Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-C27H-C5HG-96W2

Vulnerability from github – Published: 2022-05-14 00:55 – Updated: 2022-05-14 00:55
VLAI
Details

A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-12697"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-23T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.",
  "id": "GHSA-c27h-c5hg-96w2",
  "modified": "2022-05-14T00:55:07Z",
  "published": "2022-05-14T00:55:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12697"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2075"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102"
    },
    {
      "type": "WEB",
      "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201908-01"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23057"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4326-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4336-1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104538"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C28W-559X-WR7V

Vulnerability from github – Published: 2022-05-13 01:05 – Updated: 2024-05-23 18:30
VLAI
Details

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5729"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-06T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.",
  "id": "GHSA-c28w-559x-wr7v",
  "modified": "2024-05-23T18:30:52Z",
  "published": "2022-05-13T01:05:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5729"
    },
    {
      "type": "WEB",
      "url": "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHBA-2019:0327"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3071"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551083"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1042071"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C299-229X-W5C5

Vulnerability from github – Published: 2024-08-22 03:31 – Updated: 2024-09-11 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()

In zynq_qspi_exec_mem_op(), kzalloc() is directly used in memset(), which could lead to a NULL pointer dereference on failure of kzalloc().

Fix this bug by adding a check of tmpbuf.

This bug was found by a static analyzer. The analysis employs differential checking to identify inconsistent security operations (e.g., checks or kfrees) between two code paths and confirms that the inconsistent operations are not recovered in the current function or the callers, so they constitute bugs.

Note that, as a bug found by static analysis, it can be a false positive or hard to trigger. Multiple researchers have cross-reviewed the bug.

Builds with CONFIG_SPI_ZYNQ_QSPI=m show no new warnings, and our static analyzer no longer warns about this code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-4441"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-22T02:15:04Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()\n\nIn zynq_qspi_exec_mem_op(), kzalloc() is directly used in memset(),\nwhich could lead to a NULL pointer dereference on failure of\nkzalloc().\n\nFix this bug by adding a check of tmpbuf.\n\nThis bug was found by a static analyzer. The analysis employs\ndifferential checking to identify inconsistent security operations\n(e.g., checks or kfrees) between two code paths and confirms that the\ninconsistent operations are not recovered in the current function or\nthe callers, so they constitute bugs.\n\nNote that, as a bug found by static analysis, it can be a false\npositive or hard to trigger. Multiple researchers have cross-reviewed\nthe bug.\n\nBuilds with CONFIG_SPI_ZYNQ_QSPI=m show no new warnings,\nand our static analyzer no longer warns about this code.",
  "id": "GHSA-c299-229x-w5c5",
  "modified": "2024-09-11T18:31:02Z",
  "published": "2024-08-22T03:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4441"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2efece1368aeee2d2552c7ec36aeb676c4d4c95f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3c32405d6474a21f7d742828e73c13e326dcae82"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ab3824427b848da10e9fe2727f035bbeecae6ff4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b9dd08cbebe0c593c49bf86d2012a431494e54cb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/df14d2bed8e2455878e046e67123d9ecb2e79056"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C2MM-XF5X-8RPJ

Vulnerability from github – Published: 2025-10-07 18:31 – Updated: 2026-02-04 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

Drivers: hv: vmbus: Don't dereference ACPI root object handle

Since the commit referenced in the Fixes: tag below the VMBus client driver is walking the ACPI namespace up from the VMBus ACPI device to the ACPI namespace root object trying to find Hyper-V MMIO ranges.

However, if it is not able to find them it ends trying to walk resources of the ACPI namespace root object itself. This object has all-ones handle, which causes a NULL pointer dereference in the ACPI code (from dereferencing this pointer with an offset).

This in turn causes an oops on boot with VMBus host implementations that do not provide Hyper-V MMIO ranges in their VMBus ACPI device or its ancestors. The QEMU VMBus implementation is an example of such implementation.

I guess providing these ranges is optional, since all tested Windows versions seem to be able to use VMBus devices without them.

Fix this by explicitly terminating the lookup at the ACPI namespace root object.

Note that Linux guests under KVM/QEMU do not use the Hyper-V PV interface by default - they only do so if the KVM PV interface is missing or disabled.

Example stack trace of such oops: [ 3.710827] ? __die+0x1f/0x60 [ 3.715030] ? page_fault_oops+0x159/0x460 [ 3.716008] ? exc_page_fault+0x73/0x170 [ 3.716959] ? asm_exc_page_fault+0x22/0x30 [ 3.717957] ? acpi_ns_lookup+0x7a/0x4b0 [ 3.718898] ? acpi_ns_internalize_name+0x79/0xc0 [ 3.720018] acpi_ns_get_node_unlocked+0xb5/0xe0 [ 3.721120] ? acpi_ns_check_object_type+0xfe/0x200 [ 3.722285] ? acpi_rs_convert_aml_to_resource+0x37/0x6e0 [ 3.723559] ? down_timeout+0x3a/0x60 [ 3.724455] ? acpi_ns_get_node+0x3a/0x60 [ 3.725412] acpi_ns_get_node+0x3a/0x60 [ 3.726335] acpi_ns_evaluate+0x1c3/0x2c0 [ 3.727295] acpi_ut_evaluate_object+0x64/0x1b0 [ 3.728400] acpi_rs_get_method_data+0x2b/0x70 [ 3.729476] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus] [ 3.730940] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus] [ 3.732411] acpi_walk_resources+0x78/0xd0 [ 3.733398] vmbus_platform_driver_probe+0x9f/0x1d0 [hv_vmbus] [ 3.734802] platform_probe+0x3d/0x90 [ 3.735684] really_probe+0x19b/0x400 [ 3.736570] ? __device_attach_driver+0x100/0x100 [ 3.737697] __driver_probe_device+0x78/0x160 [ 3.738746] driver_probe_device+0x1f/0x90 [ 3.739743] __driver_attach+0xc2/0x1b0 [ 3.740671] bus_for_each_dev+0x70/0xc0 [ 3.741601] bus_add_driver+0x10e/0x210 [ 3.742527] driver_register+0x55/0xf0 [ 3.744412] ? 0xffffffffc039a000 [ 3.745207] hv_acpi_init+0x3c/0x1000 [hv_vmbus]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53647"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-07T16:15:48Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Don\u0027t dereference ACPI root object handle\n\nSince the commit referenced in the Fixes: tag below the VMBus client driver\nis walking the ACPI namespace up from the VMBus ACPI device to the ACPI\nnamespace root object trying to find Hyper-V MMIO ranges.\n\nHowever, if it is not able to find them it ends trying to walk resources of\nthe ACPI namespace root object itself.\nThis object has all-ones handle, which causes a NULL pointer dereference\nin the ACPI code (from dereferencing this pointer with an offset).\n\nThis in turn causes an oops on boot with VMBus host implementations that do\nnot provide Hyper-V MMIO ranges in their VMBus ACPI device or its\nancestors.\nThe QEMU VMBus implementation is an example of such implementation.\n\nI guess providing these ranges is optional, since all tested Windows\nversions seem to be able to use VMBus devices without them.\n\nFix this by explicitly terminating the lookup at the ACPI namespace root\nobject.\n\nNote that Linux guests under KVM/QEMU do not use the Hyper-V PV interface\nby default - they only do so if the KVM PV interface is missing or\ndisabled.\n\nExample stack trace of such oops:\n[ 3.710827] ? __die+0x1f/0x60\n[ 3.715030] ? page_fault_oops+0x159/0x460\n[ 3.716008] ? exc_page_fault+0x73/0x170\n[ 3.716959] ? asm_exc_page_fault+0x22/0x30\n[ 3.717957] ? acpi_ns_lookup+0x7a/0x4b0\n[ 3.718898] ? acpi_ns_internalize_name+0x79/0xc0\n[ 3.720018] acpi_ns_get_node_unlocked+0xb5/0xe0\n[ 3.721120] ? acpi_ns_check_object_type+0xfe/0x200\n[ 3.722285] ? acpi_rs_convert_aml_to_resource+0x37/0x6e0\n[ 3.723559] ? down_timeout+0x3a/0x60\n[ 3.724455] ? acpi_ns_get_node+0x3a/0x60\n[ 3.725412] acpi_ns_get_node+0x3a/0x60\n[ 3.726335] acpi_ns_evaluate+0x1c3/0x2c0\n[ 3.727295] acpi_ut_evaluate_object+0x64/0x1b0\n[ 3.728400] acpi_rs_get_method_data+0x2b/0x70\n[ 3.729476] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.730940] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.732411] acpi_walk_resources+0x78/0xd0\n[ 3.733398] vmbus_platform_driver_probe+0x9f/0x1d0 [hv_vmbus]\n[ 3.734802] platform_probe+0x3d/0x90\n[ 3.735684] really_probe+0x19b/0x400\n[ 3.736570] ? __device_attach_driver+0x100/0x100\n[ 3.737697] __driver_probe_device+0x78/0x160\n[ 3.738746] driver_probe_device+0x1f/0x90\n[ 3.739743] __driver_attach+0xc2/0x1b0\n[ 3.740671] bus_for_each_dev+0x70/0xc0\n[ 3.741601] bus_add_driver+0x10e/0x210\n[ 3.742527] driver_register+0x55/0xf0\n[ 3.744412] ? 0xffffffffc039a000\n[ 3.745207] hv_acpi_init+0x3c/0x1000 [hv_vmbus]",
  "id": "GHSA-c2mm-xf5x-8rpj",
  "modified": "2026-02-04T00:30:27Z",
  "published": "2025-10-07T18:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53647"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/64f09d45e94547fbf219f36d1d02ac42742c028c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/78e04bbff849b51b56f5925b1945db2c6e128b61"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/96db43aced395844a7abc9a0a5cc702513e3534a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9fc162c59edc841032a3553eb2334320abab0784"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C2QC-RJ55-83M4

Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-04-24 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

HID: pidff: Fix condition effect bit clearing

As reported by MPDarkGuy on discord, NULL pointer dereferences were happening because not all the conditional effects bits were cleared.

Properly clear all conditional effect bits from ffbit

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23349"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T11:16:33Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: pidff: Fix condition effect bit clearing\n\nAs reported by MPDarkGuy on discord, NULL pointer dereferences were\nhappening because not all the conditional effects bits were cleared.\n\nProperly clear all conditional effect bits from ffbit",
  "id": "GHSA-c2qc-rj55-83m4",
  "modified": "2026-04-24T18:30:40Z",
  "published": "2026-03-25T12:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23349"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/97d5c8f5c09a604c4873c8348f58de3cea69a7df"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d1edc027a4b0bb4c7a2670b530590b4df6177011"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ef0e669dbceaf3d7bb4ae0b235fa61feabd92b0b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C2WX-FCX5-8PM2

Vulnerability from github – Published: 2022-05-24 17:24 – Updated: 2023-02-03 18:30
VLAI
Details

In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-16118"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-29T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.",
  "id": "GHSA-c2wx-fcx5-8pm2",
  "modified": "2023-02-03T18:30:33Z",
  "published": "2022-05-24T17:24:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16118"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/balsa/-/commit/4e245d758e1c826a01080d40c22ca8706f0339e5"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/balsa/-/issues/23"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00035.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C398-43HF-W2RG

Vulnerability from github – Published: 2022-05-01 17:43 – Updated: 2025-04-03 15:30
VLAI
Details

WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2007-0342"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-01-18T02:28:00Z",
    "severity": "MODERATE"
  },
  "details": "WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.",
  "id": "GHSA-c398-43hf-w2rg",
  "modified": "2025-04-03T15:30:40Z",
  "published": "2022-05-01T17:43:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0342"
    },
    {
      "type": "WEB",
      "url": "http://security-protocols.com/sp-x41-advisory.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22059"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C39G-WMC4-J8VM

Vulnerability from github – Published: 2022-04-30 00:02 – Updated: 2022-04-30 00:02
VLAI
Details

It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-10914"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-04T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.",
  "id": "GHSA-c39g-wmc4-j8vm",
  "modified": "2022-04-30T00:02:17Z",
  "published": "2022-04-30T00:02:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10914"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2607"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2608"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3470"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10914"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201904-06"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C39J-57H3-VVJP

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-18 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci_plat_remove: avoid NULL dereference

Since commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a ("usb: host: xhci-plat: omit shared hcd if either root hub has no ports") xhci->shared_hcd can be NULL, which causes the following Oops on reboot:

[ 710.124450] systemd-shutdown[1]: Rebooting. [ 710.298861] xhci-hcd xhci-hcd.2.auto: remove, state 4 [ 710.304217] usb usb3: USB disconnect, device number 1 [ 710.317441] xhci-hcd xhci-hcd.2.auto: USB bus 3 deregistered [ 710.323280] xhci-hcd xhci-hcd.2.auto: remove, state 1 [ 710.328401] usb usb2: USB disconnect, device number 1 [ 710.333515] usb 2-3: USB disconnect, device number 2 [ 710.467649] xhci-hcd xhci-hcd.2.auto: USB bus 2 deregistered [ 710.475450] Unable to handle kernel NULL pointer dereference at virtual address 00000000000003b8 [ 710.484425] Mem abort info: [ 710.487265] ESR = 0x0000000096000004 [ 710.491060] EC = 0x25: DABT (current EL), IL = 32 bits [ 710.496427] SET = 0, FnV = 0 [ 710.499525] EA = 0, S1PTW = 0 [ 710.502716] FSC = 0x04: level 0 translation fault [ 710.507648] Data abort info: [ 710.510577] ISV = 0, ISS = 0x00000004 [ 710.514462] CM = 0, WnR = 0 [ 710.517480] user pgtable: 4k pages, 48-bit VAs, pgdp=00000008b0050000 [ 710.523976] [00000000000003b8] pgd=0000000000000000, p4d=0000000000000000 [ 710.530961] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 710.536551] Modules linked in: rfkill input_leds snd_soc_simple_card snd_soc_simple_card_utils snd_soc_nau8822 designware_i2s snd_soc_core dw_hdmi_ahb_audio snd_pcm_dmaengine arm_ccn panfrost ac97_bus gpu_sched snd_pcm at24 fuse configfs sdhci_of_dwcmshc sdhci_pltfm sdhci nvme led_class mmc_core nvme_core bt1_pvt polynomial tp_serio snd_seq_midi snd_seq_midi_event snd_seq snd_timer snd_rawmidi snd_seq_device snd soundcore efivarfs ipv6 [ 710.575286] CPU: 7 PID: 1 Comm: systemd-shutdow Not tainted 5.19.0-rc7-00043-gfd8619f4fd54 #1 [ 710.583822] Hardware name: T-Platforms TF307-MB/BM1BM1-A, BIOS 5.6 07/06/2022 [ 710.590972] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 710.597949] pc : usb_remove_hcd+0x34/0x1e4 [ 710.602067] lr : xhci_plat_remove+0x74/0x140 [ 710.606351] sp : ffff800009f3b7c0 [ 710.609674] x29: ffff800009f3b7c0 x28: ffff000800960040 x27: 0000000000000000 [ 710.616833] x26: ffff800008dc22a0 x25: 0000000000000000 x24: 0000000000000000 [ 710.623992] x23: 0000000000000000 x22: ffff000805465810 x21: ffff000805465800 [ 710.631149] x20: ffff000800f80000 x19: 0000000000000000 x18: ffffffffffffffff [ 710.638307] x17: ffff000805096000 x16: ffff00080633b800 x15: ffff000806537a1c [ 710.645465] x14: 0000000000000001 x13: 0000000000000000 x12: ffff00080378d6f0 [ 710.652621] x11: ffff00080041a900 x10: ffff800009b204e8 x9 : ffff8000088abaa4 [ 710.659779] x8 : ffff000800960040 x7 : ffff800009409000 x6 : 0000000000000001 [ 710.666936] x5 : ffff800009241000 x4 : ffff800009241440 x3 : 0000000000000000 [ 710.674094] x2 : ffff000800960040 x1 : ffff000800960040 x0 : 0000000000000000 [ 710.681251] Call trace: [ 710.683704] usb_remove_hcd+0x34/0x1e4 [ 710.687467] xhci_plat_remove+0x74/0x140 [ 710.691400] platform_remove+0x34/0x70 [ 710.695165] device_remove+0x54/0x90 [ 710.698753] device_release_driver_internal+0x200/0x270 [ 710.703992] device_release_driver+0x24/0x30 [ 710.708273] bus_remove_device+0xe0/0x16c [ 710.712293] device_del+0x178/0x390 [ 710.715797] platform_device_del.part.0+0x24/0x90 [ 710.720514] platform_device_unregister+0x30/0x50 [ 710.725232] dwc3_host_exit+0x20/0x30 [ 710.728907] dwc3_remove+0x174/0x1b0 [ 710.732494] platform_remove+0x34/0x70 [ 710.736254] device_remove+0x54/0x90 [ 710.739840] device_release_driver_internal+0x200/0x270 [ 710.745078] device_release_driver+0x24/0x30 [ 710.749359] bus_remove_device+0xe0/0x16c [ 710.753380] device_del+0x178/0x390 [ 710.756881] platform_device_del.part ---truncated---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50133"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:43Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci_plat_remove: avoid NULL dereference\n\nSince commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a (\"usb: host:\nxhci-plat: omit shared hcd if either root hub has no ports\")\nxhci-\u003eshared_hcd can be NULL, which causes the following Oops\non reboot:\n\n[  710.124450] systemd-shutdown[1]: Rebooting.\n[  710.298861] xhci-hcd xhci-hcd.2.auto: remove, state 4\n[  710.304217] usb usb3: USB disconnect, device number 1\n[  710.317441] xhci-hcd xhci-hcd.2.auto: USB bus 3 deregistered\n[  710.323280] xhci-hcd xhci-hcd.2.auto: remove, state 1\n[  710.328401] usb usb2: USB disconnect, device number 1\n[  710.333515] usb 2-3: USB disconnect, device number 2\n[  710.467649] xhci-hcd xhci-hcd.2.auto: USB bus 2 deregistered\n[  710.475450] Unable to handle kernel NULL pointer dereference at virtual address 00000000000003b8\n[  710.484425] Mem abort info:\n[  710.487265]   ESR = 0x0000000096000004\n[  710.491060]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  710.496427]   SET = 0, FnV = 0\n[  710.499525]   EA = 0, S1PTW = 0\n[  710.502716]   FSC = 0x04: level 0 translation fault\n[  710.507648] Data abort info:\n[  710.510577]   ISV = 0, ISS = 0x00000004\n[  710.514462]   CM = 0, WnR = 0\n[  710.517480] user pgtable: 4k pages, 48-bit VAs, pgdp=00000008b0050000\n[  710.523976] [00000000000003b8] pgd=0000000000000000, p4d=0000000000000000\n[  710.530961] Internal error: Oops: 96000004 [#1] PREEMPT SMP\n[  710.536551] Modules linked in: rfkill input_leds snd_soc_simple_card snd_soc_simple_card_utils snd_soc_nau8822 designware_i2s snd_soc_core dw_hdmi_ahb_audio snd_pcm_dmaengine arm_ccn panfrost ac97_bus gpu_sched snd_pcm at24 fuse configfs sdhci_of_dwcmshc sdhci_pltfm sdhci nvme led_class mmc_core nvme_core bt1_pvt polynomial tp_serio snd_seq_midi snd_seq_midi_event snd_seq snd_timer snd_rawmidi snd_seq_device snd soundcore efivarfs ipv6\n[  710.575286] CPU: 7 PID: 1 Comm: systemd-shutdow Not tainted 5.19.0-rc7-00043-gfd8619f4fd54 #1\n[  710.583822] Hardware name: T-Platforms TF307-MB/BM1BM1-A, BIOS 5.6 07/06/2022\n[  710.590972] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  710.597949] pc : usb_remove_hcd+0x34/0x1e4\n[  710.602067] lr : xhci_plat_remove+0x74/0x140\n[  710.606351] sp : ffff800009f3b7c0\n[  710.609674] x29: ffff800009f3b7c0 x28: ffff000800960040 x27: 0000000000000000\n[  710.616833] x26: ffff800008dc22a0 x25: 0000000000000000 x24: 0000000000000000\n[  710.623992] x23: 0000000000000000 x22: ffff000805465810 x21: ffff000805465800\n[  710.631149] x20: ffff000800f80000 x19: 0000000000000000 x18: ffffffffffffffff\n[  710.638307] x17: ffff000805096000 x16: ffff00080633b800 x15: ffff000806537a1c\n[  710.645465] x14: 0000000000000001 x13: 0000000000000000 x12: ffff00080378d6f0\n[  710.652621] x11: ffff00080041a900 x10: ffff800009b204e8 x9 : ffff8000088abaa4\n[  710.659779] x8 : ffff000800960040 x7 : ffff800009409000 x6 : 0000000000000001\n[  710.666936] x5 : ffff800009241000 x4 : ffff800009241440 x3 : 0000000000000000\n[  710.674094] x2 : ffff000800960040 x1 : ffff000800960040 x0 : 0000000000000000\n[  710.681251] Call trace:\n[  710.683704]  usb_remove_hcd+0x34/0x1e4\n[  710.687467]  xhci_plat_remove+0x74/0x140\n[  710.691400]  platform_remove+0x34/0x70\n[  710.695165]  device_remove+0x54/0x90\n[  710.698753]  device_release_driver_internal+0x200/0x270\n[  710.703992]  device_release_driver+0x24/0x30\n[  710.708273]  bus_remove_device+0xe0/0x16c\n[  710.712293]  device_del+0x178/0x390\n[  710.715797]  platform_device_del.part.0+0x24/0x90\n[  710.720514]  platform_device_unregister+0x30/0x50\n[  710.725232]  dwc3_host_exit+0x20/0x30\n[  710.728907]  dwc3_remove+0x174/0x1b0\n[  710.732494]  platform_remove+0x34/0x70\n[  710.736254]  device_remove+0x54/0x90\n[  710.739840]  device_release_driver_internal+0x200/0x270\n[  710.745078]  device_release_driver+0x24/0x30\n[  710.749359]  bus_remove_device+0xe0/0x16c\n[  710.753380]  device_del+0x178/0x390\n[  710.756881]  platform_device_del.part\n---truncated---",
  "id": "GHSA-c39j-57h3-vvjp",
  "modified": "2025-11-18T18:32:46Z",
  "published": "2025-06-18T12:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50133"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/371a8af4f26e06b4d51d893b4436f520b48d07fd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d7de14d74d6551f0d097430f9893ce82ad17e5b8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C3HC-7834-GF3G

Vulnerability from github – Published: 2022-05-17 03:02 – Updated: 2025-04-20 03:32
VLAI
Details

The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8695 and CVE-2016-8696.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-8694"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-31T22:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8695 and CVE-2016-8696.",
  "id": "GHSA-c3hc-7834-gf3g",
  "modified": "2025-04-20T03:32:04Z",
  "published": "2022-05-17T03:02:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8694"
    },
    {
      "type": "WEB",
      "url": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c"
    },
    {
      "type": "WEB",
      "url": "http://potrace.sourceforge.net/ChangeLog"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/08/18/11"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/16/12"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93778"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.