Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6298 vulnerabilities reference this CWE, most recent first.

GHSA-F4VG-M386-RCVQ

Vulnerability from github – Published: 2025-01-08 18:30 – Updated: 2025-01-09 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()

acpi_dev_hid_match() does not check for adev == NULL, dereferencing it unconditional.

Add a check for adev being NULL before calling acpi_dev_hid_match().

At the moment acpi_quirk_skip_serdev_enumeration() is never called with a controller_parent without an ACPI companion, but better safe than sorry.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56782"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-08T18:15:19Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()\n\nacpi_dev_hid_match() does not check for adev == NULL, dereferencing\nit unconditional.\n\nAdd a check for adev being NULL before calling acpi_dev_hid_match().\n\nAt the moment acpi_quirk_skip_serdev_enumeration() is never called with\na controller_parent without an ACPI companion, but better safe than sorry.",
  "id": "GHSA-f4vg-m386-rcvq",
  "modified": "2025-01-09T21:31:29Z",
  "published": "2025-01-08T18:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56782"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4a49194f587a62d972b602e3e1a2c3cfe6567966"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e173bce05f7032a8b4964cfef82a4b7668f5f3af"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F4WW-3W5F-FC48

Vulnerability from github – Published: 2022-05-14 01:18 – Updated: 2022-05-14 01:18
VLAI
Details

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-1865"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-07-22T02:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.",
  "id": "GHSA-f4ww-3w5f-fc48",
  "modified": "2022-05-14T01:18:44Z",
  "published": "2022-05-14T01:18:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1865"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206902"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206903"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206904"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206905"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/91828"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036344"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F4X6-G3J5-68GM

Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-15 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ublk: fix NULL pointer dereference in ublk_ctrl_set_size()

ublk_ctrl_set_size() unconditionally dereferences ub->ub_disk via set_capacity_and_notify() without checking if it is NULL.

ub->ub_disk is NULL before UBLK_CMD_START_DEV completes (it is only assigned in ublk_ctrl_start_dev()) and after UBLK_CMD_STOP_DEV runs (ublk_detach_disk() sets it to NULL). Since the UBLK_CMD_UPDATE_SIZE handler performs no state validation, a user can trigger a NULL pointer dereference by sending UPDATE_SIZE to a device that has been added but not yet started, or one that has been stopped.

Fix this by checking ub->ub_disk under ub->mutex before dereferencing it, and returning -ENODEV if the disk is not available.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43364"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-08T15:16:47Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: fix NULL pointer dereference in ublk_ctrl_set_size()\n\nublk_ctrl_set_size() unconditionally dereferences ub-\u003eub_disk via\nset_capacity_and_notify() without checking if it is NULL.\n\nub-\u003eub_disk is NULL before UBLK_CMD_START_DEV completes (it is only\nassigned in ublk_ctrl_start_dev()) and after UBLK_CMD_STOP_DEV runs\n(ublk_detach_disk() sets it to NULL). Since the UBLK_CMD_UPDATE_SIZE\nhandler performs no state validation, a user can trigger a NULL pointer\ndereference by sending UPDATE_SIZE to a device that has been added but\nnot yet started, or one that has been stopped.\n\nFix this by checking ub-\u003eub_disk under ub-\u003emutex before dereferencing\nit, and returning -ENODEV if the disk is not available.",
  "id": "GHSA-f4x6-g3j5-68gm",
  "modified": "2026-05-15T18:30:30Z",
  "published": "2026-05-08T15:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43364"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/25966fc097691e5c925ad080f64a2f19c5fd940a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c28d945bfa92e15147e93b73f95345b9bec979b0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f13fe6794726755a43090cb680c4c58cea6aa5f1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F53V-X4RW-42RF

Vulnerability from github – Published: 2024-07-29 18:30 – Updated: 2024-07-30 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: amd: acp: add a null check for chip_pdev structure

When acp platform device creation is skipped, chip->chip_pdev value will remain NULL. Add NULL check for chip->chip_pdev structure in snd_acp_resume() function to avoid null pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42074"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-29T16:15:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: acp: add a null check for chip_pdev structure\n\nWhen acp platform device creation is skipped, chip-\u003echip_pdev value will\nremain NULL. Add NULL check for chip-\u003echip_pdev structure in\nsnd_acp_resume() function to avoid null pointer dereference.",
  "id": "GHSA-f53v-x4rw-42rf",
  "modified": "2024-07-30T21:31:26Z",
  "published": "2024-07-29T18:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42074"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/98d919dfee1cc402ca29d45da642852d7c9a2301"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b0c39ae1cc86afe74aa2f6273ccb514f8d180cf6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e158ed266fc1adfa456880fb6dabce2e5623843b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F54M-Q836-9RR6

Vulnerability from github – Published: 2024-02-26 18:30 – Updated: 2024-06-27 12:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP

If the external phy working together with phy-omap-usb2 does not implement send_srp(), we may still attempt to call it. This can happen on an idle Ethernet gadget triggering a wakeup for example:

configfs-gadget.g1 gadget.0: ECM Suspend configfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup ... Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute ... PC is at 0x0 LR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc] ... musb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core] usb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether] eth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c dev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4 sch_direct_xmit from __dev_queue_xmit+0x334/0xd88 __dev_queue_xmit from arp_solicit+0xf0/0x268 arp_solicit from neigh_probe+0x54/0x7c neigh_probe from __neigh_event_send+0x22c/0x47c __neigh_event_send from neigh_resolve_output+0x14c/0x1c0 neigh_resolve_output from ip_finish_output2+0x1c8/0x628 ip_finish_output2 from ip_send_skb+0x40/0xd8 ip_send_skb from udp_send_skb+0x124/0x340 udp_send_skb from udp_sendmsg+0x780/0x984 udp_sendmsg from __sys_sendto+0xd8/0x158 __sys_sendto from ret_fast_syscall+0x0/0x58

Let's fix the issue by checking for send_srp() and set_vbus() before calling them. For USB peripheral only cases these both could be NULL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26600"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-26T16:27:59Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP\n\nIf the external phy working together with phy-omap-usb2 does not implement\nsend_srp(), we may still attempt to call it. This can happen on an idle\nEthernet gadget triggering a wakeup for example:\n\nconfigfs-gadget.g1 gadget.0: ECM Suspend\nconfigfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup\n...\nUnable to handle kernel NULL pointer dereference at virtual address\n00000000 when execute\n...\nPC is at 0x0\nLR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc]\n...\nmusb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core]\nusb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether]\neth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c\ndev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4\nsch_direct_xmit from __dev_queue_xmit+0x334/0xd88\n__dev_queue_xmit from arp_solicit+0xf0/0x268\narp_solicit from neigh_probe+0x54/0x7c\nneigh_probe from __neigh_event_send+0x22c/0x47c\n__neigh_event_send from neigh_resolve_output+0x14c/0x1c0\nneigh_resolve_output from ip_finish_output2+0x1c8/0x628\nip_finish_output2 from ip_send_skb+0x40/0xd8\nip_send_skb from udp_send_skb+0x124/0x340\nudp_send_skb from udp_sendmsg+0x780/0x984\nudp_sendmsg from __sys_sendto+0xd8/0x158\n__sys_sendto from ret_fast_syscall+0x0/0x58\n\nLet\u0027s fix the issue by checking for send_srp() and set_vbus() before\ncalling them. For USB peripheral only cases these both could be NULL.",
  "id": "GHSA-f54m-q836-9rr6",
  "modified": "2024-06-27T12:30:43Z",
  "published": "2024-02-26T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26600"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0430bfcd46657d9116a26cd377f112cbc40826a4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/14ef61594a5a286ae0d493b8acbf9eac46fd04c4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/396e17af6761b3cc9e6e4ca94b4de7f642bfece1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/486218c11e8d1c8f515a3bdd70d62203609d4b6b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7104ba0f1958adb250319e68a15eff89ec4fd36d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8398d8d735ee93a04fb9e9f490e8cacd737e3bf5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8cc889b9dea0579726be9520fcc766077890b462"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/be3b82e4871ba00e9b5d0ede92d396d579d7b3b3"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F54X-35H3-W53W

Vulnerability from github – Published: 2026-01-27 09:30 – Updated: 2026-01-27 09:30
VLAI
Details

NULL Pointer Dereference vulnerability in visualfc liteide (liteidex/src/3rdparty/libvterm/src modules). This vulnerability is associated with program files screen.C, state.C, vterm.C.

This issue affects liteide: before x38.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-24805"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-27T09:15:50Z",
    "severity": "MODERATE"
  },
  "details": "NULL Pointer Dereference vulnerability in visualfc liteide (liteidex/src/3rdparty/libvterm/src modules). This vulnerability is associated with program files screen.C, state.C, vterm.C.\n\nThis issue affects liteide: before x38.4.",
  "id": "GHSA-f54x-35h3-w53w",
  "modified": "2026-01-27T09:30:30Z",
  "published": "2026-01-27T09:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24805"
    },
    {
      "type": "WEB",
      "url": "https://github.com/visualfc/liteide/pull/1326"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-F575-F7MF-JMPQ

Vulnerability from github – Published: 2024-11-07 12:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()

build_skb() returns NULL in case of a memory allocation failure so handle it inside __octep_oq_process_rx() to avoid NULL pointer dereference.

__octep_oq_process_rx() is called during NAPI polling by the driver. If skb allocation fails, keep on pulling packets out of the Rx DMA queue: we shouldn't break the polling immediately and thus falsely indicate to the octep_napi_poll() that the Rx pressure is going down. As there is no associated skb in this case, don't process the packets and don't push them up the network stack - they are skipped.

Helper function is implemented to unmmap/flush all the fragment buffers used by the dropped packet. 'alloc_failures' counter is incremented to mark the skb allocation error in driver statistics.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50145"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-07T10:15:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()\n\nbuild_skb() returns NULL in case of a memory allocation failure so handle\nit inside __octep_oq_process_rx() to avoid NULL pointer dereference.\n\n__octep_oq_process_rx() is called during NAPI polling by the driver. If\nskb allocation fails, keep on pulling packets out of the Rx DMA queue: we\nshouldn\u0027t break the polling immediately and thus falsely indicate to the\noctep_napi_poll() that the Rx pressure is going down. As there is no\nassociated skb in this case, don\u0027t process the packets and don\u0027t push them\nup the network stack - they are skipped.\n\nHelper function is implemented to unmmap/flush all the fragment buffers\nused by the dropped packet. \u0027alloc_failures\u0027 counter is incremented to\nmark the skb allocation error in driver statistics.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
  "id": "GHSA-f575-f7mf-jmpq",
  "modified": "2025-11-04T00:31:56Z",
  "published": "2024-11-07T12:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50145"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/09ce491112bbf0b866e2638d3e961c1c73d1f00b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2dedcb6f99f4c1a11944e7cc35dbeb9b18a5cbac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c2d2dc4f88bb3cfc4f3cc320fd3ff51b0ae5b0ea"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb592008f79be52ccef88cd9a5249b3fc0367278"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F57H-H252-H773

Vulnerability from github – Published: 2026-01-08 15:31 – Updated: 2026-01-08 15:31
VLAI
Details

A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.

Please note: authentication is not required in order to exploit this vulnerability..

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-69259"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-08T13:15:43Z",
    "severity": "HIGH"
  },
  "details": "A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.\n\nPlease note: authentication is not required in order to exploit this vulnerability..",
  "id": "GHSA-f57h-h252-h773",
  "modified": "2026-01-08T15:31:25Z",
  "published": "2026-01-08T15:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69259"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0022071"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/ja-JP/solution/KA-0022081"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2026-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F57X-JW9V-3CXX

Vulnerability from github – Published: 2024-05-01 15:30 – Updated: 2024-12-23 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: brcm80211: handle pmk_op allocation failure

The kzalloc() in brcmf_pmksa_v3_op() will return null if the physical memory has run out. As a result, if we dereference the null value, the null pointer dereference bug will happen.

Return -ENOMEM from brcmf_pmksa_v3_op() if kzalloc() fails for pmk_op.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27048"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-01T13:15:49Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcm80211: handle pmk_op allocation failure\n\nThe kzalloc() in brcmf_pmksa_v3_op() will return null if the\nphysical memory has run out. As a result, if we dereference\nthe null value, the null pointer dereference bug will happen.\n\nReturn -ENOMEM from brcmf_pmksa_v3_op() if kzalloc() fails\nfor pmk_op.",
  "id": "GHSA-f57x-jw9v-3cxx",
  "modified": "2024-12-23T21:30:50Z",
  "published": "2024-05-01T15:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27048"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6138a82f3bccfc67ed7ac059493579fc326c02e5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9975908315c13bae2f2ed5ba92870fa935180b0e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b4152222e04cb8afeeca239c90e3fcaf4c553b42"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/df62e22c2e27420e8990a4f09e30d7bf56c2036f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F58V-43C6-F6HF

Vulnerability from github – Published: 2024-08-17 09:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: validate nvme_local_port correctly

The driver load failed with error message,

qla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef

and with a kernel crash,

BUG: unable to handle kernel NULL pointer dereference at 0000000000000070
Workqueue: events_unbound qla_register_fcport_fn [qla2xxx]
RIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]
RSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000
RDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000
RBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030
R10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4
R13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8
FS:  0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0
Call Trace:
qla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]
? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]
qla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]
qla_register_fcport_fn+0x54/0xc0 [qla2xxx]

Exit the qla_nvme_register_remote() function when qla_nvme_register_hba() fails and correctly validate nvme_local_port.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42286"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-17T09:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: validate nvme_local_port correctly\n\nThe driver load failed with error message,\n\nqla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef\n\nand with a kernel crash,\n\n\tBUG: unable to handle kernel NULL pointer dereference at 0000000000000070\n\tWorkqueue: events_unbound qla_register_fcport_fn [qla2xxx]\n\tRIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]\n\tRSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282\n\tRAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000\n\tRDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000\n\tRBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030\n\tR10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4\n\tR13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8\n\tFS:  0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000\n\tCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\tCR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0\n\tCall Trace:\n\tqla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]\n\t? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]\n\tqla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]\n\tqla_register_fcport_fn+0x54/0xc0 [qla2xxx]\n\nExit the qla_nvme_register_remote() function when qla_nvme_register_hba()\nfails and correctly validate nvme_local_port.",
  "id": "GHSA-f58v-43c6-f6hf",
  "modified": "2025-11-04T00:31:12Z",
  "published": "2024-08-17T09:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42286"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3eac973eb5cb2b874b3918f924798afc5affd46b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/549aac9655320c9b245a24271b204668c5d40430"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7cec2c3bfe84539c415f5e16f989228eba1d2f1e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a3ab508a4853a9f5ae25a7816a4889f09938f63c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cde43031df533751b4ead37d173922feee2f550f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e1f010844443c389bc552884ac5cfa47de34d54c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb1d4ce2609584eeb7694866f34d4b213caa3af9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f6be298cc1042f24d521197af29c7c4eb95af4d5"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.