CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-9CV2-CFXC-V4V2
Vulnerability from github – Published: 2026-06-19 16:36 – Updated: 2026-06-19 16:36Summary
Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This caused a NULL pointer dereference that could crash the process.
Nokogiri 1.19.4 checks for missing native data pointers and raises a RuntimeError.
JRuby is not affected.
Severity
The Nokogiri maintainers have evaluated this as low severity. This is only triggered by a programming error. It requires application code to call .allocate directly on a native-backed class and then invoke methods on the resulting uninitialized object. It cannot be triggered by untrusted input or through normal use of the public API.
Mitigation
Upgrade to Nokogiri 1.19.4 or later.
Avoid calling .allocate directly on Nokogiri native-backed classes. Use the documented constructors and factory methods instead.
Credit
This issue was responsibly reported by Zheng Yu from depthfirst.com.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "nokogiri"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-19T16:36:23Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "### Summary\n\nNokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper classes that inherit from `Nokogiri::XML::Node`. This caused a NULL pointer dereference that could crash the process.\n\nNokogiri 1.19.4 checks for missing native data pointers and raises a `RuntimeError`.\n\nJRuby is not affected.\n\n### Severity\n\nThe Nokogiri maintainers have evaluated this as low severity. This is only triggered by a programming error. It requires application code to call `.allocate` directly on a native-backed class and then invoke methods on the resulting uninitialized object. It cannot be triggered by untrusted input or through normal use of the public API.\n\n### Mitigation\n\nUpgrade to Nokogiri 1.19.4 or later.\n\nAvoid calling `.allocate` directly on Nokogiri native-backed classes. Use the documented constructors and factory methods instead.\n\n### Credit\n\nThis issue was responsibly reported by Zheng Yu from depthfirst.com.",
"id": "GHSA-9cv2-cfxc-v4v2",
"modified": "2026-06-19T16:36:23Z",
"published": "2026-06-19T16:36:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-9cv2-cfxc-v4v2"
},
{
"type": "PACKAGE",
"url": "https://github.com/sparklemotion/nokogiri"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes"
}
GHSA-9CV9-84QQ-79G4
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-10 21:30In the Linux kernel, the following vulnerability has been resolved:
ata: libata-transport: fix error handling in ata_tport_add()
In ata_tport_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because transport_remove_device() is called to remove the device that was not added.
Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 12 PID: 13605 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #8 pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : device_del+0x48/0x39c lr : device_del+0x44/0x39c Call trace: device_del+0x48/0x39c attribute_container_class_device_del+0x28/0x40 transport_remove_classdev+0x60/0x7c attribute_container_device_trigger+0x118/0x120 transport_remove_device+0x20/0x30 ata_tport_delete+0x34/0x60 [libata] ata_port_detach+0x148/0x1b0 [libata] ata_pci_remove_one+0x50/0x80 [libata] ahci_remove_one+0x4c/0x8c [ahci]
Fix this by checking and handling return value of transport_add_device() in ata_tport_add().
{
"affected": [],
"aliases": [
"CVE-2022-49825"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T15:16:05Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix error handling in ata_tport_add()\n\nIn ata_tport_add(), the return value of transport_add_device() is\nnot checked. As a result, it causes null-ptr-deref while removing\nthe module, because transport_remove_device() is called to remove\nthe device that was not added.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\nCPU: 12 PID: 13605 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #8\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : device_del+0x48/0x39c\nlr : device_del+0x44/0x39c\nCall trace:\n device_del+0x48/0x39c\n attribute_container_class_device_del+0x28/0x40\n transport_remove_classdev+0x60/0x7c\n attribute_container_device_trigger+0x118/0x120\n transport_remove_device+0x20/0x30\n ata_tport_delete+0x34/0x60 [libata]\n ata_port_detach+0x148/0x1b0 [libata]\n ata_pci_remove_one+0x50/0x80 [libata]\n ahci_remove_one+0x4c/0x8c [ahci]\n\nFix this by checking and handling return value of transport_add_device()\nin ata_tport_add().",
"id": "GHSA-9cv9-84qq-79g4",
"modified": "2025-11-10T21:30:27Z",
"published": "2025-05-01T15:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49825"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3613dbe3909dcc637fe6be00e4dc43b4aa0470ee"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/52d9bb0adae9359711a0c5271430afd3754069e7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b5362dc1634d8b8d5f30920f33ac11a3276b7ed9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e7bb1b7a7bf26f6b7372b7b683daece4a42fda02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9CW6-8XH8-4JGV
Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2018-15931"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-12T18:29:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.",
"id": "GHSA-9cw6-8xh8-4jgv",
"modified": "2022-05-13T01:28:07Z",
"published": "2022-05-13T01:28:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15931"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
},
{
"type": "WEB",
"url": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105442"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041809"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9CWW-Q563-GV3C
Vulnerability from github – Published: 2024-09-27 15:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/amdgpu: Check tbo resource pointer
Validate tbo resource pointer, skip if NULL
{
"affected": [],
"aliases": [
"CVE-2024-46807"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-27T13:15:13Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Check tbo resource pointer\n\nValidate tbo resource pointer, skip if NULL",
"id": "GHSA-9cww-q563-gv3c",
"modified": "2025-11-04T00:31:30Z",
"published": "2024-09-27T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46807"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2be1eb6304d9623ba21dd6f3e68ffb753a759635"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4dfec5f5501a27e0a0da00e136d65ef9011ded4c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6cd2b872643bb29bba01a8ac739138db7bd79007"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e55e3904ffeaff81715256a711b1a61f4ad5258a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e8765364d4f3aaf88c7abe0a4fc99089d059ab49"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9F29-4G2W-7QFF
Vulnerability from github – Published: 2022-05-17 00:35 – Updated: 2025-04-20 03:46scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.
{
"affected": [],
"aliases": [
"CVE-2017-14940"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-30T01:29:00Z",
"severity": "MODERATE"
},
"details": "scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.",
"id": "GHSA-9f29-4g2w-7qff",
"modified": "2025-04-20T03:46:06Z",
"published": "2022-05-17T00:35:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14940"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22166"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=0d76029f92182c3682d8be2c833d45bc9a2068fe"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d76029f92182c3682d8be2c833d45bc9a2068fe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9F58-Q6J7-M5VV
Vulnerability from github – Published: 2025-03-06 18:31 – Updated: 2025-03-25 15:31In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dpu: check dpu_plane_atomic_print_state() for valid sspp
Similar to the r_pipe sspp protect, add a check to protect the pipe state prints to avoid NULL ptr dereference for cases when the state is dumped without a corresponding atomic_check() where the pipe->sspp is assigned.
Patchwork: https://patchwork.freedesktop.org/patch/628404/
{
"affected": [],
"aliases": [
"CVE-2024-58073"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-06T16:15:53Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: check dpu_plane_atomic_print_state() for valid sspp\n\nSimilar to the r_pipe sspp protect, add a check to protect\nthe pipe state prints to avoid NULL ptr dereference for cases when\nthe state is dumped without a corresponding atomic_check() where the\npipe-\u003esspp is assigned.\n\nPatchwork: https://patchwork.freedesktop.org/patch/628404/",
"id": "GHSA-9f58-q6j7-m5vv",
"modified": "2025-03-25T15:31:22Z",
"published": "2025-03-06T18:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58073"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/008af2074e4b91d34440102501b710c235a3b245"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/789384eb1437aed94155dc0eac8a8a6ba1baf578"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9F8P-M62J-44X8
Vulnerability from github – Published: 2025-04-08 21:31 – Updated: 2025-04-08 21:31Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-30301"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T19:15:50Z",
"severity": "MODERATE"
},
"details": "Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-9f8p-m62j-44x8",
"modified": "2025-04-08T21:31:39Z",
"published": "2025-04-08T21:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30301"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/framemaker/apsb25-33.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9F9G-3975-X384
Vulnerability from github – Published: 2025-09-16 18:31 – Updated: 2025-12-02 00:31In the Linux kernel, the following vulnerability has been resolved:
ext4: fix null-ptr-deref in ext4_write_info
I caught a null-ptr-deref bug as follows:
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339 RIP: 0010:ext4_write_info+0x53/0x1b0 [...] Call Trace: dquot_writeback_dquots+0x341/0x9a0 ext4_sync_fs+0x19e/0x800 __sync_filesystem+0x83/0x100 sync_filesystem+0x89/0xf0 generic_shutdown_super+0x79/0x3e0 kill_block_super+0xa1/0x110 deactivate_locked_super+0xac/0x130 deactivate_super+0xb6/0xd0 cleanup_mnt+0x289/0x400 __cleanup_mnt+0x16/0x20 task_work_run+0x11c/0x1c0 exit_to_user_mode_prepare+0x203/0x210 syscall_exit_to_user_mode+0x5b/0x3a0 do_syscall_64+0x59/0x70 entry_SYSCALL_64_after_hwframe+0x44/0xa9 ==================================================================
Above issue may happen as follows:
exit_to_user_mode_prepare task_work_run __cleanup_mnt cleanup_mnt deactivate_super deactivate_locked_super kill_block_super generic_shutdown_super shrink_dcache_for_umount dentry = sb->s_root sb->s_root = NULL <--- Here set NULL sync_filesystem __sync_filesystem sb->s_op->sync_fs > ext4_sync_fs dquot_writeback_dquots sb->dq_op->write_info > ext4_write_info ext4_journal_start(d_inode(sb->s_root), EXT4_HT_QUOTA, 2) d_inode(sb->s_root) s_root->d_inode <--- Null pointer dereference
To solve this problem, we use ext4_journal_start_sb directly to avoid s_root being used.
{
"affected": [],
"aliases": [
"CVE-2022-50344"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-16T17:15:34Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix null-ptr-deref in ext4_write_info\n\nI caught a null-ptr-deref bug as follows:\n==================================================================\nKASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]\nCPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339\nRIP: 0010:ext4_write_info+0x53/0x1b0\n[...]\nCall Trace:\n dquot_writeback_dquots+0x341/0x9a0\n ext4_sync_fs+0x19e/0x800\n __sync_filesystem+0x83/0x100\n sync_filesystem+0x89/0xf0\n generic_shutdown_super+0x79/0x3e0\n kill_block_super+0xa1/0x110\n deactivate_locked_super+0xac/0x130\n deactivate_super+0xb6/0xd0\n cleanup_mnt+0x289/0x400\n __cleanup_mnt+0x16/0x20\n task_work_run+0x11c/0x1c0\n exit_to_user_mode_prepare+0x203/0x210\n syscall_exit_to_user_mode+0x5b/0x3a0\n do_syscall_64+0x59/0x70\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n ==================================================================\n\nAbove issue may happen as follows:\n-------------------------------------\nexit_to_user_mode_prepare\n task_work_run\n __cleanup_mnt\n cleanup_mnt\n deactivate_super\n deactivate_locked_super\n kill_block_super\n generic_shutdown_super\n shrink_dcache_for_umount\n dentry = sb-\u003es_root\n sb-\u003es_root = NULL \u003c--- Here set NULL\n sync_filesystem\n __sync_filesystem\n sb-\u003es_op-\u003esync_fs \u003e ext4_sync_fs\n dquot_writeback_dquots\n sb-\u003edq_op-\u003ewrite_info \u003e ext4_write_info\n ext4_journal_start(d_inode(sb-\u003es_root), EXT4_HT_QUOTA, 2)\n d_inode(sb-\u003es_root)\n s_root-\u003ed_inode \u003c--- Null pointer dereference\n\nTo solve this problem, we use ext4_journal_start_sb directly\nto avoid s_root being used.",
"id": "GHSA-9f9g-3975-x384",
"modified": "2025-12-02T00:31:10Z",
"published": "2025-09-16T18:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50344"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3638aa1c7d87c0ca0aef23cf58cae2c48e7daca4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4a657319cfabd6199fd0b7b65bbebf6ded7a11c1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/533c60a0b97cee5daab376933f486207e6680fb7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/947264e00c46de19a016fd81218118c708fed2f3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bb420e8afc854d2a1caaa23a0c129839acfb7888"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dc451578446afd03c0c21913993c08898a691435"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f34ab95162763cd7352f46df169296eec28b688d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f4b5ff0b794aa94afac7269c494550ca2f66511b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f9c1f248607d5546075d3f731e7607d5571f2b60"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9FH5-955W-9JFH
Vulnerability from github – Published: 2024-01-29 18:31 – Updated: 2024-06-10 18:30A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.
{
"affected": [],
"aliases": [
"CVE-2023-40546"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-29T17:15:08Z",
"severity": "MODERATE"
},
"details": "A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn\u0027t match the format string used by it, leading to a crash under certain circumstances.",
"id": "GHSA-9fh5-955w-9jfh",
"modified": "2024-06-10T18:30:52Z",
"published": "2024-01-29T18:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40546"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1834"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1835"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1873"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1876"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1883"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1902"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1903"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1959"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2086"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-40546"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241796"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9FHM-W5M6-RQV5
Vulnerability from github – Published: 2025-01-11 15:30 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
dlm: fix possible lkb_resource null dereference
This patch fixes a possible null pointer dereference when this function is called from request_lock() as lkb->lkb_resource is not assigned yet, only after validate_lock_args() by calling attach_lkb(). Another issue is that a resource name could be a non printable bytearray and we cannot assume to be ASCII coded.
The log functionality is probably never being hit when DLM is used in normal way and no debug logging is enabled. The null pointer dereference can only occur on a new created lkb that does not have the resource assigned yet, it probably never hits the null pointer dereference but we should be sure that other changes might not change this behaviour and we actually can hit the mentioned null pointer dereference.
In this patch we just drop the printout of the resource name, the lkb id is enough to make a possible connection to a resource name if this exists.
{
"affected": [],
"aliases": [
"CVE-2024-47809"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-11T13:15:22Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndlm: fix possible lkb_resource null dereference\n\nThis patch fixes a possible null pointer dereference when this function is\ncalled from request_lock() as lkb-\u003elkb_resource is not assigned yet,\nonly after validate_lock_args() by calling attach_lkb(). Another issue\nis that a resource name could be a non printable bytearray and we cannot\nassume to be ASCII coded.\n\nThe log functionality is probably never being hit when DLM is used in\nnormal way and no debug logging is enabled. The null pointer dereference\ncan only occur on a new created lkb that does not have the resource\nassigned yet, it probably never hits the null pointer dereference but we\nshould be sure that other changes might not change this behaviour and we\nactually can hit the mentioned null pointer dereference.\n\nIn this patch we just drop the printout of the resource name, the lkb id\nis enough to make a possible connection to a resource name if this\nexists.",
"id": "GHSA-9fhm-w5m6-rqv5",
"modified": "2026-07-14T15:31:16Z",
"published": "2025-01-11T15:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47809"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2db11504ef82a60c1a2063ba7431a5cd013ecfcb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6fbdc3980b70e9c1c86eccea7d5ee68108008fa7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8d55ce46dd543c6965970ce70c22c3076dd35b1e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b98333c67daf887c724cd692e88e2db9418c0861"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e1ffea6bec96d4349dbfcc42ad3e436259f64243"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.