CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
GHSA-FV54-4G3V-MW5V
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-14 21:30In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix null check of pipe_ctx->plane_state for update_dchubp_dpp
Similar to commit 6a057072ddd1 ("drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe") that addresses a null pointer dereference on dcn20_update_dchubp_dpp. This is the same function hooked for update_dchubp_dpp in dcn401, with the same issue. Fix possible null pointer deference on dcn401_program_pipe too.
(cherry picked from commit d8d47f739752227957d8efc0cb894761bfe1d879)
{
"affected": [],
"aliases": [
"CVE-2025-38021"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T10:15:33Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null check of pipe_ctx-\u003eplane_state for update_dchubp_dpp\n\nSimilar to commit 6a057072ddd1 (\"drm/amd/display: Fix null check for\npipe_ctx-\u003eplane_state in dcn20_program_pipe\") that addresses a null\npointer dereference on dcn20_update_dchubp_dpp. This is the same\nfunction hooked for update_dchubp_dpp in dcn401, with the same issue.\nFix possible null pointer deference on dcn401_program_pipe too.\n\n(cherry picked from commit d8d47f739752227957d8efc0cb894761bfe1d879)",
"id": "GHSA-fv54-4g3v-mw5v",
"modified": "2025-11-14T21:30:27Z",
"published": "2025-06-18T12:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38021"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4679061fb25344d6010ce7b9bebac21c91a0b75a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a3b7e65b6be59e686e163fa1ceb0922f996897c2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FV5H-G6GW-G23H
Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2024-04-04 01:59RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message and the ephemeral port used by RIOT's MQTT implementation. Additionally, the server IP address is required for spoofing the packet.
{
"affected": [],
"aliases": [
"CVE-2019-16754"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-24T18:15:00Z",
"severity": "HIGH"
},
"details": "RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message and the ephemeral port used by RIOT\u0027s MQTT implementation. Additionally, the server IP address is required for spoofing the packet.",
"id": "GHSA-fv5h-g6gw-g23h",
"modified": "2024-04-04T01:59:30Z",
"published": "2022-05-24T16:56:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16754"
},
{
"type": "WEB",
"url": "https://github.com/RIOT-OS/RIOT/pull/12293"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FV67-488V-7H86
Vulnerability from github – Published: 2025-09-17 15:30 – Updated: 2025-12-12 18:30In the Linux kernel, the following vulnerability has been resolved:
drm/vkms: Fix null-ptr-deref in vkms_release()
A null-ptr-deref is triggered when it tries to destroy the workqueue in vkms->output.composer_workq in vkms_release().
KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] CPU: 5 PID: 17193 Comm: modprobe Not tainted 6.0.0-11331-gd465bff130bf #24 RIP: 0010:destroy_workqueue+0x2f/0x710 ... Call Trace: ? vkms_config_debugfs_init+0x50/0x50 [vkms] __devm_drm_dev_alloc+0x15a/0x1c0 [drm] vkms_init+0x245/0x1000 [vkms] do_one_initcall+0xd0/0x4f0 do_init_module+0x1a4/0x680 load_module+0x6249/0x7110 __do_sys_finit_module+0x140/0x200 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0
The reason is that an OOM happened which triggers the destroy of the workqueue, however, the workqueue is alloced in the later process, thus a null-ptr-deref happened. A simple call graph is shown as below:
vkms_init() vkms_create() devm_drm_dev_alloc() __devm_drm_dev_alloc() devm_drm_dev_init() devm_add_action_or_reset() devm_add_action() # an error happened devm_drm_dev_init_release() drm_dev_put() kref_put() drm_dev_release() vkms_release() destroy_workqueue() # null-ptr-deref happened vkms_modeset_init() vkms_output_init() vkms_crtc_init() # where the workqueue get allocated
Fix this by checking if composer_workq is NULL before passing it to the destroy_workqueue() in vkms_release().
{
"affected": [],
"aliases": [
"CVE-2022-50369"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-17T15:15:35Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vkms: Fix null-ptr-deref in vkms_release()\n\nA null-ptr-deref is triggered when it tries to destroy the workqueue in\nvkms-\u003eoutput.composer_workq in vkms_release().\n\n KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\n CPU: 5 PID: 17193 Comm: modprobe Not tainted 6.0.0-11331-gd465bff130bf #24\n RIP: 0010:destroy_workqueue+0x2f/0x710\n ...\n Call Trace:\n \u003cTASK\u003e\n ? vkms_config_debugfs_init+0x50/0x50 [vkms]\n __devm_drm_dev_alloc+0x15a/0x1c0 [drm]\n vkms_init+0x245/0x1000 [vkms]\n do_one_initcall+0xd0/0x4f0\n do_init_module+0x1a4/0x680\n load_module+0x6249/0x7110\n __do_sys_finit_module+0x140/0x200\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe reason is that an OOM happened which triggers the destroy of the\nworkqueue, however, the workqueue is alloced in the later process,\nthus a null-ptr-deref happened. A simple call graph is shown as below:\n\n vkms_init()\n vkms_create()\n devm_drm_dev_alloc()\n __devm_drm_dev_alloc()\n devm_drm_dev_init()\n devm_add_action_or_reset()\n devm_add_action() # an error happened\n devm_drm_dev_init_release()\n drm_dev_put()\n kref_put()\n drm_dev_release()\n vkms_release()\n destroy_workqueue() # null-ptr-deref happened\n vkms_modeset_init()\n vkms_output_init()\n vkms_crtc_init() # where the workqueue get allocated\n\nFix this by checking if composer_workq is NULL before passing it to\nthe destroy_workqueue() in vkms_release().",
"id": "GHSA-fv67-488v-7h86",
"modified": "2025-12-12T18:30:27Z",
"published": "2025-09-17T15:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50369"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b8f390e2251191f1b179cc87f65d54c96565f0d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1f9836f95271e7acf016667eee0aeae3386f9645"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2fe2a8f40c21161ffe7653cc234e7934db5b7cc5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/57031c474c3a920ea73afeb5dc352e537f5793ee"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/596f1ba3987e601e31a5abf1f75ce1d2635aceac"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FV7C-VWWC-7P9F
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a do_graph_auth action without a session_id key.
{
"affected": [],
"aliases": [
"CVE-2021-28844"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-10T19:15:00Z",
"severity": "HIGH"
},
"details": "Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a do_graph_auth action without a session_id key.",
"id": "GHSA-fv7c-vwwc-7p9f",
"modified": "2022-05-24T19:10:31Z",
"published": "2022-05-24T19:10:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28844"
},
{
"type": "WEB",
"url": "https://github.com/zyw-200/EQUAFL/blob/main/TRENDnet%20ticket.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FV82-8R52-FJ6J
Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-05-24 19:16Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-39854"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-29T16:15:00Z",
"severity": "MODERATE"
},
"details": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-fv82-8r52-fj6j",
"modified": "2022-05-24T19:16:04Z",
"published": "2022-05-24T19:16:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39854"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FVCJ-2MGP-5X33
Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2024-04-04 01:03A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service.
{
"affected": [],
"aliases": [
"CVE-2019-12984"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-26T18:15:00Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service.",
"id": "GHSA-fvcj-2mgp-5x33",
"modified": "2024-04-04T01:03:10Z",
"published": "2022-05-24T16:48:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12984"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/385097a3675749cbc9e97c085c0e5dfe4269ca51"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Aug/13"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190806-0001"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4093-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4094-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4117-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4118-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4495"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108905"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FVF2-2VH9-P4J4
Vulnerability from github – Published: 2025-09-17 15:30 – Updated: 2025-12-11 15:30In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: u_serial: Add null pointer check in gserial_suspend
Consider a case where gserial_disconnect has already cleared gser->ioport. And if gserial_suspend gets called afterwards, it will lead to accessing of gser->ioport and thus causing null pointer dereference.
Avoid this by adding a null pointer check. Added a static spinlock to prevent gser->ioport from becoming null after the newly added null pointer check.
{
"affected": [],
"aliases": [
"CVE-2023-53356"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-17T15:15:39Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Add null pointer check in gserial_suspend\n\nConsider a case where gserial_disconnect has already cleared\ngser-\u003eioport. And if gserial_suspend gets called afterwards,\nit will lead to accessing of gser-\u003eioport and thus causing\nnull pointer dereference.\n\nAvoid this by adding a null pointer check. Added a static\nspinlock to prevent gser-\u003eioport from becoming null after\nthe newly added null pointer check.",
"id": "GHSA-fvf2-2vh9-p4j4",
"modified": "2025-12-11T15:30:30Z",
"published": "2025-09-17T15:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53356"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2788a3553f7497075653210b42e2aeb6ba95e28e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2f6ecb89fe8feb2b60a53325b0eeb9866d88909a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/374447e3367767156405bedd230c5d391f4b7962"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a8ea7ed644cbf6314b5b0136b5398754b549fb8f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e60a827ac074ce6bd58305fe5a86afab5fce6a04"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FVF9-3QQ7-4JXJ
Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2025-11-12 18:31In the Linux kernel, the following vulnerability has been resolved:
ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot
Update chip data using dev_get_drvdata(dev->parent) to fix NULL pointer deref in acp_i2s_set_tdm_slot.
{
"affected": [],
"aliases": [
"CVE-2025-37919"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-20T16:15:28Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot\n\nUpdate chip data using dev_get_drvdata(dev-\u003eparent) to fix\nNULL pointer deref in acp_i2s_set_tdm_slot.",
"id": "GHSA-fvf9-3qq7-4jxj",
"modified": "2025-11-12T18:31:04Z",
"published": "2025-05-20T18:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37919"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3104b7d559ffb28f34e55028ff55a475e26e2e1e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6d9b64156d849e358cb49b6b899fb0b7d262bda8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fd4d8d139030dd2de97ef46d332673675ca8ad72"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FVGF-G9J6-CF8M
Vulnerability from github – Published: 2025-03-06 18:31 – Updated: 2025-11-03 21:33In the Linux kernel, the following vulnerability has been resolved:
OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
If a driver calls dev_pm_opp_find_bw_ceil/floor() the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were missing in the OPP consumer node, the kernel will crash with:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004 ... pc : _read_bw+0x8/0x10 lr : _opp_table_find_key+0x9c/0x174 ... Call trace: _read_bw+0x8/0x10 (P) _opp_table_find_key+0x9c/0x174 (L) _find_key+0x98/0x168 dev_pm_opp_find_bw_ceil+0x50/0x88 ...
In order to fix the crash, create an assert function to check if the bandwidth table was created before trying to get a bandwidth with _read_bw().
{
"affected": [],
"aliases": [
"CVE-2024-58068"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-06T16:15:53Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nOPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized\n\nIf a driver calls dev_pm_opp_find_bw_ceil/floor() the retrieve bandwidth\nfrom the OPP table but the bandwidth table was not created because the\ninterconnect properties were missing in the OPP consumer node, the\nkernel will crash with:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n...\npc : _read_bw+0x8/0x10\nlr : _opp_table_find_key+0x9c/0x174\n...\nCall trace:\n _read_bw+0x8/0x10 (P)\n _opp_table_find_key+0x9c/0x174 (L)\n _find_key+0x98/0x168\n dev_pm_opp_find_bw_ceil+0x50/0x88\n...\n\nIn order to fix the crash, create an assert function to check\nif the bandwidth table was created before trying to get a\nbandwidth with _read_bw().",
"id": "GHSA-fvgf-g9j6-cf8m",
"modified": "2025-11-03T21:33:07Z",
"published": "2025-03-06T18:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58068"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5165486681dbd67b61b975c63125f2a5cb7f96d1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/84ff05c9bd577157baed711a4f0b41206593978b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8532fd078d2a5286915d03bb0a0893ee1955acef"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b44b9bc7cab2967c3d6a791b1cd542c89fc07f0e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ff2def251849133be6076a7c2d427d8eb963c223"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FVHH-6WH3-M386
Vulnerability from github – Published: 2024-12-02 15:31 – Updated: 2025-11-04 00:32In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: CT: Fix null-ptr-deref in add rule err flow
In error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add() callback returns error, zone_rule->attr is used uninitiated. Fix it to use attr which has the needed pointer value.
Kernel log: BUG: kernel NULL pointer dereference, address: 0000000000000110 RIP: 0010:mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] … Call Trace: ? __die+0x20/0x70 ? page_fault_oops+0x150/0x3e0 ? exc_page_fault+0x74/0x140 ? asm_exc_page_fault+0x22/0x30 ? mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] ? mlx5_tc_ct_entry_add_rule+0x1d5/0x2f0 [mlx5_core] mlx5_tc_ct_block_flow_offload+0xc6a/0xf90 [mlx5_core] ? nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] flow_offload_work_handler+0x142/0x320 [nf_flow_table] ? finish_task_switch.isra.0+0x15b/0x2b0 process_one_work+0x16c/0x320 worker_thread+0x28c/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xb8/0xf0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30
{
"affected": [],
"aliases": [
"CVE-2024-53120"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-02T14:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: CT: Fix null-ptr-deref in add rule err flow\n\nIn error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add()\ncallback returns error, zone_rule-\u003eattr is used uninitiated. Fix it to\nuse attr which has the needed pointer value.\n\nKernel log:\n BUG: kernel NULL pointer dereference, address: 0000000000000110\n RIP: 0010:mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core]\n\u2026\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x20/0x70\n ? page_fault_oops+0x150/0x3e0\n ? exc_page_fault+0x74/0x140\n ? asm_exc_page_fault+0x22/0x30\n ? mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core]\n ? mlx5_tc_ct_entry_add_rule+0x1d5/0x2f0 [mlx5_core]\n mlx5_tc_ct_block_flow_offload+0xc6a/0xf90 [mlx5_core]\n ? nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table]\n nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table]\n flow_offload_work_handler+0x142/0x320 [nf_flow_table]\n ? finish_task_switch.isra.0+0x15b/0x2b0\n process_one_work+0x16c/0x320\n worker_thread+0x28c/0x3a0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xb8/0xf0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e",
"id": "GHSA-fvhh-6wh3-m386",
"modified": "2025-11-04T00:32:08Z",
"published": "2024-12-02T15:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53120"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/06dc488a593020bd2f006798557d2a32104d8359"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0c7c70ff8b696cfedba350411dca736361ef9a0f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6030f8bd7902e9e276a0edc09bf11979e4e2bc2e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/882f392d9e3649557e71efd78ae20c86039ffb7c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e99c6873229fe0482e7ceb7d5600e32d623ed9d9"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.