CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-93QW-26XW-P89X
Vulnerability from github – Published: 2026-02-11 15:30 – Updated: 2026-02-12 15:32A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
{
"affected": [],
"aliases": [
"CVE-2025-54146"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-11T13:15:53Z",
"severity": "LOW"
},
"details": "A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nQsync Central 5.0.0.4 ( 2026/01/20 ) and later",
"id": "GHSA-93qw-26xw-p89x",
"modified": "2026-02-12T15:32:42Z",
"published": "2026-02-11T15:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54146"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-26-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-93RV-VRC5-7JX2
Vulnerability from github – Published: 2024-06-21 12:31 – Updated: 2025-01-07 18:30In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Check 'folio' pointer for NULL
It can be NULL if bmap is called.
{
"affected": [],
"aliases": [
"CVE-2024-38625"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-21T11:15:11Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Check \u0027folio\u0027 pointer for NULL\n\nIt can be NULL if bmap is called.",
"id": "GHSA-93rv-vrc5-7jx2",
"modified": "2025-01-07T18:30:43Z",
"published": "2024-06-21T12:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38625"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1cd6c96219c429ebcfa8e79a865277376c563803"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6c8054d590668629bb2eb6fb4cbf22455d08ada8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ff1068929459347f9e47f8d14c409dcf938c2641"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-93XR-JVR5-8X88
Vulnerability from github – Published: 2024-12-19 00:37 – Updated: 2025-01-02 21:31In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before 27ca6ec, there is a NULL pointer dereference in TCPBase::ProcessSingleMessage via TCP packets with zero messageSize, leading to denial of service.
{
"affected": [],
"aliases": [
"CVE-2024-56318"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-18T23:15:18Z",
"severity": "HIGH"
},
"details": "In raw\\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before 27ca6ec, there is a NULL pointer dereference in TCPBase::ProcessSingleMessage via TCP packets with zero messageSize, leading to denial of service.",
"id": "GHSA-93xr-jvr5-8x88",
"modified": "2025-01-02T21:31:41Z",
"published": "2024-12-19T00:37:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56318"
},
{
"type": "WEB",
"url": "https://github.com/project-chip/connectedhomeip/issues/36750"
},
{
"type": "WEB",
"url": "https://github.com/project-chip/connectedhomeip/pull/36751"
},
{
"type": "WEB",
"url": "https://github.com/project-chip/connectedhomeip/commit/27ca6ec255b78168e04bd71e0f1a473869cf144b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9436-JJR2-VC98
Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-12-02 21:31In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
Syzbot reported a null-ptr-deref bug:
ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) ntfs3: loop0: Mark volume as dirty due to NTFS errors general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] RIP: 0010:d_flags_for_inode fs/dcache.c:1980 [inline] RIP: 0010:__d_add+0x5ce/0x800 fs/dcache.c:2796 Call Trace: d_splice_alias+0x122/0x3b0 fs/dcache.c:3191 lookup_open fs/namei.c:3391 [inline] open_last_lookups fs/namei.c:3481 [inline] path_openat+0x10e6/0x2df0 fs/namei.c:3688 do_filp_open+0x264/0x4f0 fs/namei.c:3718 do_sys_openat2+0x124/0x4e0 fs/open.c:1310 do_sys_open fs/open.c:1326 [inline] __do_sys_open fs/open.c:1334 [inline] __se_sys_open fs/open.c:1330 [inline] __x64_sys_open+0x221/0x270 fs/open.c:1330 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd
If the MFT record of ntfs inode is not a base record, inode->i_op can be NULL. And a null-ptr-deref may happen:
ntfs_lookup() dir_search_u() # inode->i_op is set to NULL d_splice_alias() __d_add() d_flags_for_inode() # inode->i_op->get_link null-ptr-deref
Fix this by adding a Check on inode->i_op before calling the d_splice_alias() function.
{
"affected": [],
"aliases": [
"CVE-2023-53294"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-16T08:15:38Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix null-ptr-deref on inode-\u003ei_op in ntfs_lookup()\n\nSyzbot reported a null-ptr-deref bug:\n\nntfs3: loop0: Different NTFS\u0027 sector size (1024) and media sector size\n(512)\nntfs3: loop0: Mark volume as dirty due to NTFS errors\ngeneral protection fault, probably for non-canonical address\n0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nRIP: 0010:d_flags_for_inode fs/dcache.c:1980 [inline]\nRIP: 0010:__d_add+0x5ce/0x800 fs/dcache.c:2796\nCall Trace:\n \u003cTASK\u003e\n d_splice_alias+0x122/0x3b0 fs/dcache.c:3191\n lookup_open fs/namei.c:3391 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x10e6/0x2df0 fs/namei.c:3688\n do_filp_open+0x264/0x4f0 fs/namei.c:3718\n do_sys_openat2+0x124/0x4e0 fs/open.c:1310\n do_sys_open fs/open.c:1326 [inline]\n __do_sys_open fs/open.c:1334 [inline]\n __se_sys_open fs/open.c:1330 [inline]\n __x64_sys_open+0x221/0x270 fs/open.c:1330\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nIf the MFT record of ntfs inode is not a base record, inode-\u003ei_op can be\nNULL. And a null-ptr-deref may happen:\n\nntfs_lookup()\n dir_search_u() # inode-\u003ei_op is set to NULL\n d_splice_alias()\n __d_add()\n d_flags_for_inode() # inode-\u003ei_op-\u003eget_link null-ptr-deref\n\nFix this by adding a Check on inode-\u003ei_op before calling the\nd_splice_alias() function.",
"id": "GHSA-9436-jjr2-vc98",
"modified": "2025-12-02T21:31:26Z",
"published": "2025-09-16T15:32:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53294"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/254e69f284d7270e0abdc023ee53b71401c3ba0c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2ba22cbc6a1cf4b58195adbee0b80262e53992d3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d69d5e2a81df94534bdb468bcdd26060fcb7191a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e78240bc4b94fc42854d65e657bb998100cc8e1b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f8d9e062a695a3665c4635c4f216a75912687598"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9438-9QFW-M4V5
Vulnerability from github – Published: 2026-03-04 15:30 – Updated: 2026-03-17 21:31In the Linux kernel, the following vulnerability has been resolved:
platform/x86: classmate-laptop: Add missing NULL pointer checks
In a few places in the Classmate laptop driver, code using the accel object may run before that object's address is stored in the driver data of the input device using it.
For example, cmpc_accel_sensitivity_store_v4() is the "show" method of cmpc_accel_sensitivity_attr_v4 which is added in cmpc_accel_add_v4(), before calling dev_set_drvdata() for inputdev->dev. If the sysfs attribute is accessed prematurely, the dev_get_drvdata(&inputdev->dev) call in in cmpc_accel_sensitivity_store_v4() returns NULL which leads to a NULL pointer dereference going forward.
Moreover, sysfs attributes using the input device are added before initializing that device by cmpc_add_acpi_notify_device() and if one of them is accessed before running that function, a NULL pointer dereference will occur.
For example, cmpc_accel_sensitivity_attr_v4 is added before calling cmpc_add_acpi_notify_device() and if it is read prematurely, the dev_get_drvdata(&acpi->dev) call in cmpc_accel_sensitivity_show_v4() returns NULL which leads to a NULL pointer dereference going forward.
Fix this by adding NULL pointer checks in all of the relevant places.
{
"affected": [],
"aliases": [
"CVE-2026-23237"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-04T15:16:14Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: classmate-laptop: Add missing NULL pointer checks\n\nIn a few places in the Classmate laptop driver, code using the accel\nobject may run before that object\u0027s address is stored in the driver\ndata of the input device using it.\n\nFor example, cmpc_accel_sensitivity_store_v4() is the \"show\" method\nof cmpc_accel_sensitivity_attr_v4 which is added in cmpc_accel_add_v4(),\nbefore calling dev_set_drvdata() for inputdev-\u003edev. If the sysfs\nattribute is accessed prematurely, the dev_get_drvdata(\u0026inputdev-\u003edev)\ncall in in cmpc_accel_sensitivity_store_v4() returns NULL which\nleads to a NULL pointer dereference going forward.\n\nMoreover, sysfs attributes using the input device are added before\ninitializing that device by cmpc_add_acpi_notify_device() and if one\nof them is accessed before running that function, a NULL pointer\ndereference will occur.\n\nFor example, cmpc_accel_sensitivity_attr_v4 is added before calling\ncmpc_add_acpi_notify_device() and if it is read prematurely, the\ndev_get_drvdata(\u0026acpi-\u003edev) call in cmpc_accel_sensitivity_show_v4()\nreturns NULL which leads to a NULL pointer dereference going forward.\n\nFix this by adding NULL pointer checks in all of the relevant places.",
"id": "GHSA-9438-9qfw-m4v5",
"modified": "2026-03-17T21:31:42Z",
"published": "2026-03-04T15:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23237"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/97528b1622b8f129574d29a571c32a3c85eafa3c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/993708fc18d0d0919db438361b4e8c1f980a8d1b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9cf4b9b8ad09d6e05307abc4e951cabdff4be652"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/af673209d43b46257540997aba042b90ef3258c0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/da6e06a5fdbabea3870d18c227734b5dea5b3be6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eb214804f03c829decf10998e9b7dd26f4c8ab9e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fe747d7112283f47169e9c16e751179a9b38611e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9438-QF7W-49RG
Vulnerability from github – Published: 2026-01-26 06:30 – Updated: 2026-02-23 09:31A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: f96bd57c3ccdcde4335a0be28cd3e8fe296993de. Applying a patch is the recommended action to fix this issue.
{
"affected": [],
"aliases": [
"CVE-2026-1417"
],
"database_specific": {
"cwe_ids": [
"CWE-404",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-26T04:16:10Z",
"severity": "MODERATE"
},
"details": "A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: f96bd57c3ccdcde4335a0be28cd3e8fe296993de. Applying a patch is the recommended action to fix this issue.",
"id": "GHSA-9438-qf7w-49rg",
"modified": "2026-02-23T09:31:22Z",
"published": "2026-01-26T06:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1417"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/3426"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/3426#issue-3802172856"
},
{
"type": "WEB",
"url": "https://github.com/enocknt/gpac/commit/f96bd57c3ccdcde4335a0be28cd3e8fe296993de"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.342806"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.342806"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.736543"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-947X-M4F9-3H48
Vulnerability from github – Published: 2026-01-20 21:31 – Updated: 2026-01-21 15:31A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server.
{
"affected": [],
"aliases": [
"CVE-2025-63648"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-20T21:16:04Z",
"severity": "HIGH"
},
"details": "A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server.",
"id": "GHSA-947x-m4f9-3h48",
"modified": "2026-01-21T15:31:15Z",
"published": "2026-01-20T21:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63648"
},
{
"type": "WEB",
"url": "https://github.com/owntone/owntone-server/issues/1933"
},
{
"type": "WEB",
"url": "https://github.com/owntone/owntone-server/commit/5f526c7a7e08c567a5c72421d74a79dafdd07621"
},
{
"type": "WEB",
"url": "https://github.com/archersec/security-advisories/blob/master/owntone-server/owntone-server-advisory-2025.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9483-PCVR-WJ53
Vulnerability from github – Published: 2026-05-12 12:32 – Updated: 2026-05-12 12:32The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause denial of service condition. A manual restart is required to recover the system.
{
"affected": [],
"aliases": [
"CVE-2025-40833"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-12T10:16:41Z",
"severity": "HIGH"
},
"details": "The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause denial of service condition. A manual restart is required to recover the system.",
"id": "GHSA-9483-pcvr-wj53",
"modified": "2026-05-12T12:32:13Z",
"published": "2026-05-12T12:32:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40833"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-392349.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-949X-GVHG-PGGC
Vulnerability from github – Published: 2026-02-04 18:30 – Updated: 2026-03-13 21:31In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_ife: avoid possible NULL deref
tcf_ife_encode() must make sure ife_encode() does not return NULL.
syzbot reported:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:ife_tlv_meta_encode+0x41/0xa0 net/ife/ife.c:166 CPU: 3 UID: 0 PID: 8990 Comm: syz.0.696 Not tainted syzkaller #0 PREEMPT(full) Call Trace: ife_encode_meta_u32+0x153/0x180 net/sched/act_ife.c:101 tcf_ife_encode net/sched/act_ife.c:841 [inline] tcf_ife_act+0x1022/0x1de0 net/sched/act_ife.c:877 tc_act include/net/tc_wrapper.h:130 [inline] tcf_action_exec+0x1c0/0xa20 net/sched/act_api.c:1152 tcf_exts_exec include/net/pkt_cls.h:349 [inline] mall_classify+0x1a0/0x2a0 net/sched/cls_matchall.c:42 tc_classify include/net/tc_wrapper.h:197 [inline] __tcf_classify net/sched/cls_api.c:1764 [inline] tcf_classify+0x7f2/0x1380 net/sched/cls_api.c:1860 multiq_classify net/sched/sch_multiq.c:39 [inline] multiq_enqueue+0xe0/0x510 net/sched/sch_multiq.c:66 dev_qdisc_enqueue+0x45/0x250 net/core/dev.c:4147 __dev_xmit_skb net/core/dev.c:4262 [inline] __dev_queue_xmit+0x2998/0x46c0 net/core/dev.c:4798
{
"affected": [],
"aliases": [
"CVE-2026-23064"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-04T17:16:17Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_ife: avoid possible NULL deref\n\ntcf_ife_encode() must make sure ife_encode() does not return NULL.\n\nsyzbot reported:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n RIP: 0010:ife_tlv_meta_encode+0x41/0xa0 net/ife/ife.c:166\nCPU: 3 UID: 0 PID: 8990 Comm: syz.0.696 Not tainted syzkaller #0 PREEMPT(full)\nCall Trace:\n \u003cTASK\u003e\n ife_encode_meta_u32+0x153/0x180 net/sched/act_ife.c:101\n tcf_ife_encode net/sched/act_ife.c:841 [inline]\n tcf_ife_act+0x1022/0x1de0 net/sched/act_ife.c:877\n tc_act include/net/tc_wrapper.h:130 [inline]\n tcf_action_exec+0x1c0/0xa20 net/sched/act_api.c:1152\n tcf_exts_exec include/net/pkt_cls.h:349 [inline]\n mall_classify+0x1a0/0x2a0 net/sched/cls_matchall.c:42\n tc_classify include/net/tc_wrapper.h:197 [inline]\n __tcf_classify net/sched/cls_api.c:1764 [inline]\n tcf_classify+0x7f2/0x1380 net/sched/cls_api.c:1860\n multiq_classify net/sched/sch_multiq.c:39 [inline]\n multiq_enqueue+0xe0/0x510 net/sched/sch_multiq.c:66\n dev_qdisc_enqueue+0x45/0x250 net/core/dev.c:4147\n __dev_xmit_skb net/core/dev.c:4262 [inline]\n __dev_queue_xmit+0x2998/0x46c0 net/core/dev.c:4798",
"id": "GHSA-949x-gvhg-pggc",
"modified": "2026-03-13T21:31:40Z",
"published": "2026-02-04T18:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23064"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/03710cebfc0bcfe247a9e04381e79ea33896e278"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1440d749fe49c8665da6f744323b1671d25a56a0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/27880b0b0d35ad1c98863d09788254e36f874968"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/374915dfc932adf57712df3be010667fd1190e3c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4ef2c77851676b7ed106f0c47755bee9eeec9a40"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6c75fed55080014545f262b7055081cec4768b20"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dd9442aedbeae87c44cc64c0ee41abd296dc008b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-94CH-6CFH-XXGC
Vulnerability from github – Published: 2024-08-30 18:30 – Updated: 2024-11-12 18:30A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.
{
"affected": [],
"aliases": [
"CVE-2024-8235"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-30T17:15:15Z",
"severity": "MODERATE"
},
"details": "A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.",
"id": "GHSA-94ch-6cfh-xxgc",
"modified": "2024-11-12T18:30:50Z",
"published": "2024-08-30T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8235"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:9128"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-8235"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308680"
},
{
"type": "WEB",
"url": "https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/X6WOVCL6QF3FQRFIIXL736RFZVSUWLWJ"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.