Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6298 vulnerabilities reference this CWE, most recent first.

GHSA-FF4J-XJHX-JPXP

Vulnerability from github – Published: 2025-09-23 21:30 – Updated: 2025-09-23 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: soc-compress: prevent the potentially use of null pointer

There is one call trace that snd_soc_register_card() ->snd_soc_bind_card()->soc_init_pcm_runtime() ->snd_soc_dai_compress_new()->snd_soc_new_compress(). In the trace the 'codec_dai' transfers from card->dai_link, and we can see from the snd_soc_add_pcm_runtime() in snd_soc_bind_card() that, if value of card->dai_link->num_codecs is 0, then 'codec_dai' could be null pointer caused by index out of bound in 'asoc_rtd_to_codec(rtd, 0)'. And snd_soc_register_card() is called by various platforms. Therefore, it is better to add the check in the case of misusing. And because 'cpu_dai' has already checked in soc_init_pcm_runtime(), there is no need to check again. Adding the check as follow, then if 'codec_dai' is null, snd_soc_new_compress() will not pass through the check 'if (playback + capture != 1)', avoiding the leftover use of 'codec_dai'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47650"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T06:37:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: soc-compress: prevent the potentially use of null pointer\n\nThere is one call trace that snd_soc_register_card()\n-\u003esnd_soc_bind_card()-\u003esoc_init_pcm_runtime()\n-\u003esnd_soc_dai_compress_new()-\u003esnd_soc_new_compress().\nIn the trace the \u0027codec_dai\u0027 transfers from card-\u003edai_link,\nand we can see from the snd_soc_add_pcm_runtime() in\nsnd_soc_bind_card() that, if value of card-\u003edai_link-\u003enum_codecs\nis 0, then \u0027codec_dai\u0027 could be null pointer caused\nby index out of bound in \u0027asoc_rtd_to_codec(rtd, 0)\u0027.\nAnd snd_soc_register_card() is called by various platforms.\nTherefore, it is better to add the check in the case of misusing.\nAnd because \u0027cpu_dai\u0027 has already checked in soc_init_pcm_runtime(),\nthere is no need to check again.\nAdding the check as follow, then if \u0027codec_dai\u0027 is null,\nsnd_soc_new_compress() will not pass through the check\n\u0027if (playback + capture != 1)\u0027, avoiding the leftover use of\n\u0027codec_dai\u0027.",
  "id": "GHSA-ff4j-xjhx-jpxp",
  "modified": "2025-09-23T21:30:54Z",
  "published": "2025-09-23T21:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47650"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/08af6da684b44097ea09f1d74d5858b837ed203b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4639c1d97f385f4784f44d66a3da0672f4951ada"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/68a69ad8df959e5211ed4a8e120783b2d352ea74"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/de2c6f98817fa5decb9b7d3b3a8a3ab864c10588"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f69a75cb8a98c6c487d620442c68595726a69f60"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fc237b8d624f4bcb0f21a532627ce4e3b3a85569"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FF5F-2MH8-CFFP

Vulnerability from github – Published: 2026-01-14 15:33 – Updated: 2026-03-25 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ACPICA: Avoid walking the Namespace if start_node is NULL

Although commit 0c9992315e73 ("ACPICA: Avoid walking the ACPI Namespace if it is not there") fixed the situation when both start_node and acpi_gbl_root_node are NULL, the Linux kernel mainline now still crashed on Honor Magicbook 14 Pro [1].

That happens due to the access to the member of parent_node in acpi_ns_get_next_node(). The NULL pointer dereference will always happen, no matter whether or not the start_node is equal to ACPI_ROOT_OBJECT, so move the check of start_node being NULL out of the if block.

Unfortunately, all the attempts to contact Honor have failed, they refused to provide any technical support for Linux.

The bad DSDT table's dump could be found on GitHub [2].

DMI: HONOR FMB-P/FMB-P-PCB, BIOS 1.13 05/08/2025

[ rjw: Subject adjustment, changelog edits ]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-71118"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-14T15:16:01Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Avoid walking the Namespace if start_node is NULL\n\nAlthough commit 0c9992315e73 (\"ACPICA: Avoid walking the ACPI Namespace\nif it is not there\") fixed the situation when both start_node and\nacpi_gbl_root_node are NULL, the Linux kernel mainline now still crashed\non Honor Magicbook 14 Pro [1].\n\nThat happens due to the access to the member of parent_node in\nacpi_ns_get_next_node().  The NULL pointer dereference will always\nhappen, no matter whether or not the start_node is equal to\nACPI_ROOT_OBJECT, so move the check of start_node being NULL\nout of the if block.\n\nUnfortunately, all the attempts to contact Honor have failed, they\nrefused to provide any technical support for Linux.\n\nThe bad DSDT table\u0027s dump could be found on GitHub [2].\n\nDMI: HONOR FMB-P/FMB-P-PCB, BIOS 1.13 05/08/2025\n\n[ rjw: Subject adjustment, changelog edits ]",
  "id": "GHSA-ff5f-2mh8-cffp",
  "modified": "2026-03-25T21:30:22Z",
  "published": "2026-01-14T15:33:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71118"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d8bb08126920fd4b12dbf32d9250757c9064b36"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1bc34293dfbd266c29875206849b4f8e8177e6df"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7f9b951ed11842373851dd3c91860778356d62d3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9d6c58dae8f6590c746ac5d0012ffe14a77539f0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b84edef48cc8afb41150949a87dcfa81bc95b53e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ecb296286c8787895625bd4c53e9478db4ae139c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f91dad0a3b381244183ffbea4cec5a7a69d6f41e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FF6P-VV4F-9933

Vulnerability from github – Published: 2025-09-22 21:30 – Updated: 2025-09-22 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

iwlwifi: mei: fix potential NULL-ptr deref

If SKB allocation fails, continue rather than using the NULL pointer.

Coverity CID: 1497650

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49417"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:18Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niwlwifi: mei: fix potential NULL-ptr deref\n\nIf SKB allocation fails, continue rather than using the NULL\npointer.\n\nCoverity CID: 1497650",
  "id": "GHSA-ff6p-vv4f-9933",
  "modified": "2025-09-22T21:30:17Z",
  "published": "2025-09-22T21:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49417"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/29b81de94d62b5e2704bb5106b3e701ca8d7c7a4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5d8d06fd3a02919100b28f927bcb76481ec0a0e3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/78488a64aea94a3336ee97f345c1496e9bc5ebdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FFFG-X79M-65GR

Vulnerability from github – Published: 2023-04-11 12:30 – Updated: 2023-04-14 18:30
VLAI
Details

In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-47467"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-11T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.",
  "id": "GHSA-fffg-x79m-65gr",
  "modified": "2023-04-14T18:30:19Z",
  "published": "2023-04-11T12:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47467"
    },
    {
      "type": "WEB",
      "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1645429273135218690"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FFG3-HH5Q-JQ5V

Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27
VLAI
Details

In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-18227"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-12T06:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.",
  "id": "GHSA-ffg3-hh5q-jq5v",
  "modified": "2022-05-13T01:27:50Z",
  "published": "2022-05-13T01:27:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18227"
    },
    {
      "type": "WEB",
      "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15119"
    },
    {
      "type": "WEB",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d443be449a52f95df5754adc39e1f3472fec2f03"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4359"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2018-47.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105583"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041909"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FFG8-FGFP-Q9P2

Vulnerability from github – Published: 2022-05-14 03:23 – Updated: 2022-05-14 03:23
VLAI
Details

The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted SWF file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9165"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-01T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted SWF file.",
  "id": "GHSA-ffg8-fgfp-q9p2",
  "modified": "2022-05-14T03:23:44Z",
  "published": "2022-05-14T03:23:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9165"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libming/libming/issues/121"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FFM3-MGFP-9VC6

Vulnerability from github – Published: 2022-05-17 02:55 – Updated: 2025-04-20 03:34
VLAI
Details

The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-6845"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-15T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.",
  "id": "GHSA-ffm3-mgfp-9vc6",
  "modified": "2025-04-20T03:34:08Z",
  "published": "2022-05-17T02:55:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6845"
    },
    {
      "type": "WEB",
      "url": "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcoloroperator-pdfcolor-cpp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FFPM-GQ7J-8X7R

Vulnerability from github – Published: 2024-06-19 15:30 – Updated: 2026-05-12 12:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries

The allocation failure of mycs->yuv_scaler_binary in load_video_binaries() is followed with a dereference of mycs->yuv_scaler_binary after the following call chain:

sh_css_pipe_load_binaries() |-> load_video_binaries(mycs->yuv_scaler_binary == NULL) | |-> sh_css_pipe_unload_binaries() |-> unload_video_binaries()

In unload_video_binaries(), it calls to ia_css_binary_unload with argument &pipe->pipe_settings.video.yuv_scaler_binary[i], which refers to the same memory slot as mycs->yuv_scaler_binary. Thus, a null-pointer dereference is triggered.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-38547"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-19T14:15:14Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries\n\nThe allocation failure of mycs-\u003eyuv_scaler_binary in load_video_binaries()\nis followed with a dereference of mycs-\u003eyuv_scaler_binary after the\nfollowing call chain:\n\nsh_css_pipe_load_binaries()\n  |-\u003e load_video_binaries(mycs-\u003eyuv_scaler_binary == NULL)\n  |\n  |-\u003e sh_css_pipe_unload_binaries()\n        |-\u003e unload_video_binaries()\n\nIn unload_video_binaries(), it calls to ia_css_binary_unload with argument\n\u0026pipe-\u003epipe_settings.video.yuv_scaler_binary[i], which refers to the\nsame memory slot as mycs-\u003eyuv_scaler_binary. Thus, a null-pointer\ndereference is triggered.",
  "id": "GHSA-ffpm-gq7j-8x7r",
  "modified": "2026-05-12T12:31:54Z",
  "published": "2024-06-19T15:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38547"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3b621e9e9e148c0928ab109ac3d4b81487469acb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4b68b861b514a5c09220d622ac3784c0ebac6c80"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/51b8dc5163d2ff2bf04019f8bf7e3bd0e75bb654"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6482c433863b257b0b9b687c28ce80b89d5f89f0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/69b27ff82f87379afeaaea4b2f339032fdd8486e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/82c2c85aead3ea3cbceef4be077cf459c5df2272"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a1ab99dcc8604afe7e3bccb01b10da03bdd7ea35"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cc20c87b04db86c8e3e810bcdca686b406206069"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FFRQ-JJ39-9CW2

Vulnerability from github – Published: 2024-04-30 00:30 – Updated: 2024-11-20 18:32
VLAI
Details

simple-dhcp-server through ec976d2 allows remote attackers to cause a denial of service (daemon crash) by sending a DHCP packet without any option fields, which causes free_packet in dhcp_packet.c to dereference a NULL pointer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-50432"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-29T22:15:06Z",
    "severity": "MODERATE"
  },
  "details": "simple-dhcp-server through ec976d2 allows remote attackers to cause a denial of service (daemon crash) by sending a DHCP packet without any option fields, which causes free_packet in dhcp_packet.c to dereference a NULL pointer.",
  "id": "GHSA-ffrq-jj39-9cw2",
  "modified": "2024-11-20T18:32:14Z",
  "published": "2024-04-30T00:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50432"
    },
    {
      "type": "WEB",
      "url": "https://papers.mathyvanhoef.com/esorics2024.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FFRR-6F6G-MC3R

Vulnerability from github – Published: 2024-07-30 09:32 – Updated: 2024-09-16 14:37
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data

Verify that lvts_data is not NULL before using it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42144"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-30T08:15:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data\n\nVerify that lvts_data is not NULL before using it.",
  "id": "GHSA-ffrr-6f6g-mc3r",
  "modified": "2024-09-16T14:37:24Z",
  "published": "2024-07-30T09:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42144"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/79ef1a5593fdb8aa4dbccf6085c48f1739338bc9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a1191a77351e25ddf091bb1a231cae12ee598b5d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fd7ae1cabfedd727be5bee774c87acbc7b10b886"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.