CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-C4JC-F237-C7H5
Vulnerability from github – Published: 2024-06-20 12:31 – Updated: 2024-09-18 18:30In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
The function performs a check on the "phy" input parameter, however, it is used before the check.
Initialize the "dev" variable after the sanity check to avoid a possible NULL pointer dereference.
Addresses-Coverity-ID: 1493860 ("Null pointer dereference")
{
"affected": [],
"aliases": [
"CVE-2022-48756"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-20T12:15:13Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dsi: invalid parameter check in msm_dsi_phy_enable\n\nThe function performs a check on the \"phy\" input parameter, however, it\nis used before the check.\n\nInitialize the \"dev\" variable after the sanity check to avoid a possible\nNULL pointer dereference.\n\nAddresses-Coverity-ID: 1493860 (\"Null pointer dereference\")",
"id": "GHSA-c4jc-f237-c7h5",
"modified": "2024-09-18T18:30:49Z",
"published": "2024-06-20T12:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48756"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2b7e7df1eacd280e561ede3e977853606871c951"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/56480fb10b976581a363fd168dc2e4fbee87a1a7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/581317b1f001b7509041544d7019b75571daa100"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5e761a2287234bc402ba7ef07129f5103bcd775c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6d9f8ba28f3747ca0f910a363e46f1114856dbbe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/79c0b5287ded74f4eacde4dfd8aa0a76cbd853b5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca63eeb70fcb53c42e1fe54e1735a54d8e7759fd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C4MH-CV6M-6477
Vulnerability from github – Published: 2024-06-19 15:30 – Updated: 2024-07-03 18:45In the Linux kernel, the following vulnerability has been resolved:
ALSA: core: Fix NULL module pointer assignment at card init
The commit 81033c6b584b ("ALSA: core: Warn on empty module") introduced a WARN_ON() for a NULL module pointer passed at snd_card object creation, and it also wraps the code around it with '#ifdef MODULE'. This works in most cases, but the devils are always in details. "MODULE" is defined when the target code (i.e. the sound core) is built as a module; but this doesn't mean that the caller is also built-in or not. Namely, when only the sound core is built-in (CONFIG_SND=y) while the driver is a module (CONFIG_SND_USB_AUDIO=m), the passed module pointer is ignored even if it's non-NULL, and card->module remains as NULL. This would result in the missing module reference up/down at the device open/close, leading to a race with the code execution after the module removal.
For addressing the bug, move the assignment of card->module again out of ifdef. The WARN_ON() is still wrapped with ifdef because the module can be really NULL when all sound drivers are built-in.
Note that we keep 'ifdef MODULE' for WARN_ON(), otherwise it would lead to a false-positive NULL module check. Admittedly it won't catch perfectly, i.e. no check is performed when CONFIG_SND=y. But, it's no real problem as it's only for debugging, and the condition is pretty rare.
{
"affected": [],
"aliases": [
"CVE-2024-38605"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-19T14:15:20Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: core: Fix NULL module pointer assignment at card init\n\nThe commit 81033c6b584b (\"ALSA: core: Warn on empty module\")\nintroduced a WARN_ON() for a NULL module pointer passed at snd_card\nobject creation, and it also wraps the code around it with \u0027#ifdef\nMODULE\u0027. This works in most cases, but the devils are always in\ndetails. \"MODULE\" is defined when the target code (i.e. the sound\ncore) is built as a module; but this doesn\u0027t mean that the caller is\nalso built-in or not. Namely, when only the sound core is built-in\n(CONFIG_SND=y) while the driver is a module (CONFIG_SND_USB_AUDIO=m),\nthe passed module pointer is ignored even if it\u0027s non-NULL, and\ncard-\u003emodule remains as NULL. This would result in the missing module\nreference up/down at the device open/close, leading to a race with the\ncode execution after the module removal.\n\nFor addressing the bug, move the assignment of card-\u003emodule again out\nof ifdef. The WARN_ON() is still wrapped with ifdef because the\nmodule can be really NULL when all sound drivers are built-in.\n\nNote that we keep \u0027ifdef MODULE\u0027 for WARN_ON(), otherwise it would\nlead to a false-positive NULL module check. Admittedly it won\u0027t catch\nperfectly, i.e. no check is performed when CONFIG_SND=y. But, it\u0027s no\nreal problem as it\u0027s only for debugging, and the condition is pretty\nrare.",
"id": "GHSA-c4mh-cv6m-6477",
"modified": "2024-07-03T18:45:57Z",
"published": "2024-06-19T15:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38605"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/39381fe7394e5eafac76e7e9367e7351138a29c1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6b8374ee2cabcf034faa34e69a855dc496a9ec12"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c935e72139e6d523defd60fe875c01eb1f9ea5c5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d7ff29a429b56f04783152ad7bbd7233b740e434"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e007476725730c1a68387b54b7629486d8a8301e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e644036a3e2b2c9b3eee3c61b5d31c2ca8b5ba92"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e7e0ca200772bdb2fdc6d43d32d341e87a36f811"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C4PM-XJC2-738R
Vulnerability from github – Published: 2022-05-17 02:53 – Updated: 2025-04-20 03:33The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. NOTE: this typically has no risk; this crash of this command-line program has no further consequences for availability.
{
"affected": [],
"aliases": [
"CVE-2017-5851"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-01T15:59:00Z",
"severity": "MODERATE"
},
"details": "The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. NOTE: this typically has no risk; this crash of this command-line program has no further consequences for availability.",
"id": "GHSA-c4pm-xjc2-738r",
"modified": "2025-04-20T03:33:28Z",
"published": "2022-05-17T02:53:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5851"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/02/01/mp3splt-null-pointer-dereference-in-free_options-options_manager-c"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C4V9-G4CM-VGVX
Vulnerability from github – Published: 2024-05-19 09:34 – Updated: 2025-01-07 18:30In the Linux kernel, the following vulnerability has been resolved:
spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe
In function pci1xxxx_spi_probe, there is a potential null pointer that may be caused by a failed memory allocation by the function devm_kzalloc. Hence, a null pointer check needs to be added to prevent null pointer dereferencing later in the code.
To fix this issue, spi_bus->spi_int[iter] should be checked. The memory allocated by devm_kzalloc will be automatically released, so just directly return -ENOMEM without worrying about memory leaks.
{
"affected": [],
"aliases": [
"CVE-2024-35883"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-19T09:15:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe\n\nIn function pci1xxxx_spi_probe, there is a potential null pointer that\nmay be caused by a failed memory allocation by the function devm_kzalloc.\nHence, a null pointer check needs to be added to prevent null pointer\ndereferencing later in the code.\n\nTo fix this issue, spi_bus-\u003espi_int[iter] should be checked. The memory\nallocated by devm_kzalloc will be automatically released, so just directly\nreturn -ENOMEM without worrying about memory leaks.",
"id": "GHSA-c4v9-g4cm-vgvx",
"modified": "2025-01-07T18:30:43Z",
"published": "2024-05-19T09:34:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35883"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1f886a7bfb3faf4c1021e73f045538008ce7634e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b31a226097cf8cc3c9de5e855d97757fdb2bf06"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/95e5d9eb26705a9a76d2ef8bcba9ee2e195d653d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C52G-V6H9-JGHM
Vulnerability from github – Published: 2024-12-04 15:31 – Updated: 2025-11-04 00:32In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
When using the "block:block_dirty_buffer" tracepoint, mark_buffer_dirty() may cause a NULL pointer dereference, or a general protection fault when KASAN is enabled.
This happens because, since the tracepoint was added in mark_buffer_dirty(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure.
In the current implementation, nilfs_grab_buffer(), which grabs a buffer to read (or create) a block of metadata, including b-tree node blocks, does not set the block device, but instead does so only if the buffer is not in the "uptodate" state for each of its caller block reading functions. However, if the uptodate flag is set on a folio/page, and the buffer heads are detached from it by try_to_free_buffers(), and new buffer heads are then attached by create_empty_buffers(), the uptodate flag may be restored to each buffer without the block device being set to bh->b_bdev, and mark_buffer_dirty() may be called later in that state, resulting in the bug mentioned above.
Fix this issue by making nilfs_grab_buffer() always set the block device of the super block structure to the buffer head, regardless of the state of the buffer's uptodate flag.
{
"affected": [],
"aliases": [
"CVE-2024-53130"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-04T15:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint\n\nWhen using the \"block:block_dirty_buffer\" tracepoint, mark_buffer_dirty()\nmay cause a NULL pointer dereference, or a general protection fault when\nKASAN is enabled.\n\nThis happens because, since the tracepoint was added in\nmark_buffer_dirty(), it references the dev_t member bh-\u003eb_bdev-\u003ebd_dev\nregardless of whether the buffer head has a pointer to a block_device\nstructure.\n\nIn the current implementation, nilfs_grab_buffer(), which grabs a buffer\nto read (or create) a block of metadata, including b-tree node blocks,\ndoes not set the block device, but instead does so only if the buffer is\nnot in the \"uptodate\" state for each of its caller block reading\nfunctions. However, if the uptodate flag is set on a folio/page, and the\nbuffer heads are detached from it by try_to_free_buffers(), and new buffer\nheads are then attached by create_empty_buffers(), the uptodate flag may\nbe restored to each buffer without the block device being set to\nbh-\u003eb_bdev, and mark_buffer_dirty() may be called later in that state,\nresulting in the bug mentioned above.\n\nFix this issue by making nilfs_grab_buffer() always set the block device\nof the super block structure to the buffer head, regardless of the state\nof the buffer\u0027s uptodate flag.",
"id": "GHSA-c52g-v6h9-jghm",
"modified": "2025-11-04T00:32:09Z",
"published": "2024-12-04T15:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53130"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0a5014ad37c77ac6a2c525137c00a0e1724f6020"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0ce59fb1c73fdd5b6028226aeb46259a0cdc0957"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2026559a6c4ce34db117d2db8f710fe2a9420d5a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7af3309c7a2ef26831a67125b11c34a7e01c1b2a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/86b19031dbc79abc378dfae357f6ea33ebeb0c95"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b0e4765740040c44039282057ecacd7435d1d2ba"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d904e4d845aafbcfd8a40c1df7d999f02f062be8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ffc440a76a0f476a7e6ea838ec0dc8e9979944d1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C58W-C6Q2-HWJW
Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-01-23 18:31In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Make sure "ib_port" is valid when access sysfs node
The "ib_port" structure must be set before adding the sysfs kobject, and reset after removing it, otherwise it may crash when accessing the sysfs node: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050 Mem abort info: ESR = 0x96000006 Exception class = DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ISS = 0x00000006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000e85f5ba5 [0000000000000050] pgd=0000000848fd9003, pud=000000085b387003, pmd=0000000000000000 Internal error: Oops: 96000006 [#2] PREEMPT SMP Modules linked in: ib_umad(O) mlx5_ib(O) nfnetlink_cttimeout(E) nfnetlink(E) act_gact(E) cls_flower(E) sch_ingress(E) openvswitch(E) nsh(E) nf_nat_ipv6(E) nf_nat_ipv4(E) nf_conncount(E) nf_nat(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) mst_pciconf(O) ipmi_devintf(E) ipmi_msghandler(E) ipmb_dev_int(OE) mlx5_core(O) mlxfw(O) mlxdevm(O) auxiliary(O) ib_uverbs(O) ib_core(O) mlx_compat(O) psample(E) sbsa_gwdt(E) uio_pdrv_genirq(E) uio(E) mlxbf_pmc(OE) mlxbf_gige(OE) mlxbf_tmfifo(OE) gpio_mlxbf2(OE) pwr_mlxbf(OE) mlx_trio(OE) i2c_mlxbf(OE) mlx_bootctl(OE) bluefield_edac(OE) knem(O) ip_tables(E) ipv6(E) crc_ccitt(E) [last unloaded: mst_pci] Process grep (pid: 3372, stack limit = 0x0000000022055c92) CPU: 5 PID: 3372 Comm: grep Tainted: G D OE 4.19.161-mlnx.47.gadcd9e3 #1 Hardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS BlueField:3.9.2-15-ga2403ab Sep 8 2022 pstate: 40000005 (nZcv daif -PAN -UAO) pc : hw_stat_port_show+0x4c/0x80 [ib_core] lr : port_attr_show+0x40/0x58 [ib_core] sp : ffff000029f43b50 x29: ffff000029f43b50 x28: 0000000019375000 x27: ffff8007b821a540 x26: ffff000029f43e30 x25: 0000000000008000 x24: ffff000000eaa958 x23: 0000000000001000 x22: ffff8007a4ce3000 x21: ffff8007baff8000 x20: ffff8007b9066ac0 x19: ffff8007bae97578 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : ffff8007a4ce4000 x7 : 0000000000000000 x6 : 000000000000003f x5 : ffff000000e6a280 x4 : ffff8007a4ce3000 x3 : 0000000000000000 x2 : aaaaaaaaaaaaaaab x1 : ffff8007b9066a10 x0 : ffff8007baff8000 Call trace: hw_stat_port_show+0x4c/0x80 [ib_core] port_attr_show+0x40/0x58 [ib_core] sysfs_kf_seq_show+0x8c/0x150 kernfs_seq_show+0x44/0x50 seq_read+0x1b4/0x45c kernfs_fop_read+0x148/0x1d8 __vfs_read+0x58/0x180 vfs_read+0x94/0x154 ksys_read+0x68/0xd8 __arm64_sys_read+0x28/0x34 el0_svc_common+0x88/0x18c el0_svc_handler+0x78/0x94 el0_svc+0x8/0xe8 Code: f2955562 aa1603e4 aa1503e0 f9405683 (f9402861)
{
"affected": [],
"aliases": [
"CVE-2022-50475"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-04T16:15:44Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Make sure \"ib_port\" is valid when access sysfs node\n\nThe \"ib_port\" structure must be set before adding the sysfs kobject,\nand reset after removing it, otherwise it may crash when accessing\nthe sysfs node:\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n Mem abort info:\n ESR = 0x96000006\n Exception class = DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n Data abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000e85f5ba5\n [0000000000000050] pgd=0000000848fd9003, pud=000000085b387003, pmd=0000000000000000\n Internal error: Oops: 96000006 [#2] PREEMPT SMP\n Modules linked in: ib_umad(O) mlx5_ib(O) nfnetlink_cttimeout(E) nfnetlink(E) act_gact(E) cls_flower(E) sch_ingress(E) openvswitch(E) nsh(E) nf_nat_ipv6(E) nf_nat_ipv4(E) nf_conncount(E) nf_nat(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) mst_pciconf(O) ipmi_devintf(E) ipmi_msghandler(E) ipmb_dev_int(OE) mlx5_core(O) mlxfw(O) mlxdevm(O) auxiliary(O) ib_uverbs(O) ib_core(O) mlx_compat(O) psample(E) sbsa_gwdt(E) uio_pdrv_genirq(E) uio(E) mlxbf_pmc(OE) mlxbf_gige(OE) mlxbf_tmfifo(OE) gpio_mlxbf2(OE) pwr_mlxbf(OE) mlx_trio(OE) i2c_mlxbf(OE) mlx_bootctl(OE) bluefield_edac(OE) knem(O) ip_tables(E) ipv6(E) crc_ccitt(E) [last unloaded: mst_pci]\n Process grep (pid: 3372, stack limit = 0x0000000022055c92)\n CPU: 5 PID: 3372 Comm: grep Tainted: G D OE 4.19.161-mlnx.47.gadcd9e3 #1\n Hardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS BlueField:3.9.2-15-ga2403ab Sep 8 2022\n pstate: 40000005 (nZcv daif -PAN -UAO)\n pc : hw_stat_port_show+0x4c/0x80 [ib_core]\n lr : port_attr_show+0x40/0x58 [ib_core]\n sp : ffff000029f43b50\n x29: ffff000029f43b50 x28: 0000000019375000\n x27: ffff8007b821a540 x26: ffff000029f43e30\n x25: 0000000000008000 x24: ffff000000eaa958\n x23: 0000000000001000 x22: ffff8007a4ce3000\n x21: ffff8007baff8000 x20: ffff8007b9066ac0\n x19: ffff8007bae97578 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000\n x15: 0000000000000000 x14: 0000000000000000\n x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000\n x9 : 0000000000000000 x8 : ffff8007a4ce4000\n x7 : 0000000000000000 x6 : 000000000000003f\n x5 : ffff000000e6a280 x4 : ffff8007a4ce3000\n x3 : 0000000000000000 x2 : aaaaaaaaaaaaaaab\n x1 : ffff8007b9066a10 x0 : ffff8007baff8000\n Call trace:\n hw_stat_port_show+0x4c/0x80 [ib_core]\n port_attr_show+0x40/0x58 [ib_core]\n sysfs_kf_seq_show+0x8c/0x150\n kernfs_seq_show+0x44/0x50\n seq_read+0x1b4/0x45c\n kernfs_fop_read+0x148/0x1d8\n __vfs_read+0x58/0x180\n vfs_read+0x94/0x154\n ksys_read+0x68/0xd8\n __arm64_sys_read+0x28/0x34\n el0_svc_common+0x88/0x18c\n el0_svc_handler+0x78/0x94\n el0_svc+0x8/0xe8\n Code: f2955562 aa1603e4 aa1503e0 f9405683 (f9402861)",
"id": "GHSA-c58w-c6q2-hwjw",
"modified": "2026-01-23T18:31:23Z",
"published": "2025-10-04T18:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50475"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5e15ff29b156bbbdeadae230c8ecd5ecd8ca2477"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ac7a7d7079124f46180714b2d41a1703d37101bb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cd06d32a71fbb198b2d43dddf794badd80ffd25d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f981c697b2f9bd5dd2f060e47ff8b5e0a2cd0c06"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C5F2-596R-9C4Q
Vulnerability from github – Published: 2025-04-03 09:32 – Updated: 2025-04-10 18:32In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: ti: am65-cpsw: Fix NAPI registration sequence
Registering the interrupts for TX or RX DMA Channels prior to registering their respective NAPI callbacks can result in a NULL pointer dereference. This is seen in practice as a random occurrence since it depends on the randomness associated with the generation of traffic by Linux and the reception of traffic from the wire.
{
"affected": [],
"aliases": [
"CVE-2025-22006"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-03T08:15:16Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: Fix NAPI registration sequence\n\nRegistering the interrupts for TX or RX DMA Channels prior to registering\ntheir respective NAPI callbacks can result in a NULL pointer dereference.\nThis is seen in practice as a random occurrence since it depends on the\nrandomness associated with the generation of traffic by Linux and the\nreception of traffic from the wire.",
"id": "GHSA-c5f2-596r-9c4q",
"modified": "2025-04-10T18:32:02Z",
"published": "2025-04-03T09:32:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22006"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5f079290e5913a0060e059500b7d440990ac1066"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/942557abed7f38b77a47d77b92d448802eefe185"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d4bf956547c38c04fad8d72a961ac4dc00bad000"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C5GF-3566-PJG5
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2023-01-18 00:30An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0.
{
"affected": [],
"aliases": [
"CVE-2019-18680"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-04T15:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0.",
"id": "GHSA-c5gf-3566-pjg5",
"modified": "2023-01-18T00:30:24Z",
"published": "2022-05-24T17:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18680"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/91573ae4aed0a49660abdad4d42f2a0db995ee5e"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.195"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=91573ae4aed0a49660abdad4d42f2a0db995ee5e"
},
{
"type": "WEB",
"url": "https://lkml.org/lkml/2019/9/18/337"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C5H2-X786-2CV9
Vulnerability from github – Published: 2025-07-10 09:32 – Updated: 2025-12-18 18:30In the Linux kernel, the following vulnerability has been resolved:
phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
The qmp_usb_iomap() helper function currently returns the raw result of devm_ioremap() for non-exclusive mappings. Since devm_ioremap() may return a NULL pointer and the caller only checks error pointers with IS_ERR(), NULL could bypass the check and lead to an invalid dereference.
Fix the issue by checking if devm_ioremap() returns NULL. When it does, qmp_usb_iomap() now returns an error pointer via IOMEM_ERR_PTR(-ENOMEM), ensuring safe and consistent error handling.
{
"affected": [],
"aliases": [
"CVE-2025-38275"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-10T08:15:25Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug\n\nThe qmp_usb_iomap() helper function currently returns the raw result of\ndevm_ioremap() for non-exclusive mappings. Since devm_ioremap() may return\na NULL pointer and the caller only checks error pointers with IS_ERR(),\nNULL could bypass the check and lead to an invalid dereference.\n\nFix the issue by checking if devm_ioremap() returns NULL. When it does,\nqmp_usb_iomap() now returns an error pointer via IOMEM_ERR_PTR(-ENOMEM),\nensuring safe and consistent error handling.",
"id": "GHSA-c5h2-x786-2cv9",
"modified": "2025-12-18T18:30:28Z",
"published": "2025-07-10T09:32:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38275"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b979a409e40457ca1b5cb48755d1f34eee58805"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0c33117f00c8c5363c22676931b22ae5041f7603"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/127dfb4f1c5a2b622039c5d203f321380ea36665"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5072c1749197fc28b27d7efc0d80320d7cac9572"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d14402a38c2d868cacb1facaf9be908ca6558e59"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C5HF-MM9G-JC66
Vulnerability from github – Published: 2025-01-17 00:30 – Updated: 2025-02-05 18:34A null pointer dereference vulnerability in Macrium Reflect prior to 8.1.8017 allows an attacker to elevate their privileges via executing a specially crafted executable.
{
"affected": [],
"aliases": [
"CVE-2024-55511"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-16T22:15:40Z",
"severity": "HIGH"
},
"details": "A null pointer dereference vulnerability in Macrium Reflect prior to 8.1.8017 allows an attacker to elevate their privileges via executing a specially crafted executable.",
"id": "GHSA-c5hf-mm9g-jc66",
"modified": "2025-02-05T18:34:39Z",
"published": "2025-01-17T00:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55511"
},
{
"type": "WEB",
"url": "https://github.com/nikosecurity/CVE-2024-55511"
},
{
"type": "WEB",
"url": "https://updates.macrium.com/reflect/v8/v8.1.8017/details8.1.8017.htm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.