CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-VWJ2-9G8C-X8HM
Vulnerability from github – Published: 2021-12-21 00:00 – Updated: 2021-12-22 00:01Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-43750"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-20T21:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-vwj2-9g8c-x8hm",
"modified": "2021-12-22T00:01:28Z",
"published": "2021-12-21T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43750"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VWM2-MQFJ-R5V5
Vulnerability from github – Published: 2025-03-12 12:30 – Updated: 2025-03-13 21:31In the Linux kernel, the following vulnerability has been resolved:
sockmap, vsock: For connectible sockets allow only connected
sockmap expects all vsocks to have a transport assigned, which is expressed in vsock_proto::psock_update_sk_prot(). However, there is an edge case where an unconnected (connectible) socket may lose its previously assigned transport. This is handled with a NULL check in the vsock/BPF recv path.
Another design detail is that listening vsocks are not supposed to have any transport assigned at all. Which implies they are not supported by the sockmap. But this is complicated by the fact that a socket, before switching to TCP_LISTEN, may have had some transport assigned during a failed connect() attempt. Hence, we may end up with a listening vsock in a sockmap, which blows up quickly:
KASAN: null-ptr-deref in range [0x0000000000000120-0x0000000000000127] CPU: 7 UID: 0 PID: 56 Comm: kworker/7:0 Not tainted 6.14.0-rc1+ Workqueue: vsock-loopback vsock_loopback_work RIP: 0010:vsock_read_skb+0x4b/0x90 Call Trace: sk_psock_verdict_data_ready+0xa4/0x2e0 virtio_transport_recv_pkt+0x1ca8/0x2acc vsock_loopback_work+0x27d/0x3f0 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x35a/0x700 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30
For connectible sockets, instead of relying solely on the state of vsk->transport, tell sockmap to only allow those representing established connections. This aligns with the behaviour for AF_INET and AF_UNIX.
{
"affected": [],
"aliases": [
"CVE-2025-21854"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-12T10:15:18Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsockmap, vsock: For connectible sockets allow only connected\n\nsockmap expects all vsocks to have a transport assigned, which is expressed\nin vsock_proto::psock_update_sk_prot(). However, there is an edge case\nwhere an unconnected (connectible) socket may lose its previously assigned\ntransport. This is handled with a NULL check in the vsock/BPF recv path.\n\nAnother design detail is that listening vsocks are not supposed to have any\ntransport assigned at all. Which implies they are not supported by the\nsockmap. But this is complicated by the fact that a socket, before\nswitching to TCP_LISTEN, may have had some transport assigned during a\nfailed connect() attempt. Hence, we may end up with a listening vsock in a\nsockmap, which blows up quickly:\n\nKASAN: null-ptr-deref in range [0x0000000000000120-0x0000000000000127]\nCPU: 7 UID: 0 PID: 56 Comm: kworker/7:0 Not tainted 6.14.0-rc1+\nWorkqueue: vsock-loopback vsock_loopback_work\nRIP: 0010:vsock_read_skb+0x4b/0x90\nCall Trace:\n sk_psock_verdict_data_ready+0xa4/0x2e0\n virtio_transport_recv_pkt+0x1ca8/0x2acc\n vsock_loopback_work+0x27d/0x3f0\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x35a/0x700\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nFor connectible sockets, instead of relying solely on the state of\nvsk-\u003etransport, tell sockmap to only allow those representing established\nconnections. This aligns with the behaviour for AF_INET and AF_UNIX.",
"id": "GHSA-vwm2-mqfj-r5v5",
"modified": "2025-03-13T21:31:18Z",
"published": "2025-03-12T12:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21854"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/22b683217ad2112791a708693cb236507abd637a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8fb5bb169d17cdd12c2dcc2e96830ed487d77a0f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cc9a7832ede53ade1ba9991f0e27314caa4029d8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7b473e35986835cc2813fef7b9d40336a09247e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VWW8-W2QW-QHFG
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-01-08 18:30In the Linux kernel, the following vulnerability has been resolved:
mm/gup: handle NULL pages in unpin_user_pages()
The recent addition of "pofs" (pages or folios) handling to gup has a flaw: it assumes that unpin_user_pages() handles NULL pages in the pages** array. That's not the case, as I discovered when I ran on a new configuration on my test machine.
Fix this by skipping NULL pages in unpin_user_pages(), just like unpin_folios() already does.
Details: when booting on x86 with "numa=fake=2 movablecore=4G" on Linux 6.12, and running this:
tools/testing/selftests/mm/gup_longterm
...I get the following crash:
BUG: kernel NULL pointer dereference, address: 0000000000000008 RIP: 0010:sanity_check_pinned_pages+0x3a/0x2d0 ... Call Trace: ? __die_body+0x66/0xb0 ? page_fault_oops+0x30c/0x3b0 ? do_user_addr_fault+0x6c3/0x720 ? irqentry_enter+0x34/0x60 ? exc_page_fault+0x68/0x100 ? asm_exc_page_fault+0x22/0x30 ? sanity_check_pinned_pages+0x3a/0x2d0 unpin_user_pages+0x24/0xe0 check_and_migrate_movable_pages_or_folios+0x455/0x4b0 __gup_longterm_locked+0x3bf/0x820 ? mmap_read_lock_killable+0x12/0x50 ? __pfx_mmap_read_lock_killable+0x10/0x10 pin_user_pages+0x66/0xa0 gup_test_ioctl+0x358/0xb20 __se_sys_ioctl+0x6b/0xc0 do_syscall_64+0x7b/0x150 entry_SYSCALL_64_after_hwframe+0x76/0x7e
{
"affected": [],
"aliases": [
"CVE-2024-56612"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T15:15:20Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/gup: handle NULL pages in unpin_user_pages()\n\nThe recent addition of \"pofs\" (pages or folios) handling to gup has a\nflaw: it assumes that unpin_user_pages() handles NULL pages in the pages**\narray. That\u0027s not the case, as I discovered when I ran on a new\nconfiguration on my test machine.\n\nFix this by skipping NULL pages in unpin_user_pages(), just like\nunpin_folios() already does.\n\nDetails: when booting on x86 with \"numa=fake=2 movablecore=4G\" on Linux\n6.12, and running this:\n\n tools/testing/selftests/mm/gup_longterm\n\n...I get the following crash:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nRIP: 0010:sanity_check_pinned_pages+0x3a/0x2d0\n...\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x66/0xb0\n ? page_fault_oops+0x30c/0x3b0\n ? do_user_addr_fault+0x6c3/0x720\n ? irqentry_enter+0x34/0x60\n ? exc_page_fault+0x68/0x100\n ? asm_exc_page_fault+0x22/0x30\n ? sanity_check_pinned_pages+0x3a/0x2d0\n unpin_user_pages+0x24/0xe0\n check_and_migrate_movable_pages_or_folios+0x455/0x4b0\n __gup_longterm_locked+0x3bf/0x820\n ? mmap_read_lock_killable+0x12/0x50\n ? __pfx_mmap_read_lock_killable+0x10/0x10\n pin_user_pages+0x66/0xa0\n gup_test_ioctl+0x358/0xb20\n __se_sys_ioctl+0x6b/0xc0\n do_syscall_64+0x7b/0x150\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"id": "GHSA-vww8-w2qw-qhfg",
"modified": "2025-01-08T18:30:47Z",
"published": "2024-12-27T15:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56612"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/69d319450d1c651f3b05cd820ff285fdd810c032"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a1268be280d8e484ab3606d7476edd0f14bb9961"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VWWQ-37X8-2QRX
Vulnerability from github – Published: 2025-09-25 18:30 – Updated: 2025-09-25 18:30glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location.
{
"affected": [],
"aliases": [
"CVE-2025-60019"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-25T16:15:36Z",
"severity": "LOW"
},
"details": "glib-networking\u0027s OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location.",
"id": "GHSA-vwwq-37x8-2qrx",
"modified": "2025-09-25T18:30:34Z",
"published": "2025-09-25T18:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60019"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-60019"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398140"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/glib-networking/-/issues/227"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-VX2J-FJCJ-HV44
Vulnerability from github – Published: 2025-08-22 18:31 – Updated: 2025-11-26 00:30In the Linux kernel, the following vulnerability has been resolved:
Revert "drm/gem-dma: Use dma_buf from GEM object instance"
This reverts commit e8afa1557f4f963c9a511bd2c6074a941c308685.
The dma_buf field in struct drm_gem_object is not stable over the object instance's lifetime. The field becomes NULL when user space releases the final GEM handle on the buffer object. This resulted in a NULL-pointer deref.
Workarounds in commit 5307dce878d4 ("drm/gem: Acquire references on GEM handles for framebuffers") and commit f6bfc9afc751 ("drm/framebuffer: Acquire internal references on GEM handles") only solved the problem partially. They especially don't work for buffer objects without a DRM framebuffer associated.
Hence, this revert to going back to using .import_attach->dmabuf.
v3: - cc stable
{
"affected": [],
"aliases": [
"CVE-2025-38672"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-22T16:15:42Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/gem-dma: Use dma_buf from GEM object instance\"\n\nThis reverts commit e8afa1557f4f963c9a511bd2c6074a941c308685.\n\nThe dma_buf field in struct drm_gem_object is not stable over the\nobject instance\u0027s lifetime. The field becomes NULL when user space\nreleases the final GEM handle on the buffer object. This resulted\nin a NULL-pointer deref.\n\nWorkarounds in commit 5307dce878d4 (\"drm/gem: Acquire references on\nGEM handles for framebuffers\") and commit f6bfc9afc751 (\"drm/framebuffer:\nAcquire internal references on GEM handles\") only solved the problem\npartially. They especially don\u0027t work for buffer objects without a DRM\nframebuffer associated.\n\nHence, this revert to going back to using .import_attach-\u003edmabuf.\n\nv3:\n- cc stable",
"id": "GHSA-vx2j-fjcj-hv44",
"modified": "2025-11-26T00:30:15Z",
"published": "2025-08-22T18:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38672"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1918e79be908b8a2c8757640289bc196c14d928a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e7bdb3104a2f71ec1439d37f8e6e2f201dbcd7cf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VX3C-WW5C-QPM8
Vulnerability from github – Published: 2025-10-03 21:30 – Updated: 2025-10-08 21:30A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
{
"affected": [],
"aliases": [
"CVE-2025-52859"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-03T19:15:47Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.6.3195 build 20250715 and later\nQuTS hero h5.2.6.3195 build 20250715 and later",
"id": "GHSA-vx3c-ww5c-qpm8",
"modified": "2025-10-08T21:30:24Z",
"published": "2025-10-03T21:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52859"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-25-36"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VX56-8X3P-3HVP
Vulnerability from github – Published: 2024-08-17 09:30 – Updated: 2024-09-30 15:30In the Linux kernel, the following vulnerability has been resolved:
ASoC: TAS2781: Fix tasdev_load_calibrated_data()
This function has a reversed if statement so it's either a no-op or it leads to a NULL dereference.
{
"affected": [],
"aliases": [
"CVE-2024-42278"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-17T09:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\n\nThis function has a reversed if statement so it\u0027s either a no-op or it\nleads to a NULL dereference.",
"id": "GHSA-vx56-8x3p-3hvp",
"modified": "2024-09-30T15:30:43Z",
"published": "2024-08-17T09:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42278"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/51be301d29d674ff328dfcf23705851f326f35b3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6d98741dbd1309a6f2d7cffbb10a8f036ec3ca06"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/92c78222168e9035a9bfb8841c2e56ce23e51f73"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VX7W-47R6-WXW3
Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-04-28 12:31In the Linux kernel, the following vulnerability has been resolved:
tracing: Drain deferred trigger frees if kthread creation fails
Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback must still drain the deferred list if kthread creation never succeeds.
Otherwise, boot-deferred nodes can accumulate on trigger_data_free_list, later frees fall back to synchronously freeing only the current object, and the older queued entries are leaked forever.
To trigger this, add the following to the kernel command line:
trace_event=sched_switch trace_trigger=sched_switch.traceon,sched_switch.traceon
The second traceon trigger will fail and be freed. This triggers a NULL pointer dereference and crashes the kernel.
Keep the deferred boot-time behavior, but when kthread creation fails, drain the whole queued list synchronously. Do the same in the late-init drain path so queued entries are not stranded there either.
{
"affected": [],
"aliases": [
"CVE-2026-31481"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T14:16:45Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Drain deferred trigger frees if kthread creation fails\n\nBoot-time trigger registration can fail before the trigger-data cleanup\nkthread exists. Deferring those frees until late init is fine, but the\npost-boot fallback must still drain the deferred list if kthread\ncreation never succeeds.\n\nOtherwise, boot-deferred nodes can accumulate on\ntrigger_data_free_list, later frees fall back to synchronously freeing\nonly the current object, and the older queued entries are leaked\nforever.\n\nTo trigger this, add the following to the kernel command line:\n\n trace_event=sched_switch trace_trigger=sched_switch.traceon,sched_switch.traceon\n\nThe second traceon trigger will fail and be freed. This triggers a NULL\npointer dereference and crashes the kernel.\n\nKeep the deferred boot-time behavior, but when kthread creation fails,\ndrain the whole queued list synchronously. Do the same in the late-init\ndrain path so queued entries are not stranded there either.",
"id": "GHSA-vx7w-47r6-wxw3",
"modified": "2026-04-28T12:31:30Z",
"published": "2026-04-22T15:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31481"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/250ab25391edeeab8462b68be42e4904506c409c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/771624b7884a83bb9f922ae64ee41a5f8b7576c9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VX8W-4739-F7JM
Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-17 00:00Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-40742"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-16T15:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-vx8w-4739-f7jm",
"modified": "2022-03-17T00:00:35Z",
"published": "2022-03-17T00:00:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40742"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/audition/apsb21-92.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VXGQ-8374-WQ2X
Vulnerability from github – Published: 2023-12-05 03:30 – Updated: 2023-12-05 03:30Memory corruption when processing cmd parameters while parsing vdev.
{
"affected": [],
"aliases": [
"CVE-2023-33088"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-05T03:15:13Z",
"severity": "HIGH"
},
"details": "Memory corruption when processing cmd parameters while parsing vdev.",
"id": "GHSA-vxgq-8374-wq2x",
"modified": "2023-12-05T03:30:22Z",
"published": "2023-12-05T03:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33088"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.