e5ead9e4e91fbe7799bd38afd8904543be1cb51"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7f6265fce3bd424ded666481b37f106d7915fb6b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a0319c9b1648a67511e947a596ca86888451c0a7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ae98a1787fdcb0096d122bc80d93c3c7d812c04b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c741a7ef68023ac800054e2131c3e22e647fd7e3"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7Q33-HQVG-RM4F

Vulnerability from github – Published: 2025-03-04 06:30 – Updated: 2025-03-04 06:30
VLAI
Details

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-04T04:15:13Z",
    "severity": "LOW"
  },
  "details": "in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.",
  "id": "GHSA-7q33-hqvg-rm4f",
  "modified": "2025-03-04T06:30:33Z",
  "published": "2025-03-04T06:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21097"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7Q5J-M65F-W95R

Vulnerability from github – Published: 2025-07-04 15:31 – Updated: 2026-05-12 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: Initialize ssc before laundromat_work to prevent NULL dereference

In nfs4_state_start_net(), laundromat_work may access nfsd_ssc through nfs4_laundromat -> nfsd4_ssc_expire_umount. If nfsd_ssc isn't initialized, this can cause NULL pointer dereference.

Normally the delayed start of laundromat_work allows sufficient time for nfsd_ssc initialization to complete. However, when the kernel waits too long for userspace responses (e.g. in nfs4_state_start_net -> nfsd4_end_grace -> nfsd4_record_grace_done -> nfsd4_cld_grace_done -> cld_pipe_upcall -> __cld_pipe_upcall -> wait_for_completion path), the delayed work may start before nfsd_ssc initialization finishes.

Fix this by moving nfsd_ssc initialization before starting laundromat_work.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38231"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-04T14:15:32Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Initialize ssc before laundromat_work to prevent NULL dereference\n\nIn nfs4_state_start_net(), laundromat_work may access nfsd_ssc through\nnfs4_laundromat -\u003e nfsd4_ssc_expire_umount. If nfsd_ssc isn\u0027t initialized,\nthis can cause NULL pointer dereference.\n\nNormally the delayed start of laundromat_work allows sufficient time for\nnfsd_ssc initialization to complete. However, when the kernel waits too\nlong for userspace responses (e.g. in nfs4_state_start_net -\u003e\nnfsd4_end_grace -\u003e nfsd4_record_grace_done -\u003e nfsd4_cld_grace_done -\u003e\ncld_pipe_upcall -\u003e __cld_pipe_upcall -\u003e wait_for_completion path), the\ndelayed work may start before nfsd_ssc initialization finishes.\n\nFix this by moving nfsd_ssc initialization before starting laundromat_work.",
  "id": "GHSA-7q5j-m65f-w95r",
  "modified": "2026-05-12T15:30:54Z",
  "published": "2025-07-04T15:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38231"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0fccf5f01ed28725cc313a66ca1247eef911d55e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5060e1a5fef184bd11d298e3f0ee920d96a23236"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/83ac1ba8ca102ab5c0ed4351f8ac6e74ac4d5d64"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a97668ec6d73dab237cd1c15efe012a10090a4ed"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b31da62889e6d610114d81dc7a6edbcaa503fcf8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d622c2ee6c08147ab8c9b9e37d93b6e95d3258e0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/deaeb74ae9318252829c59a84a7d2316fc335660"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7Q5M-QV9W-C8XX

Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-02 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: revalidate bridge ports

ebt_redirect_tg() dereferences br_port_get_rcu() return without a NULL check, causing a kernel panic when the bridge port has been removed between the original hook invocation and an NFQUEUE reinject.

A mere NULL check isn't sufficient, however. As sashiko review points out userspace can not only remove the port from the bridge, it could also place the device in a different virtual device, e.g. macvlan.

If this happens, we must drop the packet, there is no way for us to reinject it into the bridge path.

Switch to _upper API, we don't need the bridge port structure. Also, this fix keeps another bug intact:

Both nfnetlink_log and nfnetlink_queue use CONFIG_BRIDGE_NETFILTER too aggressive, which prevents certain logging features when queueing in bridge family: NETFILTER_FAMILY_BRIDGE can be enabled while the old CONFIG_BRIDGE_NETFILTER cruft is off.

Fixes tag is a common ancestor, this was always broken.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53220"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T09:16:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: revalidate bridge ports\n\nebt_redirect_tg() dereferences br_port_get_rcu() return without a\nNULL check, causing a kernel panic when the bridge port has been\nremoved between the original hook invocation and an NFQUEUE\nreinject.\n\nA mere NULL check isn\u0027t sufficient, however.  As sashiko review\npoints out userspace can not only remove the port from the bridge,\nit could also place the device in a different virtual device, e.g.\nmacvlan.\n\nIf this happens, we must drop the packet, there is no way for us to\nreinject it into the bridge path.\n\nSwitch to _upper API, we don\u0027t need the bridge port structure.\nAlso, this fix keeps another bug intact:\n\nBoth nfnetlink_log and nfnetlink_queue use CONFIG_BRIDGE_NETFILTER\ntoo aggressive, which prevents certain logging features when queueing\nin bridge family: NETFILTER_FAMILY_BRIDGE can be enabled while the old\nCONFIG_BRIDGE_NETFILTER cruft is off.\n\nFixes tag is a common ancestor, this was always broken.",
  "id": "GHSA-7q5m-qv9w-c8xx",
  "modified": "2026-07-02T21:32:05Z",
  "published": "2026-06-25T09:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53220"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/43330a1e8aace6b5a8de9aba127e9e394ab49b0f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4beffcd726e2a731cea4dc18e1fbc55c8d76f1a0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ccb9fd4b87538ccf19ccff78ee26700526d94867"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d4b1301fd3c9e5e105fd3767c68bc4ba558bb228"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7Q5P-4JPP-R47W

Vulnerability from github – Published: 2022-05-17 02:51 – Updated: 2022-05-17 02:51
VLAI
Details

The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-7380"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-03T05:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.",
  "id": "GHSA-7q5p-4jpp-r47w",
  "modified": "2022-05-17T02:51:00Z",
  "published": "2022-05-17T02:51:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7380"
    },
    {
      "type": "WEB",
      "url": "https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97296"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7Q5Q-96VF-8RG6

Vulnerability from github – Published: 2024-09-04 21:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

rtla/osnoise: Prevent NULL dereference in error handling

If the "tool->data" allocation fails then there is no need to call osnoise_free_top() and, in fact, doing so will lead to a NULL dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45002"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-04T20:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtla/osnoise: Prevent NULL dereference in error handling\n\nIf the \"tool-\u003edata\" allocation fails then there is no need to call\nosnoise_free_top() and, in fact, doing so will lead to a NULL dereference.",
  "id": "GHSA-7q5q-96vf-8rg6",
  "modified": "2025-11-04T00:31:23Z",
  "published": "2024-09-04T21:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45002"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/753f1745146e03abd17eec8eee95faffc96d743d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/90574d2a675947858b47008df8d07f75ea50d0d0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/abdb9ddaaab476e62805e36cce7b4ef8413ffd01"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fc575212c6b75d538e1a0a74f4c7e2ac73bc46ac"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7Q7J-VRXC-WV26

Vulnerability from github – Published: 2022-11-28 12:30 – Updated: 2022-12-01 21:30
VLAI
Details

A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-43589"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-28T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.",
  "id": "GHSA-7q7j-vrxc-wv26",
  "modified": "2022-12-01T21:30:20Z",
  "published": "2022-11-28T12:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43589"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1648"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7Q97-2MWR-62P8

Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2025-11-17 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()

As mentioned in the commit baeb705fd6a7 ("ice: always check VF VSI pointer values"), we need to perform a null pointer check on the return value of ice_get_vf_vsi() before using it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37912"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-20T16:15:27Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()\n\nAs mentioned in the commit baeb705fd6a7 (\"ice: always check VF VSI\npointer values\"), we need to perform a null pointer check on the return\nvalue of ice_get_vf_vsi() before using it.",
  "id": "GHSA-7q97-2mwr-62p8",
  "modified": "2025-11-17T18:30:23Z",
  "published": "2025-05-20T18:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37912"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0561f2e374c3732b90e50f0a244791a4308ec67e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/073791e9cfe6e4a11a6d85816ba87b1aa207493e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/425c5f266b2edeee0ce16fedd8466410cdcfcfe3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a32dcc3b8293600ddc4024731b4d027d4de061a4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eae60cfe25d022d7f0321dba4cc23ad8e87ade48"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f68237982dc012230550f4ecf7ce286a9c37ddc9"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7QCC-G2M9-8533

Vulnerability from github – Published: 2021-08-25 20:53 – Updated: 2021-08-19 17:22
VLAI
Summary
Null pointer deference in fltk
Details

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a non-raster image for a window icon.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "fltk"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.15.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-28307"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T17:22:29Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a non-raster image for a window icon.",
  "id": "GHSA-7qcc-g2m9-8533",
  "modified": "2021-08-19T17:22:29Z",
  "published": "2021-08-25T20:53:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28307"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MoAlyousef/fltk-rs/issues/519"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/MoAlyousef/fltk-rs"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2021-0038.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Null pointer deference in fltk"
}

GHSA-7QCM-45JM-FJ5G

Vulnerability from github – Published: 2025-01-19 12:31 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

sctp: sysctl: udp_port: avoid using current->nsproxy

As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons:

  • Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns.

  • current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2).

The 'net' structure can be obtained from the table->data using container_of().

Note that table->data could also be used directly, but that would increase the size of this fix, while 'sctp.ctl_sock' still needs to be retrieved from 'net' structure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21637"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-19T11:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n  from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n  (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n  syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
  "id": "GHSA-7qcm-45jm-fj5g",
  "modified": "2025-11-03T21:32:13Z",
  "published": "2025-01-19T12:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21637"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0a0966312ac3eedd7f5f2a766ed4702df39a9a65"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/55627918febdf9d71107a1e68d1528dc591c9a15"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5b77d73f3be5102720fb685b9e6900e3500e1096"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c10377bbc1972d858eaf0ab366a311b39f8ef1b6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e919197fb8616331f5dc81e4c3cc3d12769cb725"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.