CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-VV3W-8397-5Q9F
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
HID: wacom: fix when get product name maybe null pointer
Due to incorrect dev->product reporting by certain devices, null pointer dereferences occur when dev->product is empty, leading to potential system crashes.
This issue was found on EXCELSIOR DL37-D05 device with Loongson-LS3A6000-7A2000-DL37 motherboard.
Kernel logs: [ 56.470885] usb 4-3: new full-speed USB device number 4 using ohci-pci [ 56.671638] usb 4-3: string descriptor 0 read error: -22 [ 56.671644] usb 4-3: New USB device found, idVendor=056a, idProduct=0374, bcdDevice= 1.07 [ 56.671647] usb 4-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 56.678839] hid-generic 0003:056A:0374.0004: hiddev0,hidraw3: USB HID v1.10 Device [HID 056a:0374] on usb-0000:00:05.0-3/input0 [ 56.697719] CPU 2 Unable to handle kernel paging request at virtual address 0000000000000000, era == 90000000066e35c8, ra == ffff800004f98a80 [ 56.697732] Oops[#1]: [ 56.697734] CPU: 2 PID: 2742 Comm: (udev-worker) Tainted: G OE 6.6.0-loong64-desktop #25.00.2000.015 [ 56.697737] Hardware name: Inspur CE520L2/C09901N000000000, BIOS 2.09.00 10/11/2024 [ 56.697739] pc 90000000066e35c8 ra ffff800004f98a80 tp 9000000125478000 sp 900000012547b8a0 [ 56.697741] a0 0000000000000000 a1 ffff800004818b28 a2 0000000000000000 a3 0000000000000000 [ 56.697743] a4 900000012547b8f0 a5 0000000000000000 a6 0000000000000000 a7 0000000000000000 [ 56.697745] t0 ffff800004818b2d t1 0000000000000000 t2 0000000000000003 t3 0000000000000005 [ 56.697747] t4 0000000000000000 t5 0000000000000000 t6 0000000000000000 t7 0000000000000000 [ 56.697748] t8 0000000000000000 u0 0000000000000000 s9 0000000000000000 s0 900000011aa48028 [ 56.697750] s1 0000000000000000 s2 0000000000000000 s3 ffff800004818e80 s4 ffff800004810000 [ 56.697751] s5 90000001000b98d0 s6 ffff800004811f88 s7 ffff800005470440 s8 0000000000000000 [ 56.697753] ra: ffff800004f98a80 wacom_update_name+0xe0/0x300 [wacom] [ 56.697802] ERA: 90000000066e35c8 strstr+0x28/0x120 [ 56.697806] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 56.697816] PRMD: 0000000c (PPLV0 +PIE +PWE) [ 56.697821] EUEN: 00000000 (-FPE -SXE -ASXE -BTE) [ 56.697827] ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7) [ 56.697831] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 56.697835] BADV: 0000000000000000 [ 56.697836] PRID: 0014d000 (Loongson-64bit, Loongson-3A6000) [ 56.697838] Modules linked in: wacom(+) bnep bluetooth rfkill qrtr nls_iso8859_1 nls_cp437 snd_hda_codec_conexant snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd soundcore input_leds mousedev led_class joydev deepin_netmonitor(OE) fuse nfnetlink dmi_sysfs ip_tables x_tables overlay amdgpu amdxcp drm_exec gpu_sched drm_buddy radeon drm_suballoc_helper i2c_algo_bit drm_ttm_helper r8169 ttm drm_display_helper spi_loongson_pci xhci_pci cec xhci_pci_renesas spi_loongson_core hid_generic realtek gpio_loongson_64bit [ 56.697887] Process (udev-worker) (pid: 2742, threadinfo=00000000aee0d8b4, task=00000000a9eff1f3) [ 56.697890] Stack : 0000000000000000 ffff800004817e00 0000000000000000 0000251c00000000 [ 56.697896] 0000000000000000 00000011fffffffd 0000000000000000 0000000000000000 [ 56.697901] 0000000000000000 1b67a968695184b9 0000000000000000 90000001000b98d0 [ 56.697906] 90000001000bb8d0 900000011aa48028 0000000000000000 ffff800004f9d74c [ 56.697911] 90000001000ba000 ffff800004f9ce58 0000000000000000 ffff800005470440 [ 56.697916] ffff800004811f88 90000001000b98d0 9000000100da2aa8 90000001000bb8d0 [ 56.697921] 0000000000000000 90000001000ba000 900000011aa48028 ffff800004f9d74c [ 56.697926] ffff8000054704e8 90000001000bb8b8 90000001000ba000 0000000000000000 [ 56.697931] 90000001000bb8d0 ---truncated---
{
"affected": [],
"aliases": [
"CVE-2024-56629"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T15:15:22Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: wacom: fix when get product name maybe null pointer\n\nDue to incorrect dev-\u003eproduct reporting by certain devices, null\npointer dereferences occur when dev-\u003eproduct is empty, leading to\npotential system crashes.\n\nThis issue was found on EXCELSIOR DL37-D05 device with\nLoongson-LS3A6000-7A2000-DL37 motherboard.\n\nKernel logs:\n[ 56.470885] usb 4-3: new full-speed USB device number 4 using ohci-pci\n[ 56.671638] usb 4-3: string descriptor 0 read error: -22\n[ 56.671644] usb 4-3: New USB device found, idVendor=056a, idProduct=0374, bcdDevice= 1.07\n[ 56.671647] usb 4-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3\n[ 56.678839] hid-generic 0003:056A:0374.0004: hiddev0,hidraw3: USB HID v1.10 Device [HID 056a:0374] on usb-0000:00:05.0-3/input0\n[ 56.697719] CPU 2 Unable to handle kernel paging request at virtual address 0000000000000000, era == 90000000066e35c8, ra == ffff800004f98a80\n[ 56.697732] Oops[#1]:\n[ 56.697734] CPU: 2 PID: 2742 Comm: (udev-worker) Tainted: G OE 6.6.0-loong64-desktop #25.00.2000.015\n[ 56.697737] Hardware name: Inspur CE520L2/C09901N000000000, BIOS 2.09.00 10/11/2024\n[ 56.697739] pc 90000000066e35c8 ra ffff800004f98a80 tp 9000000125478000 sp 900000012547b8a0\n[ 56.697741] a0 0000000000000000 a1 ffff800004818b28 a2 0000000000000000 a3 0000000000000000\n[ 56.697743] a4 900000012547b8f0 a5 0000000000000000 a6 0000000000000000 a7 0000000000000000\n[ 56.697745] t0 ffff800004818b2d t1 0000000000000000 t2 0000000000000003 t3 0000000000000005\n[ 56.697747] t4 0000000000000000 t5 0000000000000000 t6 0000000000000000 t7 0000000000000000\n[ 56.697748] t8 0000000000000000 u0 0000000000000000 s9 0000000000000000 s0 900000011aa48028\n[ 56.697750] s1 0000000000000000 s2 0000000000000000 s3 ffff800004818e80 s4 ffff800004810000\n[ 56.697751] s5 90000001000b98d0 s6 ffff800004811f88 s7 ffff800005470440 s8 0000000000000000\n[ 56.697753] ra: ffff800004f98a80 wacom_update_name+0xe0/0x300 [wacom]\n[ 56.697802] ERA: 90000000066e35c8 strstr+0x28/0x120\n[ 56.697806] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n[ 56.697816] PRMD: 0000000c (PPLV0 +PIE +PWE)\n[ 56.697821] EUEN: 00000000 (-FPE -SXE -ASXE -BTE)\n[ 56.697827] ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7)\n[ 56.697831] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)\n[ 56.697835] BADV: 0000000000000000\n[ 56.697836] PRID: 0014d000 (Loongson-64bit, Loongson-3A6000)\n[ 56.697838] Modules linked in: wacom(+) bnep bluetooth rfkill qrtr nls_iso8859_1 nls_cp437 snd_hda_codec_conexant snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd soundcore input_leds mousedev led_class joydev deepin_netmonitor(OE) fuse nfnetlink dmi_sysfs ip_tables x_tables overlay amdgpu amdxcp drm_exec gpu_sched drm_buddy radeon drm_suballoc_helper i2c_algo_bit drm_ttm_helper r8169 ttm drm_display_helper spi_loongson_pci xhci_pci cec xhci_pci_renesas spi_loongson_core hid_generic realtek gpio_loongson_64bit\n[ 56.697887] Process (udev-worker) (pid: 2742, threadinfo=00000000aee0d8b4, task=00000000a9eff1f3)\n[ 56.697890] Stack : 0000000000000000 ffff800004817e00 0000000000000000 0000251c00000000\n[ 56.697896] 0000000000000000 00000011fffffffd 0000000000000000 0000000000000000\n[ 56.697901] 0000000000000000 1b67a968695184b9 0000000000000000 90000001000b98d0\n[ 56.697906] 90000001000bb8d0 900000011aa48028 0000000000000000 ffff800004f9d74c\n[ 56.697911] 90000001000ba000 ffff800004f9ce58 0000000000000000 ffff800005470440\n[ 56.697916] ffff800004811f88 90000001000b98d0 9000000100da2aa8 90000001000bb8d0\n[ 56.697921] 0000000000000000 90000001000ba000 900000011aa48028 ffff800004f9d74c\n[ 56.697926] ffff8000054704e8 90000001000bb8b8 90000001000ba000 0000000000000000\n[ 56.697931] 90000001000bb8d0 \n---truncated---",
"id": "GHSA-vv3w-8397-5q9f",
"modified": "2025-11-03T21:31:56Z",
"published": "2024-12-27T15:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56629"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2cd323c55bd3f356bf23ae1b4c20100abcdc29d6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2ed3e3a3ac06af8a6391c3d6a7791b7967d7d43a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5912a921289edb34d40aeab32ea6d52d41e75fed"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/59548215b76be98cf3422eea9a67d6ea578aca3d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7f0509556fa2f9789639dbcee9eed46e471ccef"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d031eef3cc2e3bf524509e38fb898e5335c85c96"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e689bc6697a7fcebd4a945ab0b1e1112c76024d8"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VV47-5MH5-W3HQ
Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-08-03 00:00A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information.
{
"affected": [],
"aliases": [
"CVE-2022-1671"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-26T17:15:00Z",
"severity": "HIGH"
},
"details": "A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information.",
"id": "GHSA-vv47-5mh5-w3hq",
"modified": "2022-08-03T00:00:54Z",
"published": "2022-07-27T00:00:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1671"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff8376ade4f668130385839cef586a0990f8ef87"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220901-0004"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220901-0008"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VV6M-825P-FC65
Vulnerability from github – Published: 2022-09-09 00:00 – Updated: 2022-09-14 00:00NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
{
"affected": [],
"aliases": [
"CVE-2022-3153"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-08T15:15:00Z",
"severity": "MODERATE"
},
"details": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.",
"id": "GHSA-vv6m-825p-fc65",
"modified": "2022-09-14T00:00:46Z",
"published": "2022-09-09T00:00:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3153"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/1540d334a04d874c2aa9d26b82dbbcd4bc5a78de"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VV6Q-P28J-9W24
Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-23 21:30In the Linux kernel, the following vulnerability has been resolved:
null_blk: fix poll request timeout handling
When doing io_uring benchmark on /dev/nullb0, it's easy to crash the kernel if poll requests timeout triggered, as reported by David. [1]
BUG: kernel NULL pointer dereference, address: 0000000000000008 Workqueue: kblockd blk_mq_timeout_work RIP: 0010:null_timeout_rq+0x4e/0x91 Call Trace: ? null_timeout_rq+0x4e/0x91 blk_mq_handle_expired+0x31/0x4b bt_iter+0x68/0x84 ? bt_tags_iter+0x81/0x81 __sbitmap_for_each_set.constprop.0+0xb0/0xf2 ? __blk_mq_complete_request_remote+0xf/0xf bt_for_each+0x46/0x64 ? __blk_mq_complete_request_remote+0xf/0xf ? percpu_ref_get_many+0xc/0x2a blk_mq_queue_tag_busy_iter+0x14d/0x18e blk_mq_timeout_work+0x95/0x127 process_one_work+0x185/0x263 worker_thread+0x1b5/0x227
This is indeed a race problem between null_timeout_rq() and null_poll().
null_poll() null_timeout_rq() spin_lock(&nq->poll_lock) list_splice_init(&nq->poll_list, &list) spin_unlock(&nq->poll_lock)
while (!list_empty(&list)) req = list_first_entry() list_del_init() ... blk_mq_add_to_batch() // req->rq_next = NULL spin_lock(&nq->poll_lock)
// rq->queuelist->next == NULL
list_del_init(&rq->queuelist)
spin_unlock(&nq->poll_lock)
Fix these problems by setting requests state to MQ_RQ_COMPLETE under nq->poll_lock protection, in which null_timeout_rq() can safely detect this race and early return.
Note this patch just fix the kernel panic when request timeout happen.
[1] https://lore.kernel.org/all/3893581.1691785261@warthog.procyon.org.uk/
{
"affected": [],
"aliases": [
"CVE-2023-53531"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T12:15:57Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix poll request timeout handling\n\nWhen doing io_uring benchmark on /dev/nullb0, it\u0027s easy to crash the\nkernel if poll requests timeout triggered, as reported by David. [1]\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nWorkqueue: kblockd blk_mq_timeout_work\nRIP: 0010:null_timeout_rq+0x4e/0x91\nCall Trace:\n ? null_timeout_rq+0x4e/0x91\n blk_mq_handle_expired+0x31/0x4b\n bt_iter+0x68/0x84\n ? bt_tags_iter+0x81/0x81\n __sbitmap_for_each_set.constprop.0+0xb0/0xf2\n ? __blk_mq_complete_request_remote+0xf/0xf\n bt_for_each+0x46/0x64\n ? __blk_mq_complete_request_remote+0xf/0xf\n ? percpu_ref_get_many+0xc/0x2a\n blk_mq_queue_tag_busy_iter+0x14d/0x18e\n blk_mq_timeout_work+0x95/0x127\n process_one_work+0x185/0x263\n worker_thread+0x1b5/0x227\n\nThis is indeed a race problem between null_timeout_rq() and null_poll().\n\nnull_poll()\t\t\t\tnull_timeout_rq()\n spin_lock(\u0026nq-\u003epoll_lock)\n list_splice_init(\u0026nq-\u003epoll_list, \u0026list)\n spin_unlock(\u0026nq-\u003epoll_lock)\n\n while (!list_empty(\u0026list))\n req = list_first_entry()\n list_del_init()\n ...\n blk_mq_add_to_batch()\n // req-\u003erq_next = NULL\n\t\t\t\t\tspin_lock(\u0026nq-\u003epoll_lock)\n\n\t\t\t\t\t// rq-\u003equeuelist-\u003enext == NULL\n\t\t\t\t\tlist_del_init(\u0026rq-\u003equeuelist)\n\n\t\t\t\t\tspin_unlock(\u0026nq-\u003epoll_lock)\n\nFix these problems by setting requests state to MQ_RQ_COMPLETE under\nnq-\u003epoll_lock protection, in which null_timeout_rq() can safely detect\nthis race and early return.\n\nNote this patch just fix the kernel panic when request timeout happen.\n\n[1] https://lore.kernel.org/all/3893581.1691785261@warthog.procyon.org.uk/",
"id": "GHSA-vv6q-p28j-9w24",
"modified": "2026-01-23T21:30:36Z",
"published": "2025-10-01T12:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53531"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5a26e45edb4690d58406178b5a9ea4c6dcf2c105"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a0b4a0666beacfe8add9c71d8922475541dbae73"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7cb2e709f2927cc3c76781df3e45de2381b3b9d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VV7P-2MJF-R3H3
Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
{
"affected": [],
"aliases": [
"CVE-2021-32139"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-13T20:15:00Z",
"severity": "MODERATE"
},
"details": "The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.",
"id": "GHSA-vv7p-2mjf-r3h3",
"modified": "2022-05-24T19:14:16Z",
"published": "2022-05-24T19:14:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32139"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1768"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VV8C-R99F-F6Q8
Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-04-27 21:30In the Linux kernel, the following vulnerability has been resolved:
net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool()
page_pool_create() can return an ERR_PTR on failure. The return value is used unconditionally in the loop that follows, passing the error pointer through xdp_rxq_info_reg_mem_model() into page_pool_use_xdp_mem(), which dereferences it, causing a kernel oops.
Add an IS_ERR check after page_pool_create() to return early on failure.
{
"affected": [],
"aliases": [
"CVE-2026-31646"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-24T15:16:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool()\n\npage_pool_create() can return an ERR_PTR on failure. The return value\nis used unconditionally in the loop that follows, passing the error\npointer through xdp_rxq_info_reg_mem_model() into page_pool_use_xdp_mem(),\nwhich dereferences it, causing a kernel oops.\n\nAdd an IS_ERR check after page_pool_create() to return early on failure.",
"id": "GHSA-vv8c-r99f-f6q8",
"modified": "2026-04-27T21:30:49Z",
"published": "2026-04-24T15:32:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31646"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/305832c53551cfbe6e5b81ca7ee765e60f4fe8e9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3fd0da4fd8851a7e62d009b7db6c4a05b092bc19"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7caf90d9ab97951a58d1de85ab7e7d7cca7a4513"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b5dcb41ba891b55157006cac79825c78a32b409e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e63265f188ea39dcf5f546770650027528f3bd0f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VVH2-XMJ2-JF8R
Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service).
{
"affected": [],
"aliases": [
"CVE-2020-28203"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-15T13:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service).",
"id": "GHSA-vvh2-xmj2-jf8r",
"modified": "2022-05-24T17:36:32Z",
"published": "2022-05-24T17:36:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28203"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VVJ2-X9VM-R47F
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
{
"affected": [],
"aliases": [
"CVE-2016-9117"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-10-30T22:59:00Z",
"severity": "MODERATE"
},
"details": "NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
"id": "GHSA-vvj2-x9vm-r47f",
"modified": "2022-05-13T01:16:23Z",
"published": "2022-05-13T01:16:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9117"
},
{
"type": "WEB",
"url": "https://github.com/uclouvain/openjpeg/issues/860"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93783"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VVJJ-6M9V-RG8G
Vulnerability from github – Published: 2026-06-08 18:31 – Updated: 2026-07-08 21:30In the Linux kernel, the following vulnerability has been resolved:
spi: s3c64xx: fix NULL-deref on driver unbind
A change moving DMA channel allocation from probe() back to s3c64xx_spi_prepare_transfer() failed to remove the corresponding deallocation from remove().
Drop the bogus DMA channel release from remove() to avoid triggering a NULL-pointer dereference on driver unbind.
This issue was flagged by Sashiko when reviewing a controller deregistration fix.
{
"affected": [],
"aliases": [
"CVE-2026-46296"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-08T17:16:48Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: s3c64xx: fix NULL-deref on driver unbind\n\nA change moving DMA channel allocation from probe() back to\ns3c64xx_spi_prepare_transfer() failed to remove the corresponding\ndeallocation from remove().\n\nDrop the bogus DMA channel release from remove() to avoid triggering a\nNULL-pointer dereference on driver unbind.\n\nThis issue was flagged by Sashiko when reviewing a controller\nderegistration fix.",
"id": "GHSA-vvjj-6m9v-rg8g",
"modified": "2026-07-08T21:30:21Z",
"published": "2026-06-08T18:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46296"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1108b8722b9ff0cdd3e8aa18d98244fcd93b6760"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1b66f16a571a10ba8889ac471755c8af9c5b9266"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/22788b1a8611380b141e09a8896702e32d164238"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/29e219a18e21258bdb4ee12cecd0e9ec87d7e6a7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/323a258f4b1916b5a3098618e036e033b2f2317f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/45daacbead8a009844bd5dba6cfa731332184d17"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VVP3-76JQ-Q4C4
Vulnerability from github – Published: 2025-07-25 18:30 – Updated: 2025-12-23 00:30In the Linux kernel, the following vulnerability has been resolved:
atm: clip: Fix potential null-ptr-deref in to_atmarpd().
atmarpd is protected by RTNL since commit f3a0592b37b8 ("[ATM]: clip causes unregister hang").
However, it is not enough because to_atmarpd() is called without RTNL, especially clip_neigh_solicit() / neigh_ops->solicit() is unsleepable.
Also, there is no RTNL dependency around atmarpd.
Let's use a private mutex and RCU to protect access to atmarpd in to_atmarpd().
{
"affected": [],
"aliases": [
"CVE-2025-38460"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-25T16:15:31Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix potential null-ptr-deref in to_atmarpd().\n\natmarpd is protected by RTNL since commit f3a0592b37b8 (\"[ATM]: clip\ncauses unregister hang\").\n\nHowever, it is not enough because to_atmarpd() is called without RTNL,\nespecially clip_neigh_solicit() / neigh_ops-\u003esolicit() is unsleepable.\n\nAlso, there is no RTNL dependency around atmarpd.\n\nLet\u0027s use a private mutex and RCU to protect access to atmarpd in\nto_atmarpd().",
"id": "GHSA-vvp3-76jq-q4c4",
"modified": "2025-12-23T00:30:30Z",
"published": "2025-07-25T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38460"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/06935c50cfa3ac57cce80bba67b6d38ec1406e92"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3251ce3979f41bd228f77a7615f9dd616d06a110"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/36caab990b69ef4eec1d81c52a19f080b7daa059"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/706cc36477139c1616a9b2b96610a8bb520b7119"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/70eac9ba7ce25d99c1d99bbf4ddb058940f631f9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a4c5785feb979cd996a99cfaad8bf353b2e79301"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ee4d9e4ddf3f9c4ee2ec0a3aad6196ee36d30e57"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f58e4270c73e7f086322978d585ea67c8076ce49"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.