CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6309 vulnerabilities reference this CWE, most recent first.
GHSA-X3Q9-C788-J7C8
Vulnerability from github – Published: 2024-01-03 09:30 – Updated: 2024-11-22 18:18Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "PaddlePaddle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-38676"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-03T21:51:24Z",
"nvd_published_at": "2024-01-03T09:15:08Z",
"severity": "MODERATE"
},
"details": "Nullptr in paddle.dot\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n",
"id": "GHSA-x3q9-c788-j7c8",
"modified": "2024-11-22T18:18:14Z",
"published": "2024-01-03T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38676"
},
{
"type": "WEB",
"url": "https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"
},
{
"type": "PACKAGE",
"url": "https://github.com/PaddlePaddle/Paddle"
},
{
"type": "WEB",
"url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-008.md"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-131.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "PaddlePaddle segfault in paddle.dot"
}
GHSA-X3RH-VHJ8-7WQ6
Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check null-initialized variables
[WHAT & HOW] drr_timing and subvp_pipe are initialized to null and they are not always assigned new values. It is necessary to check for null before dereferencing.
This fixes 2 FORWARD_NULL issues reported by Coverity.
{
"affected": [],
"aliases": [
"CVE-2024-49898"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null-initialized variables\n\n[WHAT \u0026 HOW]\ndrr_timing and subvp_pipe are initialized to null and they are not\nalways assigned new values. It is necessary to check for null before\ndereferencing.\n\nThis fixes 2 FORWARD_NULL issues reported by Coverity.",
"id": "GHSA-x3rh-vhj8-7wq6",
"modified": "2025-11-03T21:31:22Z",
"published": "2024-10-21T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49898"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/115b1a3b0944b4d8ef0b4b0c5a625bdd9474131f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/26d262b79a3587aaa84368586a55e9026c67841b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/367cd9ceba1933b63bc1d87d967baf6d9fd241d2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3fc70ae048fe0936761b73b50700a810ff61e853"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c3a3b6d9a9383e3c1a4a08878ba5046e68647595"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X3V8-C8QX-3J3R
Vulnerability from github – Published: 2021-11-10 18:57 – Updated: 2024-11-07 22:16Impact
The shape inference code for DeserializeSparse can trigger a null pointer dereference:
import tensorflow as tf
dataset = tf.data.Dataset.range(3)
@tf.function
def test():
y = tf.raw_ops.DeserializeSparse(
serialized_sparse=tf.data.experimental.to_variant(dataset),
dtype=tf.int32)
test()
This is because the shape inference function assumes that the serialize_sparse tensor is a tensor with positive rank (and having 3 as the last dimension). However, in the example above, the argument is a scalar (i.e., rank 0).
Patches
We have patched the issue in GitHub commit d3738dd70f1c9ceb547258cbb82d853da8771850.
The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41215"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-08T22:22:42Z",
"nvd_published_at": "2021-11-05T21:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe [shape inference code for `DeserializeSparse`](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/ops/sparse_ops.cc#L152-L168) can trigger a null pointer dereference:\n\n```python\nimport tensorflow as tf\n\ndataset = tf.data.Dataset.range(3)\n \n@tf.function \ndef test(): \n y = tf.raw_ops.DeserializeSparse(\n serialized_sparse=tf.data.experimental.to_variant(dataset),\n dtype=tf.int32)\n\ntest()\n```\n\nThis is because the shape inference function assumes that the `serialize_sparse` tensor is a tensor with positive rank (and having `3` as the last dimension). However, in the example above, the argument is a scalar (i.e., rank 0).\n\n### Patches\nWe have patched the issue in GitHub commit [d3738dd70f1c9ceb547258cbb82d853da8771850](https://github.com/tensorflow/tensorflow/commit/d3738dd70f1c9ceb547258cbb82d853da8771850).\n\nThe fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-x3v8-c8qx-3j3r",
"modified": "2024-11-07T22:16:48Z",
"published": "2021-11-10T18:57:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x3v8-c8qx-3j3r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41215"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/d3738dd70f1c9ceb547258cbb82d853da8771850"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-624.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-822.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-407.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Null pointer exception in `DeserializeSparse`"
}
GHSA-X43Q-W948-5WXQ
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-05-30 12:30In the Linux kernel, the following vulnerability has been resolved:
drm/exynos: vidi: fix to avoid directly dereferencing user pointer
In vidi_connection_ioctl(), vidi->edid(user pointer) is directly dereferenced in the kernel.
This allows arbitrary kernel memory access from the user space, so instead of directly accessing the user pointer in the kernel, we should modify it to copy edid to kernel memory using copy_from_user() and use it.
{
"affected": [],
"aliases": [
"CVE-2026-45958"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:12Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: vidi: fix to avoid directly dereferencing user pointer\n\nIn vidi_connection_ioctl(), vidi-\u003eedid(user pointer) is directly\ndereferenced in the kernel.\n\nThis allows arbitrary kernel memory access from the user space, so instead\nof directly accessing the user pointer in the kernel, we should modify it\nto copy edid to kernel memory using copy_from_user() and use it.",
"id": "GHSA-x43q-w948-5wxq",
"modified": "2026-05-30T12:30:23Z",
"published": "2026-05-27T15:33:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45958"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/13537f7f6d28a87ee2e496e071b6ad9541905f23"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/235d702b771416b8a61e81bb09ba39282e4268fd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e147aa3169b83eaf044776f81d86235bf147de1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4949e32387fe315b59ad5f422c9fc52836fbdd1e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4c4193829109f38b2855de77981adc2e066286c7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7efb6a4e6b1b523e744d17e6249757ed97caae7c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c2914c0ca7557c6c5c845621cb6d6c9f26ab5a8c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d4c98c077c7fb2dfdece7d605e694b5ea2665085"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X443-5GJR-4GR5
Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2024-11-20 18:32In the Linux kernel, the following vulnerability has been resolved:
eventfs: Use list_del_rcu() for SRCU protected list variable
Chi Zhiling reported:
We found a null pointer accessing in tracefs[1], the reason is that the variable 'ei_child' is set to LIST_POISON1, that means the list was removed in eventfs_remove_rec. so when access the ei_child->is_freed, the panic triggered.
by the way, the following script can reproduce this panic
loop1 (){ while true do echo "p:kp submit_bio" > /sys/kernel/debug/tracing/kprobe_events echo "" > /sys/kernel/debug/tracing/kprobe_events done } loop2 (){ while true do tree /sys/kernel/debug/tracing/events/kprobes/ done } loop1 & loop2
[1]: [ 1147.959632][T17331] Unable to handle kernel paging request at virtual address dead000000000150 [ 1147.968239][T17331] Mem abort info: [ 1147.971739][T17331] ESR = 0x0000000096000004 [ 1147.976172][T17331] EC = 0x25: DABT (current EL), IL = 32 bits [ 1147.982171][T17331] SET = 0, FnV = 0 [ 1147.985906][T17331] EA = 0, S1PTW = 0 [ 1147.989734][T17331] FSC = 0x04: level 0 translation fault [ 1147.995292][T17331] Data abort info: [ 1147.998858][T17331] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 1148.005023][T17331] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 1148.010759][T17331] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 1148.016752][T17331] [dead000000000150] address between user and kernel address ranges [ 1148.024571][T17331] Internal error: Oops: 0000000096000004 [#1] SMP [ 1148.030825][T17331] Modules linked in: team_mode_loadbalance team nlmon act_gact cls_flower sch_ingress bonding tls macvlan dummy ib_core bridge stp llc veth amdgpu amdxcp mfd_core gpu_sched drm_exec drm_buddy radeon crct10dif_ce video drm_suballoc_helper ghash_ce drm_ttm_helper sha2_ce ttm sha256_arm64 i2c_algo_bit sha1_ce sbsa_gwdt cp210x drm_display_helper cec sr_mod cdrom drm_kms_helper binfmt_misc sg loop fuse drm dm_mod nfnetlink ip_tables autofs4 [last unloaded: tls] [ 1148.072808][T17331] CPU: 3 PID: 17331 Comm: ls Tainted: G W ------- ---- 6.6.43 #2 [ 1148.081751][T17331] Source Version: 21b3b386e948bedd29369af66f3e98ab01b1c650 [ 1148.088783][T17331] Hardware name: Greatwall GW-001M1A-FTF/GW-001M1A-FTF, BIOS KunLun BIOS V4.0 07/16/2020 [ 1148.098419][T17331] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 1148.106060][T17331] pc : eventfs_iterate+0x2c0/0x398 [ 1148.111017][T17331] lr : eventfs_iterate+0x2fc/0x398 [ 1148.115969][T17331] sp : ffff80008d56bbd0 [ 1148.119964][T17331] x29: ffff80008d56bbf0 x28: ffff001ff5be2600 x27: 0000000000000000 [ 1148.127781][T17331] x26: ffff001ff52ca4e0 x25: 0000000000009977 x24: dead000000000100 [ 1148.135598][T17331] x23: 0000000000000000 x22: 000000000000000b x21: ffff800082645f10 [ 1148.143415][T17331] x20: ffff001fddf87c70 x19: ffff80008d56bc90 x18: 0000000000000000 [ 1148.151231][T17331] x17: 0000000000000000 x16: 0000000000000000 x15: ffff001ff52ca4e0 [ 1148.159048][T17331] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ 1148.166864][T17331] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000804391d0 [ 1148.174680][T17331] x8 : 0000000180000000 x7 : 0000000000000018 x6 : 0000aaab04b92862 [ 1148.182498][T17331] x5 : 0000aaab04b92862 x4 : 0000000080000000 x3 : 0000000000000068 [ 1148.190314][T17331] x2 : 000000000000000f x1 : 0000000000007ea8 x0 : 0000000000000001 [ 1148.198131][T17331] Call trace: [ 1148.201259][T17331] eventfs_iterate+0x2c0/0x398 [ 1148.205864][T17331] iterate_dir+0x98/0x188 [ 1148.210036][T17331] __arm64_sys_getdents64+0x78/0x160 [ 1148.215161][T17331] invoke_syscall+0x78/0x108 [ 1148.219593][T17331] el0_svc_common.constprop.0+0x48/0xf0 [ 1148.224977][T17331] do_el0_svc+0x24/0x38 [ 1148.228974][T17331] el0_svc+0x40/0x168 [ 1148.232798][T17 ---truncated---
{
"affected": [],
"aliases": [
"CVE-2024-46785"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T08:15:05Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\neventfs: Use list_del_rcu() for SRCU protected list variable\n\nChi Zhiling reported:\n\n We found a null pointer accessing in tracefs[1], the reason is that the\n variable \u0027ei_child\u0027 is set to LIST_POISON1, that means the list was\n removed in eventfs_remove_rec. so when access the ei_child-\u003eis_freed, the\n panic triggered.\n\n by the way, the following script can reproduce this panic\n\n loop1 (){\n while true\n do\n echo \"p:kp submit_bio\" \u003e /sys/kernel/debug/tracing/kprobe_events\n echo \"\" \u003e /sys/kernel/debug/tracing/kprobe_events\n done\n }\n loop2 (){\n while true\n do\n tree /sys/kernel/debug/tracing/events/kprobes/\n done\n }\n loop1 \u0026\n loop2\n\n [1]:\n [ 1147.959632][T17331] Unable to handle kernel paging request at virtual address dead000000000150\n [ 1147.968239][T17331] Mem abort info:\n [ 1147.971739][T17331] ESR = 0x0000000096000004\n [ 1147.976172][T17331] EC = 0x25: DABT (current EL), IL = 32 bits\n [ 1147.982171][T17331] SET = 0, FnV = 0\n [ 1147.985906][T17331] EA = 0, S1PTW = 0\n [ 1147.989734][T17331] FSC = 0x04: level 0 translation fault\n [ 1147.995292][T17331] Data abort info:\n [ 1147.998858][T17331] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n [ 1148.005023][T17331] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n [ 1148.010759][T17331] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n [ 1148.016752][T17331] [dead000000000150] address between user and kernel address ranges\n [ 1148.024571][T17331] Internal error: Oops: 0000000096000004 [#1] SMP\n [ 1148.030825][T17331] Modules linked in: team_mode_loadbalance team nlmon act_gact cls_flower sch_ingress bonding tls macvlan dummy ib_core bridge stp llc veth amdgpu amdxcp mfd_core gpu_sched drm_exec drm_buddy radeon crct10dif_ce video drm_suballoc_helper ghash_ce drm_ttm_helper sha2_ce ttm sha256_arm64 i2c_algo_bit sha1_ce sbsa_gwdt cp210x drm_display_helper cec sr_mod cdrom drm_kms_helper binfmt_misc sg loop fuse drm dm_mod nfnetlink ip_tables autofs4 [last unloaded: tls]\n [ 1148.072808][T17331] CPU: 3 PID: 17331 Comm: ls Tainted: G W ------- ---- 6.6.43 #2\n [ 1148.081751][T17331] Source Version: 21b3b386e948bedd29369af66f3e98ab01b1c650\n [ 1148.088783][T17331] Hardware name: Greatwall GW-001M1A-FTF/GW-001M1A-FTF, BIOS KunLun BIOS V4.0 07/16/2020\n [ 1148.098419][T17331] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n [ 1148.106060][T17331] pc : eventfs_iterate+0x2c0/0x398\n [ 1148.111017][T17331] lr : eventfs_iterate+0x2fc/0x398\n [ 1148.115969][T17331] sp : ffff80008d56bbd0\n [ 1148.119964][T17331] x29: ffff80008d56bbf0 x28: ffff001ff5be2600 x27: 0000000000000000\n [ 1148.127781][T17331] x26: ffff001ff52ca4e0 x25: 0000000000009977 x24: dead000000000100\n [ 1148.135598][T17331] x23: 0000000000000000 x22: 000000000000000b x21: ffff800082645f10\n [ 1148.143415][T17331] x20: ffff001fddf87c70 x19: ffff80008d56bc90 x18: 0000000000000000\n [ 1148.151231][T17331] x17: 0000000000000000 x16: 0000000000000000 x15: ffff001ff52ca4e0\n [ 1148.159048][T17331] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n [ 1148.166864][T17331] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000804391d0\n [ 1148.174680][T17331] x8 : 0000000180000000 x7 : 0000000000000018 x6 : 0000aaab04b92862\n [ 1148.182498][T17331] x5 : 0000aaab04b92862 x4 : 0000000080000000 x3 : 0000000000000068\n [ 1148.190314][T17331] x2 : 000000000000000f x1 : 0000000000007ea8 x0 : 0000000000000001\n [ 1148.198131][T17331] Call trace:\n [ 1148.201259][T17331] eventfs_iterate+0x2c0/0x398\n [ 1148.205864][T17331] iterate_dir+0x98/0x188\n [ 1148.210036][T17331] __arm64_sys_getdents64+0x78/0x160\n [ 1148.215161][T17331] invoke_syscall+0x78/0x108\n [ 1148.219593][T17331] el0_svc_common.constprop.0+0x48/0xf0\n [ 1148.224977][T17331] do_el0_svc+0x24/0x38\n [ 1148.228974][T17331] el0_svc+0x40/0x168\n [ 1148.232798][T17\n---truncated---",
"id": "GHSA-x443-5gjr-4gr5",
"modified": "2024-11-20T18:32:15Z",
"published": "2024-09-18T09:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46785"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/05e08297c3c298d8ec28e5a5adb55840312dd87e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f579d17a86448779f9642ad8baca6e3036a8e2d6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X452-9H59-82PG
Vulnerability from github – Published: 2022-05-13 01:09 – Updated: 2022-05-13 01:09When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.
{
"affected": [],
"aliases": [
"CVE-2018-1302"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-26T15:29:00Z",
"severity": "MODERATE"
},
"details": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.",
"id": "GHSA-x452-9h59-82pg",
"modified": "2022-05-13T01:09:39Z",
"published": "2022-05-13T01:09:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1302"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3783-1"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180601-0004"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2018/03/24/5"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103528"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040567"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X45X-PQWC-C7F3
Vulnerability from github – Published: 2025-01-05 15:30 – Updated: 2025-01-05 15:30A vulnerability has been found in IOBit Protected Folder up to 1.3.0 and classified as problematic. This vulnerability affects the function 0x22200c in the library pffilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-0221"
],
"database_specific": {
"cwe_ids": [
"CWE-404",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-05T15:15:17Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in IOBit Protected Folder up to 1.3.0 and classified as problematic. This vulnerability affects the function 0x22200c in the library pffilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-x45x-pqwc-c7f3",
"modified": "2025-01-05T15:30:30Z",
"published": "2025-01-05T15:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0221"
},
{
"type": "WEB",
"url": "https://shareforall.notion.site/IOBit-Protected-Folder-pffilter-0x22200C-NPD-DOS-15260437bb1e80b2a477d42396d5d06c"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.290200"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.290200"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.466955"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-X464-67PG-RXCC
Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c
Fix potential dereferencing of ERR_PTR() in find_format_by_pix() and uvc_v4l2_enum_format().
Fix the following smatch errors:
drivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix() error: 'fmtdesc' dereferencing possible ERR_PTR()
drivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format() error: 'fmtdesc' dereferencing possible ERR_PTR()
Also, fix similar issue in uvc_v4l2_try_format() for potential dereferencing of ERR_PTR().
{
"affected": [],
"aliases": [
"CVE-2024-50056"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T20:15:17Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c\n\nFix potential dereferencing of ERR_PTR() in find_format_by_pix()\nand uvc_v4l2_enum_format().\n\nFix the following smatch errors:\n\ndrivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\ndrivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\nAlso, fix similar issue in uvc_v4l2_try_format() for potential\ndereferencing of ERR_PTR().",
"id": "GHSA-x464-67pg-rxcc",
"modified": "2025-11-03T21:31:28Z",
"published": "2024-10-21T21:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50056"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/03fa71e97e9bb116993ec1d51b8a6fe776db0984"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/72a68d2bede3284b95ee93a5ab3a81758bba95b0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7bb96b18864225a694e3887ac2733159489e4b0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cedeb36c3ff4acd0f3d09918dfd8ed1df05efdd6"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X475-4GWH-773R
Vulnerability from github – Published: 2022-08-18 00:00 – Updated: 2022-08-20 00:00Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-1748"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-17T21:15:00Z",
"severity": "HIGH"
},
"details": "Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.",
"id": "GHSA-x475-4gwh-773r",
"modified": "2022-08-20T00:00:46Z",
"published": "2022-08-18T00:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1748"
},
{
"type": "WEB",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X47Q-P47X-3235
Vulnerability from github – Published: 2022-05-24 22:00 – Updated: 2023-02-28 21:30marc-q libwav through 2019-08-15 has a NULL pointer dereference in gain_file() at wav_gain.c.
{
"affected": [],
"aliases": [
"CVE-2019-16348"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-16T13:15:00Z",
"severity": "MODERATE"
},
"details": "marc-q libwav through 2019-08-15 has a NULL pointer dereference in gain_file() at wav_gain.c.",
"id": "GHSA-x47q-p47x-3235",
"modified": "2023-02-28T21:30:17Z",
"published": "2022-05-24T22:00:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16348"
},
{
"type": "WEB",
"url": "https://github.com/marc-q/libwav/issues/24"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.