Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-X8FR-74RG-389V

Vulnerability from github – Published: 2025-03-07 21:31 – Updated: 2025-03-07 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()

In an unlikely (and probably wrong?) case that the 'ppi' parameter of ata_host_alloc_pinfo() points to an array starting with a NULL pointer, there's going to be a kernel oops as the 'pi' local variable won't get reassigned from the initial value of NULL. Initialize 'pi' instead to '&ata_dummy_port_info' to fix the possible kernel oops for good...

Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49731"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:48Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()\n\nIn an unlikely (and probably wrong?) case that the \u0027ppi\u0027 parameter of\nata_host_alloc_pinfo() points to an array starting with a NULL pointer,\nthere\u0027s going to be a kernel oops as the \u0027pi\u0027 local variable won\u0027t get\nreassigned from the initial value of NULL. Initialize \u0027pi\u0027 instead to\n\u0027\u0026ata_dummy_port_info\u0027 to fix the possible kernel oops for good...\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE static\nanalysis tool.",
  "id": "GHSA-x8fr-74rg-389v",
  "modified": "2025-03-07T21:31:04Z",
  "published": "2025-03-07T21:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49731"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/07cbdb4807d369fbda73062a91b570c4dc5ec429"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1ac5efee33f29e704226506d429b84575a5d66f8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/253334f84c81bc6a43af489f108c0bddad989eef"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/36cd19e7d4e5571d77a2ed20c5b6ef50cf57734a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a810bd5af06977a847d1f202b22d7defd5c62497"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bf476fe22aa1851bab4728e0c49025a6a0bea307"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ca4693e6e06e4fd2b240c0fec47aa2498c94848e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ff128fbea720bf763fa345680dda5f050bc24a47"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X8RM-M93R-JQP2

Vulnerability from github – Published: 2024-04-05 21:32 – Updated: 2025-06-17 21:31
VLAI
Details

In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27232"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-05T20:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-x8rm-m93r-jqp2",
  "modified": "2025-06-17T21:31:38Z",
  "published": "2024-04-05T21:32:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27232"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X8WR-3XMC-RP7M

Vulnerability from github – Published: 2022-05-14 00:58 – Updated: 2022-05-14 00:58
VLAI
Details

An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-10873"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-05T04:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.",
  "id": "GHSA-x8wr-3xmc-rp7m",
  "modified": "2022-05-14T00:58:03Z",
  "published": "2022-05-14T00:58:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10873"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.freedesktop.org/poppler/poppler/issues/748"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4042-1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/107862"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X8X6-CPP7-M689

Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-10 18:30
VLAI
Details

Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21336"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-10T18:16:31Z",
    "severity": "MODERATE"
  },
  "details": "Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-x8x6-cpp7-m689",
  "modified": "2026-02-10T18:30:42Z",
  "published": "2026-02-10T18:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21336"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb26-19.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X938-FVFW-7JH5

Vulnerability from github – Published: 2022-06-25 07:11 – Updated: 2022-06-25 07:11
VLAI
Summary
CloudCore CSI Driver: Malicious response from KubeEdge can crash CSI Driver controller server
Details

Impact

A malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. An attacker would already need to be an authenticated user of the Cloud, and only when the authenticated user launches the csidriver then CloudCore may be attacked.

Patches

This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue.

Workarounds

At the time of writing, no workaround exists.

References

NA

Credits

Thanks David Korczynski and Adam Korczynski of ADA Logics for responsibly disclosing this issue in accordance with the kubeedge security policy during a security audit sponsored by CNCF and facilitated by OSTIF.

For more information

If you have any questions or comments about this advisory: * Open an issue in KubeEdge repo * To make a vulnerability report, email your vulnerability to the private cncf-kubeedge-security@lists.cncf.io list with the security details and the details expected for KubeEdge bug reports.

Notes: This vulnerability was found by fuzzing KubeEdge by way of OSS-Fuzz.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kubeedge/kubeedge"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.10.0"
            },
            {
              "fixed": "1.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.10.0"
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kubeedge/kubeedge"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31077"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-25T07:11:05Z",
    "nvd_published_at": "2022-06-27T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nA malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. An attacker would already need to be an authenticated user of the Cloud, and only when the authenticated user launches the `csidriver` then CloudCore may be attacked.\n\n### Patches\nThis bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue.\n\n### Workarounds\nAt the time of writing, no workaround exists.\n\n### References\nNA\n\n### Credits\nThanks David Korczynski and Adam Korczynski of ADA Logics for responsibly disclosing this issue in accordance with the [kubeedge security policy](https://github.com/kubeedge/kubeedge/security/policy) during a security audit sponsored by CNCF and facilitated by OSTIF.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [KubeEdge repo](https://github.com/kubeedge/kubeedge/issues/new/choose)\n* To make a vulnerability report, email your vulnerability to the private [cncf-kubeedge-security@lists.cncf.io](mailto:cncf-kubeedge-security@lists.cncf.io) list with the security details and the details expected for [KubeEdge bug reports](https://github.com/kubeedge/kubeedge/blob/master/.github/ISSUE_TEMPLATE/bug-report.md).\n\n**Notes:** This vulnerability was found by fuzzing KubeEdge by way of OSS-Fuzz.",
  "id": "GHSA-x938-fvfw-7jh5",
  "modified": "2022-06-25T07:11:05Z",
  "published": "2022-06-25T07:11:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-x938-fvfw-7jh5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31077"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubeedge/kubeedge/pull/3899"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubeedge/kubeedge/pull/3899/commits/5d60ae9eabd6b6b7afe38758e19bbe8137664701"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kubeedge/kubeedge"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "CloudCore CSI Driver: Malicious response from KubeEdge can crash CSI Driver controller server"
}

GHSA-X954-5GXX-H6V4

Vulnerability from github – Published: 2026-02-10 15:30 – Updated: 2026-02-10 15:30
VLAI
Details

A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-15571"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-404",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-10T15:16:04Z",
    "severity": "MODERATE"
  },
  "details": "A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
  "id": "GHSA-x954-5gxx-h6v4",
  "modified": "2026-02-10T15:30:28Z",
  "published": "2026-02-10T15:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15571"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ckolivas/lrzip/issues/263"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ckolivas/lrzip"
    },
    {
      "type": "WEB",
      "url": "https://github.com/user-attachments/files/21726331/PoC_NPD.zip"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.344931"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.344931"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.752603"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-X95X-W6HQ-MWXC

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2026-05-12 12:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: fix NULL dereference in nfs3svc_encode_getaclres

In error cases the dentry may be NULL.

Before 20798dfe249a, the encoder also checked dentry and d_really_is_positive(dentry), but that looks like overkill to me--zero status should be enough to guarantee a positive dentry.

This isn't the first time we've seen an error-case NULL dereference hidden in the initialization of a local variable in an xdr encoder. But I went back through the other recent rewrites and didn't spot any similar bugs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47316"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:18Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix NULL dereference in nfs3svc_encode_getaclres\n\nIn error cases the dentry may be NULL.\n\nBefore 20798dfe249a, the encoder also checked dentry and\nd_really_is_positive(dentry), but that looks like overkill to me--zero\nstatus should be enough to guarantee a positive dentry.\n\nThis isn\u0027t the first time we\u0027ve seen an error-case NULL dereference\nhidden in the initialization of a local variable in an xdr encoder.  But\nI went back through the other recent rewrites and didn\u0027t spot any\nsimilar bugs.",
  "id": "GHSA-x95x-w6hq-mwxc",
  "modified": "2026-05-12T12:31:52Z",
  "published": "2024-05-21T15:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47316"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/650e6f383a6eb40f7c0a010982a74ab4b6893870"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ab1016d39cc052064e32f25ad18ef8767a0ee3b8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e79057d15d96ef19de4de6d7e479bae3d58a2a8d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X96Q-4PR8-5QM2

Vulnerability from github – Published: 2024-04-03 18:30 – Updated: 2024-11-07 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()

syzbot reported the following NULL pointer dereference issue [1]:

BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] RIP: 0010:0x0 [...] Call Trace: sk_psock_verdict_data_ready+0x232/0x340 net/core/skmsg.c:1230 unix_stream_sendmsg+0x9b4/0x1230 net/unix/af_unix.c:2293 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 _syssendmsg+0x525/0x7d0 net/socket.c:2584 _sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77

If sk_psock_verdict_data_ready() and sk_psock_stop_verdict() are called concurrently, psock->saved_data_ready can be NULL, causing the above issue.

This patch fixes this issue by calling the appropriate data ready function using the sk_psock_data_ready() helper and protecting it from concurrency with sk->sk_callback_lock.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26731"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-03T17:15:50Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()\n\nsyzbot reported the following NULL pointer dereference issue [1]:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000000\n  [...]\n  RIP: 0010:0x0\n  [...]\n  Call Trace:\n   \u003cTASK\u003e\n   sk_psock_verdict_data_ready+0x232/0x340 net/core/skmsg.c:1230\n   unix_stream_sendmsg+0x9b4/0x1230 net/unix/af_unix.c:2293\n   sock_sendmsg_nosec net/socket.c:730 [inline]\n   __sock_sendmsg+0x221/0x270 net/socket.c:745\n   ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n   ___sys_sendmsg net/socket.c:2638 [inline]\n   __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n   do_syscall_64+0xf9/0x240\n   entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\nIf sk_psock_verdict_data_ready() and sk_psock_stop_verdict() are called\nconcurrently, psock-\u003esaved_data_ready can be NULL, causing the above issue.\n\nThis patch fixes this issue by calling the appropriate data ready function\nusing the sk_psock_data_ready() helper and protecting it from concurrency\nwith sk-\u003esk_callback_lock.",
  "id": "GHSA-x96q-4pr8-5qm2",
  "modified": "2024-11-07T00:30:35Z",
  "published": "2024-04-03T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26731"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4588b13abcbd561ec67f5b3c1cb2eff690990a54"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4cd12c6065dfcdeba10f49949bffcf383b3952d8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9b099ed46dcaf1403c531ff02c3d7400fa37fa26"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d61608a4e394f23e0dca099df9eb8e555453d949"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X972-PCGH-84PG

Vulnerability from github – Published: 2026-02-06 09:30 – Updated: 2026-02-06 09:30
VLAI
Details

Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-24929"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-06T09:15:51Z",
    "severity": "MODERATE"
  },
  "details": "Out-of-bounds read vulnerability in the graphics module.\nImpact: Successful exploitation of this vulnerability may affect availability.",
  "id": "GHSA-x972-pcgh-84pg",
  "modified": "2026-02-06T09:30:29Z",
  "published": "2026-02-06T09:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24929"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2026/2"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X97H-4PWX-3C9H

Vulnerability from github – Published: 2025-04-01 18:30 – Updated: 2025-11-03 21:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

caif_virtio: fix wrong pointer check in cfv_probe()

del_vqs() frees virtqueues, therefore cfv->vq_tx pointer should be checked for NULL before calling it, not cfv->vdev. Also the current implementation is redundant because the pointer cfv->vdev is dereferenced before it is checked for NULL.

Fix this by checking cfv->vq_tx for NULL instead of cfv->vdev before calling del_vqs().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21904"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-01T16:15:20Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncaif_virtio: fix wrong pointer check in cfv_probe()\n\ndel_vqs() frees virtqueues, therefore cfv-\u003evq_tx pointer should be checked\nfor NULL before calling it, not cfv-\u003evdev. Also the current implementation\nis redundant because the pointer cfv-\u003evdev is dereferenced before it is\nchecked for NULL.\n\nFix this by checking cfv-\u003evq_tx for NULL instead of cfv-\u003evdev before\ncalling del_vqs().",
  "id": "GHSA-x97h-4pwx-3c9h",
  "modified": "2025-11-03T21:33:20Z",
  "published": "2025-04-01T18:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21904"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/29e0cd296c87240278e2f7ea4cf3f496b60c03af"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/56cddf71cce3b15b078e937fadab29962b6f6643"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/597c27e5f04cb50e56cc9aeda75d3e42b6b89c3e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7b5fe58959822e6cfa884327cabba6be3b01883d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e4e08ca4cc634b337bb74bc9a70758fdeda0bcb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/90d302619ee7ce5ed0c69c29c290bdccfde66418"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/990fff6980d0c1693d60a812f58dbf93eab0473f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a466fd7e9fafd975949e5945e2f70c33a94b1a70"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.