CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-96W6-XC3M-H7GP
Vulnerability from github – Published: 2024-04-30 21:30 – Updated: 2024-11-20 18:32In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.
{
"affected": [],
"aliases": [
"CVE-2024-34088"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-30T19:15:23Z",
"severity": "HIGH"
},
"details": "In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.",
"id": "GHSA-96w6-xc3m-h7gp",
"modified": "2024-11-20T18:32:14Z",
"published": "2024-04-30T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34088"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/pull/15674/commits/34d704fb0ea60dc5063af477a2c11d4884984d4f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-972P-CF2J-J59M
Vulnerability from github – Published: 2025-03-17 18:31 – Updated: 2025-03-17 18:31In the Linux kernel, the following vulnerability has been resolved:
drm/msm/disp/dpu1: avoid clearing hw interrupts if hw_intr is null during drm uninit
If edp modeset init is failed due to panel being not ready and probe defers during drm bind, avoid clearing irqs and dereference hw_intr when hw_intr is null.
BUG: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Call trace: dpu_core_irq_uninstall+0x50/0xb0 dpu_irq_uninstall+0x18/0x24 msm_drm_uninit+0xd8/0x16c msm_drm_bind+0x580/0x5fc try_to_bring_up_master+0x168/0x1c0 __component_add+0xb4/0x178 component_add+0x1c/0x28 dp_display_probe+0x38c/0x400 platform_probe+0xb0/0xd0 really_probe+0xcc/0x2c8 __driver_probe_device+0xbc/0xe8 driver_probe_device+0x48/0xf0 __device_attach_driver+0xa0/0xc8 bus_for_each_drv+0x8c/0xd8 __device_attach+0xc4/0x150 device_initial_probe+0x1c/0x28
Changes in V2: - Update commit message and coreect fixes tag.
Patchwork: https://patchwork.freedesktop.org/patch/484430/
{
"affected": [],
"aliases": [
"CVE-2022-49483"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/disp/dpu1: avoid clearing hw interrupts if hw_intr is null during drm uninit\n\nIf edp modeset init is failed due to panel being not ready and\nprobe defers during drm bind, avoid clearing irqs and dereference\nhw_intr when hw_intr is null.\n\nBUG: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n\nCall trace:\n dpu_core_irq_uninstall+0x50/0xb0\n dpu_irq_uninstall+0x18/0x24\n msm_drm_uninit+0xd8/0x16c\n msm_drm_bind+0x580/0x5fc\n try_to_bring_up_master+0x168/0x1c0\n __component_add+0xb4/0x178\n component_add+0x1c/0x28\n dp_display_probe+0x38c/0x400\n platform_probe+0xb0/0xd0\n really_probe+0xcc/0x2c8\n __driver_probe_device+0xbc/0xe8\n driver_probe_device+0x48/0xf0\n __device_attach_driver+0xa0/0xc8\n bus_for_each_drv+0x8c/0xd8\n __device_attach+0xc4/0x150\n device_initial_probe+0x1c/0x28\n\nChanges in V2:\n- Update commit message and coreect fixes tag.\n\nPatchwork: https://patchwork.freedesktop.org/patch/484430/",
"id": "GHSA-972p-cf2j-j59m",
"modified": "2025-03-17T18:31:50Z",
"published": "2025-03-17T18:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49483"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/01013ba9bbddc62f7d011163cebfd7ed06bb698b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7ca30c3a8b2e8bda65f2b922d382ac056be8aa4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a800701429313149afde18d98821554fbfcb3164"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-973H-X7W2-JGPX
Vulnerability from github – Published: 2024-05-01 15:30 – Updated: 2024-11-07 18:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()'
In the first if statement, we're checking if 'replay' is NULL. But in the second if statement, we're not checking if 'replay' is NULL again before calling replay->funcs->replay_set_power_opt().
if (replay == NULL && force_static) return false;
...
if (link->replay_settings.replay_feature_enabled && replay->funcs->replay_set_power_opt) { replay->funcs->replay_set_power_opt(replay, power_opts, panel_inst); link->replay_settings.replay_power_opt_active = power_opts; }
If 'replay' is NULL, this will cause a null pointer dereference.
Fixes the below found by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:895 edp_set_replay_allow_active() error: we previously assumed 'replay' could be null (see line 887)
{
"affected": [],
"aliases": [
"CVE-2024-27040"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T13:15:49Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add \u0027replay\u0027 NULL check in \u0027edp_set_replay_allow_active()\u0027\n\nIn the first if statement, we\u0027re checking if \u0027replay\u0027 is NULL. But in\nthe second if statement, we\u0027re not checking if \u0027replay\u0027 is NULL again\nbefore calling replay-\u003efuncs-\u003ereplay_set_power_opt().\n\nif (replay == NULL \u0026\u0026 force_static)\n return false;\n\n...\n\nif (link-\u003ereplay_settings.replay_feature_enabled \u0026\u0026\n replay-\u003efuncs-\u003ereplay_set_power_opt) {\n\treplay-\u003efuncs-\u003ereplay_set_power_opt(replay, *power_opts, panel_inst);\n\tlink-\u003ereplay_settings.replay_power_opt_active = *power_opts;\n}\n\nIf \u0027replay\u0027 is NULL, this will cause a null pointer dereference.\n\nFixes the below found by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:895 edp_set_replay_allow_active() error: we previously assumed \u0027replay\u0027 could be null (see line 887)",
"id": "GHSA-973h-x7w2-jgpx",
"modified": "2024-11-07T18:31:20Z",
"published": "2024-05-01T15:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27040"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d0e94f4807ff0df66cf447d6b4bbb8ac830e99c3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e7cadd5d3a8ffe334d0229ba9eda4290138d56e7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f610c46771ef1047e46d61807aa7c69cd29e63d8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f6aed043ee5d75b3d1bfc452b1a9584b63c8f76b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9752-MQ4C-65H9
Vulnerability from github – Published: 2023-11-17 06:31 – Updated: 2024-06-20 18:34An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition).
{
"affected": [],
"aliases": [
"CVE-2023-38314"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-17T06:15:33Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition).",
"id": "GHSA-9752-mq4c-65h9",
"modified": "2024-06-20T18:34:06Z",
"published": "2023-11-17T06:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38314"
},
{
"type": "WEB",
"url": "https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80"
},
{
"type": "WEB",
"url": "https://github.com/openNDS/openNDS/releases/tag/v10.1.2"
},
{
"type": "WEB",
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9768-8435-CHR8
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.
{
"affected": [],
"aliases": [
"CVE-2021-26927"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-23T20:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.",
"id": "GHSA-9768-8435-chr8",
"modified": "2022-05-24T17:42:56Z",
"published": "2022-05-24T17:42:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26927"
},
{
"type": "WEB",
"url": "https://github.com/jasper-software/jasper/issues/265"
},
{
"type": "WEB",
"url": "https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSXESYUHMO522Z3RHXOQ2SJNWP3XTO67"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYVCFVTVPL66OS7LCNLUSYCMYQAVWXMM"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRZFZSJ4UVLLMXSKHR455TAC2SD3TOHI"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9774-4J5Q-WHVJ
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-05-24 19:04OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field.
{
"affected": [],
"aliases": [
"CVE-2021-34555"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-10T15:15:00Z",
"severity": "HIGH"
},
"details": "OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field.",
"id": "GHSA-9774-4j5q-whvj",
"modified": "2022-05-24T19:04:52Z",
"published": "2022-05-24T19:04:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34555"
},
{
"type": "WEB",
"url": "https://github.com/trusteddomainproject/OpenDMARC/issues/179"
},
{
"type": "WEB",
"url": "https://github.com/trusteddomainproject/OpenDMARC/pull/178"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MAT4ZSWPQ5SUTMYCXRXI5SMTWL4AG7E"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZHZD4WZDYRBB2XVW2EQ4DQ2KYMAGPUO"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-979R-3H3G-55RP
Vulnerability from github – Published: 2022-05-01 01:51 – Updated: 2023-12-28 15:30VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status" value, which triggers a null dereference.
{
"affected": [],
"aliases": [
"CVE-2005-0772"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2005-06-28T04:00:00Z",
"severity": "MODERATE"
},
"details": "VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) \"Error Status\" value, which triggers a null dereference.",
"id": "GHSA-979r-3h3g-55rp",
"modified": "2023-12-28T15:30:17Z",
"published": "2022-05-01T01:51:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0772"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/15789"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1014273"
},
{
"type": "WEB",
"url": "http://seer.support.veritas.com/docs/276533.htm"
},
{
"type": "WEB",
"url": "http://seer.support.veritas.com/docs/277485.htm"
},
{
"type": "WEB",
"url": "http://www.idefense.com/application/poi/display?id=270\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"type": "WEB",
"url": "http://www.idefense.com/application/poi/display?id=271\u0026type=vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-97C5-PRQJ-77GQ
Vulnerability from github – Published: 2024-07-16 15:30 – Updated: 2024-07-23 15:31In the Linux kernel, the following vulnerability has been resolved:
tipc: fix kernel panic when enabling bearer
When enabling a bearer on a node, a kernel panic is observed:
[ 4.498085] RIP: 0010:tipc_mon_prep+0x4e/0x130 [tipc] ... [ 4.520030] Call Trace: [ 4.520689] [ 4.521236] tipc_link_build_proto_msg+0x375/0x750 [tipc] [ 4.522654] tipc_link_build_state_msg+0x48/0xc0 [tipc] [ 4.524034] __tipc_node_link_up+0xd7/0x290 [tipc] [ 4.525292] tipc_rcv+0x5da/0x730 [tipc] [ 4.526346] ? __netif_receive_skb_core+0xb7/0xfc0 [ 4.527601] tipc_l2_rcv_msg+0x5e/0x90 [tipc] [ 4.528737] __netif_receive_skb_list_core+0x20b/0x260 [ 4.530068] netif_receive_skb_list_internal+0x1bf/0x2e0 [ 4.531450] ? dev_gro_receive+0x4c2/0x680 [ 4.532512] napi_complete_done+0x6f/0x180 [ 4.533570] virtnet_poll+0x29c/0x42e [virtio_net] ...
The node in question is receiving activate messages in another thread after changing bearer status to allow message sending/ receiving in current thread:
thread 1 | thread 2
-------- | --------
|
tipc_enable_bearer() | test_and_set_bit_lock() | tipc_bearer_xmit_skb() | | tipc_l2_rcv_msg() | tipc_rcv() | __tipc_node_link_up() | tipc_link_build_state_msg() | tipc_link_build_proto_msg() | tipc_mon_prep() | { | ... | // null-pointer dereference | u16 gen = mon->dom_gen; | ... | } // Not being executed yet | tipc_mon_create() | { | ... | // allocate | mon = kzalloc(); | ... | } |
Monitoring pointer in thread 2 is dereferenced before monitoring data is allocated in thread 1. This causes kernel panic.
This commit fixes it by allocating the monitoring data before enabling the bearer to receive messages.
{
"affected": [],
"aliases": [
"CVE-2022-48865"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-16T13:15:13Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix kernel panic when enabling bearer\n\nWhen enabling a bearer on a node, a kernel panic is observed:\n\n[ 4.498085] RIP: 0010:tipc_mon_prep+0x4e/0x130 [tipc]\n...\n[ 4.520030] Call Trace:\n[ 4.520689] \u003cIRQ\u003e\n[ 4.521236] tipc_link_build_proto_msg+0x375/0x750 [tipc]\n[ 4.522654] tipc_link_build_state_msg+0x48/0xc0 [tipc]\n[ 4.524034] __tipc_node_link_up+0xd7/0x290 [tipc]\n[ 4.525292] tipc_rcv+0x5da/0x730 [tipc]\n[ 4.526346] ? __netif_receive_skb_core+0xb7/0xfc0\n[ 4.527601] tipc_l2_rcv_msg+0x5e/0x90 [tipc]\n[ 4.528737] __netif_receive_skb_list_core+0x20b/0x260\n[ 4.530068] netif_receive_skb_list_internal+0x1bf/0x2e0\n[ 4.531450] ? dev_gro_receive+0x4c2/0x680\n[ 4.532512] napi_complete_done+0x6f/0x180\n[ 4.533570] virtnet_poll+0x29c/0x42e [virtio_net]\n...\n\nThe node in question is receiving activate messages in another\nthread after changing bearer status to allow message sending/\nreceiving in current thread:\n\n thread 1 | thread 2\n -------- | --------\n |\ntipc_enable_bearer() |\n test_and_set_bit_lock() |\n tipc_bearer_xmit_skb() |\n | tipc_l2_rcv_msg()\n | tipc_rcv()\n | __tipc_node_link_up()\n | tipc_link_build_state_msg()\n | tipc_link_build_proto_msg()\n | tipc_mon_prep()\n | {\n | ...\n | // null-pointer dereference\n | u16 gen = mon-\u003edom_gen;\n | ...\n | }\n // Not being executed yet |\n tipc_mon_create() |\n { |\n ... |\n // allocate |\n mon = kzalloc(); |\n ... |\n } |\n\nMonitoring pointer in thread 2 is dereferenced before monitoring data\nis allocated in thread 1. This causes kernel panic.\n\nThis commit fixes it by allocating the monitoring data before enabling\nthe bearer to receive messages.",
"id": "GHSA-97c5-prqj-77gq",
"modified": "2024-07-23T15:31:08Z",
"published": "2024-07-16T15:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48865"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2de76d37d4a6dca9b96ea51da24d4290e6cfa1a5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/be4977b847f5d5cedb64d50eaaf2218c3a55a3a3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f4f59fdbc748805b08c13dae14c01f0518c77c94"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f96dc3adb9a97b8f3dfdb88796483491a3006b71"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-97CF-H8MH-89RG
Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2025-01-06 21:30In the Linux kernel, the following vulnerability has been resolved:
clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data
Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2023-52876"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T16:15:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data\n\nAdd the check for the return value of mtk_alloc_clk_data() in order to\navoid NULL pointer dereference.",
"id": "GHSA-97cf-h8mh-89rg",
"modified": "2025-01-06T21:30:49Z",
"published": "2024-05-21T18:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52876"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0884393c63cc9a1772f7121a6645ba7bd76feeb9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1639072f6260babd017556e9f236ca2ad589d1e7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/96e9544a0c4faca616b3f9f4034dcd83a14e7f22"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a540ca0aeae83c2f3964bcb4e383f64ce2ec1783"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b20cfe007a46f8c165d42a05c50a8d3d893e6592"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c4070ada5d5155c8d4d17ea64bd246949889f25b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cfa68e0ac5dcde43577adadf6f0f26f3b365ad68"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-97CW-X85W-V9JC
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
{
"affected": [],
"aliases": [
"CVE-2018-1130"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-10T13:29:00Z",
"severity": "MODERATE"
},
"details": "Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.",
"id": "GHSA-97cw-x85w-v9jc",
"modified": "2022-05-13T01:33:30Z",
"published": "2022-05-13T01:33:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1130"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3698-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3698-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3697-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3697-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3656-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3654-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3654-1"
},
{
"type": "WEB",
"url": "https://syzkaller.appspot.com/bug?id=833568de043e0909b2aeaef7be136db39d21ba94"
},
{
"type": "WEB",
"url": "https://marc.info/?l=linux-netdev\u0026m=152036596825220\u0026w=2"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f93df79aeefc3add4e4b31a752600f834236e2"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1130"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.