CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6298 vulnerabilities reference this CWE, most recent first.
GHSA-F594-3JWF-G74J
Vulnerability from github – Published: 2024-02-23 15:30 – Updated: 2024-06-25 21:31In the Linux kernel, the following vulnerability has been resolved:
nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length
If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmet_tcp_build_pdu_iovec().
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 lr : nvmet_tcp_io_work+0x6ac/0x718 [nvmet_tcp] Call trace: process_one_work+0x174/0x3c8 worker_thread+0x2d0/0x3e8 kthread+0x104/0x110
Fix the bug by raising a fatal error if DATAL isn't coherent with the packet size. Also, the PDU length should never exceed the MAXH2CDATA parameter which has been communicated to the host in nvmet_tcp_handle_icreq().
{
"affected": [],
"aliases": [
"CVE-2023-52454"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-23T15:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length\n\nIf the host sends an H2CData command with an invalid DATAL,\nthe kernel may crash in nvmet_tcp_build_pdu_iovec().\n\nUnable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000000\nlr : nvmet_tcp_io_work+0x6ac/0x718 [nvmet_tcp]\nCall trace:\n process_one_work+0x174/0x3c8\n worker_thread+0x2d0/0x3e8\n kthread+0x104/0x110\n\nFix the bug by raising a fatal error if DATAL isn\u0027t coherent\nwith the packet size.\nAlso, the PDU length should never exceed the MAXH2CDATA parameter which\nhas been communicated to the host in nvmet_tcp_handle_icreq().",
"id": "GHSA-f594-3jwf-g74j",
"modified": "2024-06-25T21:31:11Z",
"published": "2024-02-23T15:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52454"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/24e05760186dc070d3db190ca61efdbce23afc88"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2871aa407007f6f531fae181ad252486e022df42"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4cb3cf7177ae3666be7fb27d4ad4d72a295fb02d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/70154e8d015c9b4fb56c1a2ef1fc8b83d45c7f68"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ee5e7632e981673f42a50ade25e71e612e543d9d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/efa56305908ba20de2104f1b8508c6a7401833be"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f775f2621c2ac5cc3a0b3a64665dad4fb146e510"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F5CM-4MMF-92C9
Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-06-28 09:31In the Linux kernel, the following vulnerability has been resolved:
iomap: avoid potential null folio->mapping deref during error reporting
When a buffered read fails, iomap_finish_folio_read() reports the error with fserror_report_io(folio->mapping->host, ...). This is called after ifs->read_bytes_pending has been decremented by the bytes attempted to be read.
For a folio split across multiple read completions, the folio is only guaranteed to stay locked while read_bytes_pending > 0. Once iomap_finish_folio_read() decrements read_bytes_pending, another in-flight read can complete and end the read on the folio, which unlocks it. This allows truncate logic to run and detach the folio (set folio->mapping to NULL). The error reporting path then can dereference a NULL folio->mapping. As reported by Sam Sun, this is the race that can occur:
CPU0: failed completion CPU1: final completion CPU2: truncate ----------------------- ---------------------- -------------- read_bytes_pending -= len finished = false / preempted before fserror_report_io() / read_bytes_pending -= len finished = true folio_end_read() truncate clears folio->mapping fserror_report_io( folio->mapping->host, ...) ^ NULL deref
Fix this by reporting the error first before decrementing ifs->read_bytes_pending.
{
"affected": [],
"aliases": [
"CVE-2026-53165"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T09:16:33Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid potential null folio-\u003emapping deref during error reporting\n\nWhen a buffered read fails, iomap_finish_folio_read() reports the error\nwith fserror_report_io(folio-\u003emapping-\u003ehost, ...). This is called after\nifs-\u003eread_bytes_pending has been decremented by the bytes attempted to\nbe read.\n\nFor a folio split across multiple read completions, the folio is only\nguaranteed to stay locked while read_bytes_pending \u003e 0. Once\niomap_finish_folio_read() decrements read_bytes_pending, another\nin-flight read can complete and end the read on the folio, which unlocks\nit. This allows truncate logic to run and detach the folio (set\nfolio-\u003emapping to NULL). The error reporting path then can dereference a\nNULL folio-\u003emapping. As reported by Sam Sun, this is the race that can\noccur:\n\nCPU0: failed completion CPU1: final completion CPU2: truncate\n----------------------- ---------------------- --------------\nread_bytes_pending -= len\nfinished = false\n/* preempted before\n fserror_report_io() */\n\t\t\t read_bytes_pending -= len\n\t\t\t finished = true\n\t\t\t folio_end_read()\n\t\t\t\t\t\t\ttruncate clears\n\t\t\t\t\t\t\tfolio-\u003emapping\nfserror_report_io(\n folio-\u003emapping-\u003ehost, ...)\n\t ^ NULL deref\n\nFix this by reporting the error first before decrementing\nifs-\u003eread_bytes_pending.",
"id": "GHSA-f5cm-4mmf-92c9",
"modified": "2026-06-28T09:31:42Z",
"published": "2026-06-25T09:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53165"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1ad453817a4077230d1ba88eb0868f05f824449a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2eea7f44b9c8b42fd7d3a1a87c06a7cd1b99c327"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F5G5-5VVC-5F44
Vulnerability from github – Published: 2025-07-03 09:30 – Updated: 2025-12-17 18:31In the Linux kernel, the following vulnerability has been resolved:
serial: Fix potential null-ptr-deref in mlb_usio_probe()
devm_ioremap() can return NULL on error. Currently, mlb_usio_probe() does not check for this case, which could result in a NULL pointer dereference.
Add NULL check after devm_ioremap() to prevent this issue.
{
"affected": [],
"aliases": [
"CVE-2025-38135"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-03T09:15:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: Fix potential null-ptr-deref in mlb_usio_probe()\n\ndevm_ioremap() can return NULL on error. Currently, mlb_usio_probe()\ndoes not check for this case, which could result in a NULL pointer\ndereference.\n\nAdd NULL check after devm_ioremap() to prevent this issue.",
"id": "GHSA-f5g5-5vvc-5f44",
"modified": "2025-12-17T18:31:32Z",
"published": "2025-07-03T09:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38135"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/19fd9f5a69363d33079097d866eb6082d61bf31d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/548b0e81b9a0902a8bc8259430ed965663baadfc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/81159a6b064142b993f2f39828b77e199c77872a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/86bcae88c9209e334b2f8c252f4cc66beb261886"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a05ebe384c7ca75476453f3070c67d9cf1d1a89f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a6c7c365734cd0fa1c5aa225a6294fdf80cad2ea"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c23d87b43f7dba5eb12820f6cf21a1cd4f63eb3d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e1b144aebe6fb898d96ced8c990d7aa38fda4a7a"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F5G7-HCR2-C463
Vulnerability from github – Published: 2022-05-17 03:21 – Updated: 2025-04-12 13:07The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
{
"affected": [],
"aliases": [
"CVE-2016-5689"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-13T15:59:00Z",
"severity": "CRITICAL"
},
"details": "The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.",
"id": "GHSA-f5g7-hcr2-c463",
"modified": "2025-04-12T13:07:14Z",
"published": "2022-05-17T03:21:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5689"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d"
},
{
"type": "WEB",
"url": "https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html"
},
{
"type": "WEB",
"url": "https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/14/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/17/3"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91283"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F5GH-MX7Q-W5HF
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2025-04-20 03:41The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
{
"affected": [],
"aliases": [
"CVE-2017-11333"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-31T13:29:00Z",
"severity": "MODERATE"
},
"details": "The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.",
"id": "GHSA-f5gh-mx7q-w5hf",
"modified": "2025-04-20T03:41:40Z",
"published": "2022-05-13T01:42:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11333"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00021.html"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/42399"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2017/Jul/82"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F5HV-4VV9-W36H
Vulnerability from github – Published: 2022-05-14 03:18 – Updated: 2022-05-14 03:18HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send an IOCTL to the device driver. If input and/or output buffer pointers are NULL or if these buffers' data are invalid, a NULL/invalid pointer access occurs, resulting in a Windows kernel panic aka Blue Screen. This affects IOCTLs higher than 0x85FE2600 with the HWiNFO32 symbolic device name.
{
"affected": [],
"aliases": [
"CVE-2018-8060"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-10T03:29:00Z",
"severity": "MODERATE"
},
"details": "HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send an IOCTL to the device driver. If input and/or output buffer pointers are NULL or if these buffers\u0027 data are invalid, a NULL/invalid pointer access occurs, resulting in a Windows kernel panic aka Blue Screen. This affects IOCTLs higher than 0x85FE2600 with the HWiNFO32 symbolic device name.",
"id": "GHSA-f5hv-4vv9-w36h",
"modified": "2022-05-14T03:18:59Z",
"published": "2022-05-14T03:18:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8060"
},
{
"type": "WEB",
"url": "https://github.com/otavioarj/SIOCtl"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F5M8-WGFV-369R
Vulnerability from github – Published: 2022-05-24 17:12 – Updated: 2022-05-24 17:12An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2020-6095"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-27T20:15:00Z",
"severity": "MODERATE"
},
"details": "An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.",
"id": "GHSA-f5m8-wgfv-369r",
"modified": "2022-05-24T17:12:56Z",
"published": "2022-05-24T17:12:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6095"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202009-05"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1018"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1018"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00029.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F5MR-VRH3-3RPP
Vulnerability from github – Published: 2025-03-14 00:30 – Updated: 2025-03-14 00:30In the Linux kernel, the following vulnerability has been resolved:
XArray: Fix xas_create_range() when multi-order entry present
If there is already an entry present that is of order >= XA_CHUNK_SHIFT when we call xas_create_range(), xas_create_range() will misinterpret that entry as a node and dereference xa_node->parent, generally leading to a crash that looks something like this:
general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 32 Comm: khugepaged Not tainted 5.17.0-rc8-syzkaller-00003-g56e337f2cf13 #0 RIP: 0010:xa_parent_locked include/linux/xarray.h:1207 [inline] RIP: 0010:xas_create_range+0x2d9/0x6e0 lib/xarray.c:725
It's deterministically reproducable once you know what the problem is, but producing it in a live kernel requires khugepaged to hit a race. While the problem has been present since xas_create_range() was introduced, I'm not aware of a way to hit it before the page cache was converted to use multi-index entries.
{
"affected": [],
"aliases": [
"CVE-2022-49152"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:52Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nXArray: Fix xas_create_range() when multi-order entry present\n\nIf there is already an entry present that is of order \u003e= XA_CHUNK_SHIFT\nwhen we call xas_create_range(), xas_create_range() will misinterpret\nthat entry as a node and dereference xa_node-\u003eparent, generally leading\nto a crash that looks something like this:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001:\n0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 32 Comm: khugepaged Not tainted 5.17.0-rc8-syzkaller-00003-g56e337f2cf13 #0\nRIP: 0010:xa_parent_locked include/linux/xarray.h:1207 [inline]\nRIP: 0010:xas_create_range+0x2d9/0x6e0 lib/xarray.c:725\n\nIt\u0027s deterministically reproducable once you know what the problem is,\nbut producing it in a live kernel requires khugepaged to hit a race.\nWhile the problem has been present since xas_create_range() was\nintroduced, I\u0027m not aware of a way to hit it before the page cache was\nconverted to use multi-index entries.",
"id": "GHSA-f5mr-vrh3-3rpp",
"modified": "2025-03-14T00:30:51Z",
"published": "2025-03-14T00:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49152"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/18f13edf3424b3b61814b69d5269b2e14584800c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1ac49c8fd49fdf53d3cd8b77eb8ffda08d7fbe22"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/29968329b926d238e3107ec071a250397555d264"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3e2852eda19ee1a400cd809d7a9322680f34a262"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3e3c658055c002900982513e289398a1aad4a488"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7521a97b1929042604bef6859f62fa8b4bbc077b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F5PR-PCC8-PGCP
Vulnerability from github – Published: 2025-10-07 18:31 – Updated: 2026-02-03 21:31In the Linux kernel, the following vulnerability has been resolved:
spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
If neither a "hif_mspi" nor "mspi" resource is present, the driver will just early exit in probe but still return success. Apart from not doing anything meaningful, this would then also lead to a null pointer access on removal, as platform_get_drvdata() would return NULL, which it would then try to dereference when trying to unregister the spi master.
Fix this by unconditionally calling devm_ioremap_resource(), as it can handle a NULL res and will then return a viable ERR_PTR() if we get one.
The "return 0;" was previously a "goto qspi_resource_err;" where then ret was returned, but since ret was still initialized to 0 at this place this was a valid conversion in 63c5395bb7a9 ("spi: bcm-qspi: Fix use-after-free on unbind"). The issue was not introduced by this commit, only made more obvious.
{
"affected": [],
"aliases": [
"CVE-2023-53658"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-07T16:15:49Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: bcm-qspi: return error if neither hif_mspi nor mspi is available\n\nIf neither a \"hif_mspi\" nor \"mspi\" resource is present, the driver will\njust early exit in probe but still return success. Apart from not doing\nanything meaningful, this would then also lead to a null pointer access\non removal, as platform_get_drvdata() would return NULL, which it would\nthen try to dereference when trying to unregister the spi master.\n\nFix this by unconditionally calling devm_ioremap_resource(), as it can\nhandle a NULL res and will then return a viable ERR_PTR() if we get one.\n\nThe \"return 0;\" was previously a \"goto qspi_resource_err;\" where then\nret was returned, but since ret was still initialized to 0 at this place\nthis was a valid conversion in 63c5395bb7a9 (\"spi: bcm-qspi: Fix\nuse-after-free on unbind\"). The issue was not introduced by this commit,\nonly made more obvious.",
"id": "GHSA-f5pr-pcc8-pgcp",
"modified": "2026-02-03T21:31:46Z",
"published": "2025-10-07T18:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53658"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/217b6ea8cf7b819477bca597a6ae2d43d38ba283"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/22ae32d80ef590d12a2364e4621f90f7c58445c7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/32b9c8f7892c19f7f5c9fed5fb410b9fd5990bb6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/398e6a015877d44327f754aeb48ff3354945c78c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7c1f23ad34fcdace50275a6aa1e1969b41c6233f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a91c34357afcfaa5307e254f22a8452550a07b34"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d20db3c58a7f9361e370a7850ceb60dbdf62eea3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d3dcdb43c872a3b967345144151a2c9bb9124c9b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F5Q9-9QMH-W24H
Vulnerability from github – Published: 2024-05-05 21:30 – Updated: 2025-11-03 21:31dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
{
"affected": [],
"aliases": [
"CVE-2024-34508"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-05T20:15:07Z",
"severity": "MODERATE"
},
"details": "dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.",
"id": "GHSA-f5q9-9qmh-w24h",
"modified": "2025-11-03T21:31:04Z",
"published": "2024-05-05T21:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34508"
},
{
"type": "WEB",
"url": "https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00032.html"
},
{
"type": "WEB",
"url": "https://support.dcmtk.org/redmine/issues/1114"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.