CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-9G4F-34X6-X7JF
Vulnerability from github – Published: 2024-05-01 15:30 – Updated: 2024-12-23 15:30In the Linux kernel, the following vulnerability has been resolved:
thunderbolt: Fix NULL pointer dereference in tb_port_update_credits()
Olliver reported that his system crashes when plugging in Thunderbolt 1 device:
BUG: kernel NULL pointer dereference, address: 0000000000000020 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:tb_port_do_update_credits+0x1b/0x130 [thunderbolt] Call Trace: ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? exc_page_fault+0x7f/0x180 ? asm_exc_page_fault+0x26/0x30 ? tb_port_do_update_credits+0x1b/0x130 ? tb_switch_update_link_attributes+0x83/0xd0 tb_switch_add+0x7a2/0xfe0 tb_scan_port+0x236/0x6f0 tb_handle_hotplug+0x6db/0x900 process_one_work+0x171/0x340 worker_thread+0x27b/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xe5/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30
This is due the fact that some Thunderbolt 1 devices only have one lane adapter. Fix this by checking for the lane 1 before we read its credits.
{
"affected": [],
"aliases": [
"CVE-2024-27060"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T13:15:50Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Fix NULL pointer dereference in tb_port_update_credits()\n\nOlliver reported that his system crashes when plugging in Thunderbolt 1\ndevice:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000020\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n RIP: 0010:tb_port_do_update_credits+0x1b/0x130 [thunderbolt]\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? exc_page_fault+0x7f/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? tb_port_do_update_credits+0x1b/0x130\n ? tb_switch_update_link_attributes+0x83/0xd0\n tb_switch_add+0x7a2/0xfe0\n tb_scan_port+0x236/0x6f0\n tb_handle_hotplug+0x6db/0x900\n process_one_work+0x171/0x340\n worker_thread+0x27b/0x3a0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe5/0x120\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThis is due the fact that some Thunderbolt 1 devices only have one lane\nadapter. Fix this by checking for the lane 1 before we read its credits.",
"id": "GHSA-9g4f-34x6-x7jf",
"modified": "2024-12-23T15:30:47Z",
"published": "2024-05-01T15:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27060"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/440fba897c5ae32d7df1f1d609dbb19e2bba7fbb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ce64ba1f6ec3439e4b4d880b4db99673f4507228"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d3d17e23d1a0d1f959b4fa55b35f1802d9c584fa"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9G5W-2H6H-7H82
Vulnerability from github – Published: 2024-06-19 15:30 – Updated: 2024-07-03 18:45In the Linux kernel, the following vulnerability has been resolved:
cppc_cpufreq: Fix possible null pointer dereference
cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from different places with various parameters. So cpufreq_cpu_get() can return null as 'policy' in some circumstances. Fix this bug by adding null return check.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
{
"affected": [],
"aliases": [
"CVE-2024-38573"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-19T14:15:17Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncppc_cpufreq: Fix possible null pointer dereference\n\ncppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from\ndifferent places with various parameters. So cpufreq_cpu_get() can return\nnull as \u0027policy\u0027 in some circumstances.\nFix this bug by adding null return check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"id": "GHSA-9g5w-2h6h-7h82",
"modified": "2024-07-03T18:45:55Z",
"published": "2024-06-19T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38573"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/769c4f355b7962895205b86ad35617873feef9a5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9a185cc5a79ba408e1c73375706630662304f618"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b18daa4ec727c0266de5bfc78e818d168cc4aedf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cf7de25878a1f4508c69dc9f6819c21ba177dbfe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dfec15222529d22b15e5b0d63572a9e39570cab4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f84b9b25d045e67a7eee5e73f21278c8ab06713c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9G63-JV3J-6766
Vulnerability from github – Published: 2024-06-24 15:31 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
fpga: manager: add owner module and take its refcount
The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcount. This approach is problematic since it can lead to a null pointer dereference while attempting to get the manager if the parent device does not have a driver.
To address this problem, add a module owner pointer to the fpga_manager struct and use it to take the module's refcount. Modify the functions for registering the manager to take an additional owner module parameter and rename them to avoid conflicts. Use the old function names for helper macros that automatically set the module that registers the manager as the owner. This ensures compatibility with existing low-level control modules and reduces the chances of registering a manager without setting the owner.
Also, update the documentation to keep it consistent with the new interface for registering an fpga manager.
Other changes: opportunistically move put_device() from __fpga_mgr_get() to fpga_mgr_get() and of_fpga_mgr_get() to improve code clarity since the manager device is taken in these functions.
{
"affected": [],
"aliases": [
"CVE-2024-37021"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-24T14:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfpga: manager: add owner module and take its refcount\n\nThe current implementation of the fpga manager assumes that the low-level\nmodule registers a driver for the parent device and uses its owner pointer\nto take the module\u0027s refcount. This approach is problematic since it can\nlead to a null pointer dereference while attempting to get the manager if\nthe parent device does not have a driver.\n\nTo address this problem, add a module owner pointer to the fpga_manager\nstruct and use it to take the module\u0027s refcount. Modify the functions for\nregistering the manager to take an additional owner module parameter and\nrename them to avoid conflicts. Use the old function names for helper\nmacros that automatically set the module that registers the manager as the\nowner. This ensures compatibility with existing low-level control modules\nand reduces the chances of registering a manager without setting the owner.\n\nAlso, update the documentation to keep it consistent with the new interface\nfor registering an fpga manager.\n\nOther changes: opportunistically move put_device() from __fpga_mgr_get() to\nfpga_mgr_get() and of_fpga_mgr_get() to improve code clarity since the\nmanager device is taken in these functions.",
"id": "GHSA-9g63-jv3j-6766",
"modified": "2025-11-03T21:31:10Z",
"published": "2024-06-24T15:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37021"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2da62a139a6221a345db4eb9f4f1c4b0937c89ad"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/304f8032d601d4f9322ca841cd0b573bd1beb158"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4d4d2d4346857bf778fafaa97d6f76bb1663e3c9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/62ac496a01c9337a11362cea427038ba621ca9eb"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9G6G-XQV5-8G5W
Vulnerability from github – Published: 2024-06-25 21:31 – Updated: 2024-11-27 21:55A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/pingcap/tidb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-37820"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2024-11-21T23:19:51Z",
"nvd_published_at": "2024-06-25T19:15:11Z",
"severity": "MODERATE"
},
"details": "A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation.",
"id": "GHSA-9g6g-xqv5-8g5w",
"modified": "2024-11-27T21:55:55Z",
"published": "2024-06-25T21:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37820"
},
{
"type": "WEB",
"url": "https://github.com/pingcap/tidb/issues/53580"
},
{
"type": "WEB",
"url": "https://github.com/pingcap/tidb/commit/3d68bd21240c610c6307713e2bd54a5e71c32608"
},
{
"type": "WEB",
"url": "https://gist.github.com/ycybfhb/a9c1e14ce281f2f553adca84d384b761"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-9g6g-xqv5-8g5w"
},
{
"type": "PACKAGE",
"url": "https://github.com/pingcap/tidb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "PingCAP TiDB nil pointer dereference"
}
GHSA-9G72-VRH2-4XQW
Vulnerability from github – Published: 2025-01-05 18:30 – Updated: 2025-01-05 18:30A vulnerability was found in IObit Protected Folder up to 13.6.0.5 and classified as problematic. This issue affects the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-0222"
],
"database_specific": {
"cwe_ids": [
"CWE-404",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-05T16:15:05Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in IObit Protected Folder up to 13.6.0.5 and classified as problematic. This issue affects the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-9g72-vrh2-4xqw",
"modified": "2025-01-05T18:30:35Z",
"published": "2025-01-05T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0222"
},
{
"type": "WEB",
"url": "https://shareforall.notion.site/IOBit-Uninstaller-IUProcessFilter-0x8001E000-NPD-DOS-15260437bb1e809c81bbc484c53b17bc"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.290201"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.290201"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.466956"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9G7X-62W8-H6G3
Vulnerability from github – Published: 2026-01-31 12:30 – Updated: 2026-03-25 18:31In the Linux kernel, the following vulnerability has been resolved:
net: 3com: 3c59x: fix possible null dereference in vortex_probe1()
pdev can be null and free_ring: can be called in 1297 with a null pdev.
{
"affected": [],
"aliases": [
"CVE-2026-23020"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-31T12:16:05Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: 3com: 3c59x: fix possible null dereference in vortex_probe1()\n\npdev can be null and free_ring: can be called in 1297 with a null\npdev.",
"id": "GHSA-9g7x-62w8-h6g3",
"modified": "2026-03-25T18:31:35Z",
"published": "2026-01-31T12:30:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23020"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/053ac9e37eee435e999277c0f1ef890dad6064bf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/28b2a805609699be7b90020ae7dccfb234be1ceb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2f05f7737e16d9a40038cc1c38a96a3f7964898b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/606872c8e8bf96066730f6a2317502c5633c37f1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6cff14b831dbdb32675b4c7904dcc3eeeaf47e9d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a4e305ed60f7c41bbf9aabc16dd75267194e0de3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d82796a57cc0dac1dbef19d913c8f02a8cc7b1a7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9GGF-W6F4-GJVQ
Vulnerability from github – Published: 2025-10-07 18:31 – Updated: 2026-02-04 00:30In the Linux kernel, the following vulnerability has been resolved:
media: amphion: fix REVERSE_INULL issues reported by coverity
null-checking of a pointor is suggested before dereferencing it
{
"affected": [],
"aliases": [
"CVE-2023-53653"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-07T16:15:48Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: fix REVERSE_INULL issues reported by coverity\n\nnull-checking of a pointor is suggested before dereferencing it",
"id": "GHSA-9ggf-w6f4-gjvq",
"modified": "2026-02-04T00:30:27Z",
"published": "2025-10-07T18:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53653"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/79d3bafaecc13bccab1ebbd28a15e669c5a4cdaf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bddd678fd2864b435d00d51a4d3808a0d89c79de"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e59d0cd8f414592187ead97b5832600ff7a0dd61"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ef56b2db216f130c4240aed907d1c5272c2d298d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9GH2-P9FC-Q3CR
Vulnerability from github – Published: 2024-04-02 09:30 – Updated: 2025-03-17 18:31In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix delayed ACKs to not set the reference serial number
Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference.
{
"affected": [],
"aliases": [
"CVE-2024-26677"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-02T07:15:44Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix delayed ACKs to not set the reference serial number\n\nFix the construction of delayed ACKs to not set the reference serial number\nas they can\u0027t be used as an RTT reference.",
"id": "GHSA-9gh2-p9fc-q3cr",
"modified": "2025-03-17T18:31:38Z",
"published": "2024-04-02T09:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26677"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/200cb50b9e154434470c8969d32474d38475acc2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/63719f490e6a89896e9a463d2b45e8203eab23ae"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e7870cf13d20f56bfc19f9c3e89707c69cf104ef"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9GJ6-XQGX-PV89
Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2024-10-25 15:31In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Prevent null pointer access in xe_migrate_copy
xe_migrate_copy designed to copy content of TTM resources. When source resource is null, it will trigger a NULL pointer dereference in xe_migrate_copy. To avoid this situation, update lacks source flag to true for this case, the flag will trigger xe_migrate_clear rather than xe_migrate_copy.
Issue trace: <7> [317.089847] xe 0000:00:02.0: [drm:xe_migrate_copy [xe]] Pass 14, sizes: 4194304 & 4194304 <7> [317.089945] xe 0000:00:02.0: [drm:xe_migrate_copy [xe]] Pass 15, sizes: 4194304 & 4194304 <1> [317.128055] BUG: kernel NULL pointer dereference, address: 0000000000000010 <1> [317.128064] #PF: supervisor read access in kernel mode <1> [317.128066] #PF: error_code(0x0000) - not-present page <6> [317.128069] PGD 0 P4D 0 <4> [317.128071] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI <4> [317.128074] CPU: 1 UID: 0 PID: 1440 Comm: kunit_try_catch Tainted: G U N 6.11.0-rc7-xe #1 <4> [317.128078] Tainted: [U]=USER, [N]=TEST <4> [317.128080] Hardware name: Intel Corporation Lunar Lake Client Platform/LNL-M LP5 RVP1, BIOS LNLMFWI1.R00.3221.D80.2407291239 07/29/2024 <4> [317.128082] RIP: 0010:xe_migrate_copy+0x66/0x13e0 [xe] <4> [317.128158] Code: 00 00 48 89 8d e0 fe ff ff 48 8b 40 10 4c 89 85 c8 fe ff ff 44 88 8d bd fe ff ff 65 48 8b 3c 25 28 00 00 00 48 89 7d d0 31 ff <8b> 79 10 48 89 85 a0 fe ff ff 48 8b 00 48 89 b5 d8 fe ff ff 83 ff <4> [317.128162] RSP: 0018:ffffc9000167f9f0 EFLAGS: 00010246 <4> [317.128164] RAX: ffff8881120d8028 RBX: ffff88814d070428 RCX: 0000000000000000 <4> [317.128166] RDX: ffff88813cb99c00 RSI: 0000000004000000 RDI: 0000000000000000 <4> [317.128168] RBP: ffffc9000167fbb8 R08: ffff88814e7b1f08 R09: 0000000000000001 <4> [317.128170] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88814e7b1f08 <4> [317.128172] R13: ffff88814e7b1f08 R14: ffff88813cb99c00 R15: 0000000000000001 <4> [317.128174] FS: 0000000000000000(0000) GS:ffff88846f280000(0000) knlGS:0000000000000000 <4> [317.128176] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4> [317.128178] CR2: 0000000000000010 CR3: 000000011f676004 CR4: 0000000000770ef0 <4> [317.128180] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 <4> [317.128182] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400 <4> [317.128184] PKRU: 55555554 <4> [317.128185] Call Trace: <4> [317.128187] <4> [317.128189] ? show_regs+0x67/0x70 <4> [317.128194] ? __die_body+0x20/0x70 <4> [317.128196] ? __die+0x2b/0x40 <4> [317.128198] ? page_fault_oops+0x15f/0x4e0 <4> [317.128203] ? do_user_addr_fault+0x3fb/0x970 <4> [317.128205] ? lock_acquire+0xc7/0x2e0 <4> [317.128209] ? exc_page_fault+0x87/0x2b0 <4> [317.128212] ? asm_exc_page_fault+0x27/0x30 <4> [317.128216] ? xe_migrate_copy+0x66/0x13e0 [xe] <4> [317.128263] ? __lock_acquire+0xb9d/0x26f0 <4> [317.128265] ? __lock_acquire+0xb9d/0x26f0 <4> [317.128267] ? sg_free_append_table+0x20/0x80 <4> [317.128271] ? lock_acquire+0xc7/0x2e0 <4> [317.128273] ? mark_held_locks+0x4d/0x80 <4> [317.128275] ? trace_hardirqs_on+0x1e/0xd0 <4> [317.128278] ? _raw_spin_unlock_irqrestore+0x31/0x60 <4> [317.128281] ? __pm_runtime_resume+0x60/0xa0 <4> [317.128284] xe_bo_move+0x682/0xc50 [xe] <4> [317.128315] ? lock_is_held_type+0xaa/0x120 <4> [317.128318] ttm_bo_handle_move_mem+0xe5/0x1a0 [ttm] <4> [317.128324] ttm_bo_validate+0xd1/0x1a0 [ttm] <4> [317.128328] shrink_test_run_device+0x721/0xc10 [xe] <4> [317.128360] ? find_held_lock+0x31/0x90 <4> [317.128363] ? lock_release+0xd1/0x2a0 <4> [317.128365] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [kunit] <4> [317.128370] xe_bo_shrink_kunit+0x11/0x20 [xe] <4> [317.128397] kunit_try_run_case+0x6e/0x150 [kunit] <4> [317.128400] ? trace_hardirqs_on+0x1e/0xd0 <4> [317.128402] ? _raw_spin_unlock_irqrestore+0x31/0x60 <4> [317.128404] kunit_generic_run_threadfn_adapter+0x1e/0x40 [ku ---truncated---
{
"affected": [],
"aliases": [
"CVE-2024-49942"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:15Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Prevent null pointer access in xe_migrate_copy\n\nxe_migrate_copy designed to copy content of TTM resources. When source\nresource is null, it will trigger a NULL pointer dereference in\nxe_migrate_copy. To avoid this situation, update lacks source flag to\ntrue for this case, the flag will trigger xe_migrate_clear rather than\nxe_migrate_copy.\n\nIssue trace:\n\u003c7\u003e [317.089847] xe 0000:00:02.0: [drm:xe_migrate_copy [xe]] Pass 14,\n sizes: 4194304 \u0026 4194304\n\u003c7\u003e [317.089945] xe 0000:00:02.0: [drm:xe_migrate_copy [xe]] Pass 15,\n sizes: 4194304 \u0026 4194304\n\u003c1\u003e [317.128055] BUG: kernel NULL pointer dereference, address:\n 0000000000000010\n\u003c1\u003e [317.128064] #PF: supervisor read access in kernel mode\n\u003c1\u003e [317.128066] #PF: error_code(0x0000) - not-present page\n\u003c6\u003e [317.128069] PGD 0 P4D 0\n\u003c4\u003e [317.128071] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n\u003c4\u003e [317.128074] CPU: 1 UID: 0 PID: 1440 Comm: kunit_try_catch Tainted:\n G U N 6.11.0-rc7-xe #1\n\u003c4\u003e [317.128078] Tainted: [U]=USER, [N]=TEST\n\u003c4\u003e [317.128080] Hardware name: Intel Corporation Lunar Lake Client\n Platform/LNL-M LP5 RVP1, BIOS LNLMFWI1.R00.3221.D80.2407291239 07/29/2024\n\u003c4\u003e [317.128082] RIP: 0010:xe_migrate_copy+0x66/0x13e0 [xe]\n\u003c4\u003e [317.128158] Code: 00 00 48 89 8d e0 fe ff ff 48 8b 40 10 4c 89 85 c8\n fe ff ff 44 88 8d bd fe ff ff 65 48 8b 3c 25 28 00 00 00 48 89 7d d0 31\n ff \u003c8b\u003e 79 10 48 89 85 a0 fe ff ff 48 8b 00 48 89 b5 d8 fe ff ff 83 ff\n\u003c4\u003e [317.128162] RSP: 0018:ffffc9000167f9f0 EFLAGS: 00010246\n\u003c4\u003e [317.128164] RAX: ffff8881120d8028 RBX: ffff88814d070428 RCX:\n 0000000000000000\n\u003c4\u003e [317.128166] RDX: ffff88813cb99c00 RSI: 0000000004000000 RDI:\n 0000000000000000\n\u003c4\u003e [317.128168] RBP: ffffc9000167fbb8 R08: ffff88814e7b1f08 R09:\n 0000000000000001\n\u003c4\u003e [317.128170] R10: 0000000000000001 R11: 0000000000000001 R12:\n ffff88814e7b1f08\n\u003c4\u003e [317.128172] R13: ffff88814e7b1f08 R14: ffff88813cb99c00 R15:\n 0000000000000001\n\u003c4\u003e [317.128174] FS: 0000000000000000(0000) GS:ffff88846f280000(0000)\n knlGS:0000000000000000\n\u003c4\u003e [317.128176] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\u003c4\u003e [317.128178] CR2: 0000000000000010 CR3: 000000011f676004 CR4:\n 0000000000770ef0\n\u003c4\u003e [317.128180] DR0: 0000000000000000 DR1: 0000000000000000 DR2:\n 0000000000000000\n\u003c4\u003e [317.128182] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7:\n 0000000000000400\n\u003c4\u003e [317.128184] PKRU: 55555554\n\u003c4\u003e [317.128185] Call Trace:\n\u003c4\u003e [317.128187] \u003cTASK\u003e\n\u003c4\u003e [317.128189] ? show_regs+0x67/0x70\n\u003c4\u003e [317.128194] ? __die_body+0x20/0x70\n\u003c4\u003e [317.128196] ? __die+0x2b/0x40\n\u003c4\u003e [317.128198] ? page_fault_oops+0x15f/0x4e0\n\u003c4\u003e [317.128203] ? do_user_addr_fault+0x3fb/0x970\n\u003c4\u003e [317.128205] ? lock_acquire+0xc7/0x2e0\n\u003c4\u003e [317.128209] ? exc_page_fault+0x87/0x2b0\n\u003c4\u003e [317.128212] ? asm_exc_page_fault+0x27/0x30\n\u003c4\u003e [317.128216] ? xe_migrate_copy+0x66/0x13e0 [xe]\n\u003c4\u003e [317.128263] ? __lock_acquire+0xb9d/0x26f0\n\u003c4\u003e [317.128265] ? __lock_acquire+0xb9d/0x26f0\n\u003c4\u003e [317.128267] ? sg_free_append_table+0x20/0x80\n\u003c4\u003e [317.128271] ? lock_acquire+0xc7/0x2e0\n\u003c4\u003e [317.128273] ? mark_held_locks+0x4d/0x80\n\u003c4\u003e [317.128275] ? trace_hardirqs_on+0x1e/0xd0\n\u003c4\u003e [317.128278] ? _raw_spin_unlock_irqrestore+0x31/0x60\n\u003c4\u003e [317.128281] ? __pm_runtime_resume+0x60/0xa0\n\u003c4\u003e [317.128284] xe_bo_move+0x682/0xc50 [xe]\n\u003c4\u003e [317.128315] ? lock_is_held_type+0xaa/0x120\n\u003c4\u003e [317.128318] ttm_bo_handle_move_mem+0xe5/0x1a0 [ttm]\n\u003c4\u003e [317.128324] ttm_bo_validate+0xd1/0x1a0 [ttm]\n\u003c4\u003e [317.128328] shrink_test_run_device+0x721/0xc10 [xe]\n\u003c4\u003e [317.128360] ? find_held_lock+0x31/0x90\n\u003c4\u003e [317.128363] ? lock_release+0xd1/0x2a0\n\u003c4\u003e [317.128365] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10\n [kunit]\n\u003c4\u003e [317.128370] xe_bo_shrink_kunit+0x11/0x20 [xe]\n\u003c4\u003e [317.128397] kunit_try_run_case+0x6e/0x150 [kunit]\n\u003c4\u003e [317.128400] ? trace_hardirqs_on+0x1e/0xd0\n\u003c4\u003e [317.128402] ? _raw_spin_unlock_irqrestore+0x31/0x60\n\u003c4\u003e [317.128404] kunit_generic_run_threadfn_adapter+0x1e/0x40 [ku\n---truncated---",
"id": "GHSA-9gj6-xqgx-pv89",
"modified": "2024-10-25T15:31:25Z",
"published": "2024-10-21T18:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49942"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/16e0267db156f8a4ea16bfb3ac3f5743c9698df3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7257d9c9a3c6cfe26c428e9b7ae21d61f2f55a79"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8f5199b6971f0717c2d31685953971fa2e1b9e1a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9GJX-92J9-R7X4
Vulnerability from github – Published: 2022-05-14 01:52 – Updated: 2022-05-14 01:52An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.c.
{
"affected": [],
"aliases": [
"CVE-2018-19121"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-09T11:29:00Z",
"severity": "MODERATE"
},
"details": "An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.c.",
"id": "GHSA-9gjx-92j9-r7x4",
"modified": "2022-05-14T01:52:00Z",
"published": "2022-05-14T01:52:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19121"
},
{
"type": "WEB",
"url": "https://github.com/mz-automation/libiec61850/issues/85"
},
{
"type": "WEB",
"url": "https://github.com/fouzhe/security/tree/master/libiec61850#segv-in-function-ethernet_receivepacket"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.