Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-FMMW-4RGX-F673

Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45
VLAI
Details

ACRN through 2.2 has a devicemodel/hw/pci/virtio/virtio.c NULL Pointer Dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-28346"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-26T04:15:00Z",
    "severity": "HIGH"
  },
  "details": "ACRN through 2.2 has a devicemodel/hw/pci/virtio/virtio.c NULL Pointer Dereference.",
  "id": "GHSA-fmmw-4rgx-f673",
  "modified": "2022-05-24T17:45:30Z",
  "published": "2022-05-24T17:45:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28346"
    },
    {
      "type": "WEB",
      "url": "https://github.com/projectacrn/acrn-hypervisor/pull/5453"
    },
    {
      "type": "WEB",
      "url": "https://github.com/projectacrn/acrn-hypervisor/pull/5453/commits/ae0ab82434509d6e75f4a2f1e1a0dd2ee3dc3681"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FMQM-F3M4-FG43

Vulnerability from github – Published: 2024-05-22 09:31 – Updated: 2024-10-31 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm: mxsfb: Fix NULL pointer dereference crash on unload

The mxsfb->crtc.funcs may already be NULL when unloading the driver, in which case calling mxsfb_irq_disable() via drm_irq_uninstall() from mxsfb_unload() leads to NULL pointer dereference.

Since all we care about is masking the IRQ and mxsfb->base is still valid, just use that to clear and mask the IRQ.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47471"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-22T07:15:11Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: mxsfb: Fix NULL pointer dereference crash on unload\n\nThe mxsfb-\u003ecrtc.funcs may already be NULL when unloading the driver,\nin which case calling mxsfb_irq_disable() via drm_irq_uninstall() from\nmxsfb_unload() leads to NULL pointer dereference.\n\nSince all we care about is masking the IRQ and mxsfb-\u003ebase is still\nvalid, just use that to clear and mask the IRQ.",
  "id": "GHSA-fmqm-f3m4-fg43",
  "modified": "2024-10-31T18:31:16Z",
  "published": "2024-05-22T09:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47471"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3cfc183052c3dbf8eae57b6c1685dab00ed3db4a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b0e6db0656ddfd8bb57303c2ef61ee1c1cc694a8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f40c2281d2c0674d32ba732fee45222d76495472"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FMQP-M7P4-C7XQ

Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 18:30
VLAI
Details

Denial of service in modem due to missing null check while processing TCP or UDP packets from server

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-25735"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-12T04:15:00Z",
    "severity": "HIGH"
  },
  "details": "Denial of service in modem due to missing null check while processing TCP or UDP packets from server",
  "id": "GHSA-fmqp-m7p4-c7xq",
  "modified": "2023-02-21T18:30:23Z",
  "published": "2023-02-12T06:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25735"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FMQW-FHQM-WP2P

Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2024-04-04 00:58
VLAI
Details

An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-12818"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-14T02:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c.",
  "id": "GHSA-fmqw-fhqm-wp2p",
  "modified": "2024-04-04T00:58:12Z",
  "published": "2022-05-24T16:48:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12818"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/58bdd544e2933a21a51eecf17c3f5f94038261b5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=58bdd544e2933a21a51eecf17c3f5f94038261b5"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190710-0002"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K91444306"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4094-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4118-1"
    },
    {
      "type": "WEB",
      "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.15"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108776"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FMW3-M5FG-W74X

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-01 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()

If a message of type CEPH_MSG_AUTH_REPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac->negotiating == true and ac->protocol > 0, this leads to setting ac->protocol = 0 and ac->ops = NULL. Thereafter, the check for ac->protocol != protocol returns false, and init_protocol() is not called. Subsequently, ac->ops->handle_reply() is called, which leads to a null pointer dereference, because ac->ops is still NULL.

This patch changes the check for ac->protocol != protocol to !ac->protocol, as this also includes the case when the protocol was set to zero in the message. This causes the message to be treated as containing a bad auth protocol.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46024"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:20Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()\n\nIf a message of type CEPH_MSG_AUTH_REPLY contains a zero value for both\nprotocol and result, this is currently not treated as an error. In case\nof ac-\u003enegotiating == true and ac-\u003eprotocol \u003e 0, this leads to setting\nac-\u003eprotocol = 0 and ac-\u003eops = NULL. Thereafter, the check for\nac-\u003eprotocol != protocol returns false, and init_protocol() is not\ncalled. Subsequently, ac-\u003eops-\u003ehandle_reply() is called, which leads to\na null pointer dereference, because ac-\u003eops is still NULL.\n\nThis patch changes the check for ac-\u003eprotocol != protocol to\n!ac-\u003eprotocol, as this also includes the case when the protocol was set\nto zero in the message. This causes the message to be treated as\ncontaining a bad auth protocol.",
  "id": "GHSA-fmw3-m5fg-w74x",
  "modified": "2026-06-01T18:31:34Z",
  "published": "2026-05-27T15:33:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46024"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/016bc663657366d386993f63eb31072eb45a2b77"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4b2738b93edad661178340239de657d876b73d3d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5199c125d25aeae8615c4fc31652cc0fe624338e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8f2be7285941a33a9f72579a23b96392f83c758e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/927e4bd5692f2a4901808822981fb2c8d4456548"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9ded62c302c0342efdb5eda3bf6e75720caad0df"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f101271fcf55d7eacfefd610b51ec65f46ba8118"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FP2Q-C4JG-GWX2

Vulnerability from github – Published: 2023-02-28 21:30 – Updated: 2023-03-06 18:30
VLAI
Details

In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-22999"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-28T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer).",
  "id": "GHSA-fp2q-c4jg-gwx2",
  "modified": "2023-03-06T18:30:22Z",
  "published": "2023-02-28T21:30:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22999"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/b52fe2dbb3e655eb1483000adfab68a219549e13"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FP3C-HQ6W-Q3RF

Vulnerability from github – Published: 2022-05-13 01:09 – Updated: 2025-04-12 12:39
VLAI
Details

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-3581"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-10-10T10:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.",
  "id": "GHSA-fp3c-hq6w-q3rf",
  "modified": "2025-04-12T12:39:30Z",
  "published": "2022-05-13T01:09:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3581"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201610-02"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT205219"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT205031"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149709"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97027"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0325.html"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup\u0026pathrev=1627749"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1624234"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/71656"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031005"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2523-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FP3G-R7J4-VR8G

Vulnerability from github – Published: 2024-09-13 06:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: single: fix potential NULL dereference in pcs_get_function()

pinmux_generic_get_function() can return NULL and the pointer 'function' was dereferenced without checking against NULL. Add checking of pointer 'function' in pcs_get_function().

Found by code review.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-46685"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-13T06:15:13Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: single: fix potential NULL dereference in pcs_get_function()\n\npinmux_generic_get_function() can return NULL and the pointer \u0027function\u0027\nwas dereferenced without checking against NULL. Add checking of pointer\n\u0027function\u0027 in pcs_get_function().\n\nFound by code review.",
  "id": "GHSA-fp3g-r7j4-vr8g",
  "modified": "2025-11-04T00:31:24Z",
  "published": "2024-09-13T06:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46685"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0a2bab5ed161318f57134716accba0a30f3af191"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1c38a62f15e595346a1106025722869e87ffe044"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/292151af6add3e5ab11b2e9916cffa5f52859a1f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2cea369a5c2e85ab14ae716da1d1cc6d25c85e11"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4e9436375fcc9bd2a60ee96aba6ed53f7a377d10"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4ed45fe99ec9e3c9478bd634624cd05a57d002f7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6341c2856785dca7006820b127278058a180c075"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8f0bd526921b6867c2f10a83cd4fd14139adcd92"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FP3R-W9W2-JG2F

Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42
VLAI
Details

An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27819"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-23T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file.",
  "id": "GHSA-fp3r-w9w2-jg2f",
  "modified": "2022-05-24T17:42:53Z",
  "published": "2022-05-24T17:42:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27819"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903296"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FP56-3JCQ-PM9W

Vulnerability from github – Published: 2022-03-13 00:00 – Updated: 2022-03-19 00:01
VLAI
Details

An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42577"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-11T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference.",
  "id": "GHSA-fp56-3jcq-pm9w",
  "modified": "2022-03-19T00:01:11Z",
  "published": "2022-03-13T00:00:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42577"
    },
    {
      "type": "WEB",
      "url": "https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-42577.pdf"
    },
    {
      "type": "WEB",
      "url": "https://softing.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.