Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-G469-PQ25-X2QR

Vulnerability from github – Published: 2022-05-01 23:53 – Updated: 2025-04-09 03:56
VLAI
Details

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-2812"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-07-09T00:41:00Z",
    "severity": "HIGH"
  },
  "details": "The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.",
  "id": "GHSA-g469-pq25-x2qr",
  "modified": "2025-04-09T03:56:16Z",
  "published": "2022-05-01T23:53:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2812"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43687"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11632"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6633"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/637-1"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commitdiff;h=2a739dd53ad7ee010ae6e155438507f329dce788"
    },
    {
      "type": "WEB",
      "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30982"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31048"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31202"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31229"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31341"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31551"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31614"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31685"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32103"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32370"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32759"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33201"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-365.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1630"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/03/2"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0612.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0665.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0973.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30076"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2063/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G46C-XFM8-QQ3G

Vulnerability from github – Published: 2022-05-14 03:32 – Updated: 2022-05-14 03:32
VLAI
Details

res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-5180"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-27T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).",
  "id": "GHSA-g46c-xfm8-qq3g",
  "modified": "2022-05-14T03:32:27Z",
  "published": "2022-05-14T03:32:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5180"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0805"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2015-5180"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249603"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201706-19"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/attachment.cgi?id=8492"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18784"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=fc82b0a2dfe7dbd35671c10510a8da1043d746a5"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fc82b0a2dfe7dbd35671c10510a8da1043d746a5"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99324"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-3239-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-3239-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G48H-R3W9-74G6

Vulnerability from github – Published: 2022-05-14 01:42 – Updated: 2022-05-14 01:42
VLAI
Details

libming 0.4.8 has a NULL pointer dereference in the pushdup function of the decompile.c file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20425"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-24T05:29:00Z",
    "severity": "HIGH"
  },
  "details": "libming 0.4.8 has a NULL pointer dereference in the pushdup function of the decompile.c file.",
  "id": "GHSA-g48h-r3w9-74g6",
  "modified": "2022-05-14T01:42:55Z",
  "published": "2022-05-14T01:42:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20425"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libming/libming/issues/163"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G4FG-WXPR-X2CJ

Vulnerability from github – Published: 2022-05-14 01:19 – Updated: 2022-05-14 01:19
VLAI
Details

The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-5193"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-03T15:59:00Z",
    "severity": "HIGH"
  },
  "details": "The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick.",
  "id": "GHSA-g4fg-wxpr-x2cj",
  "modified": "2022-05-14T01:19:33Z",
  "published": "2022-05-14T01:19:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5193"
    },
    {
      "type": "WEB",
      "url": "https://irssi.org/security/irssi_sa_2017_01.txt"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201701-45"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/01/06/1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95310"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G4Q7-QPW3-V546

Vulnerability from github – Published: 2023-07-18 15:30 – Updated: 2024-04-04 06:13
VLAI
Details

An issue was discovered in asn1c through v0.9.28. A NULL pointer dereference exists in the function _default_error_logger() located in asn1fix.c. It allows an attacker to cause Denial of Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-23911"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-18T14:15:11Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in asn1c through v0.9.28. A NULL pointer dereference exists in the function _default_error_logger() located in asn1fix.c. It allows an attacker to cause Denial of Service.",
  "id": "GHSA-g4q7-qpw3-v546",
  "modified": "2024-04-04T06:13:11Z",
  "published": "2023-07-18T15:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-23911"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vlm/asn1c/issues/394"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G4Q8-M3PW-QHVV

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-16 03:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

apparmor: fix NULL pointer dereference in __unix_needs_revalidation

When receiving file descriptors via SCM_RIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL pointer dereferences in __unix_needs_revalidation().

This is a regression in AppArmor 5.0.0 (kernel 6.17+) where the new __unix_needs_revalidation() function was added without proper NULL checks.

The crash manifests as: BUG: kernel NULL pointer dereference, address: 0x0000000000000018 RIP: aa_file_perm+0xb7/0x3b0 (or +0xbe/0x3b0, +0xc0/0x3e0) Call Trace: apparmor_file_receive+0x42/0x80 security_file_receive+0x2e/0x50 receive_fd+0x1d/0xf0 scm_detach_fds+0xad/0x1c0

The function dereferences sock->sk->sk_family without checking if either sock or sock->sk is NULL first.

Add NULL checks for both sock and sock->sk before accessing sk_family.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45966"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:13Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix NULL pointer dereference in __unix_needs_revalidation\n\nWhen receiving file descriptors via SCM_RIGHTS, both the socket pointer\nand the socket\u0027s sk pointer can be NULL during socket setup or teardown,\ncausing NULL pointer dereferences in __unix_needs_revalidation().\n\nThis is a regression in AppArmor 5.0.0 (kernel 6.17+) where the new\n__unix_needs_revalidation() function was added without proper NULL checks.\n\nThe crash manifests as:\n  BUG: kernel NULL pointer dereference, address: 0x0000000000000018\n  RIP: aa_file_perm+0xb7/0x3b0 (or +0xbe/0x3b0, +0xc0/0x3e0)\n  Call Trace:\n   apparmor_file_receive+0x42/0x80\n   security_file_receive+0x2e/0x50\n   receive_fd+0x1d/0xf0\n   scm_detach_fds+0xad/0x1c0\n\nThe function dereferences sock-\u003esk-\u003esk_family without checking if either\nsock or sock-\u003esk is NULL first.\n\nAdd NULL checks for both sock and sock-\u003esk before accessing sk_family.",
  "id": "GHSA-g4q8-m3pw-qhvv",
  "modified": "2026-06-16T03:30:33Z",
  "published": "2026-05-27T15:33:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45966"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e2938ad00b21340c0362562dfedd7cfec0554d67"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e85bc9101afc4202aa2269967ce9d3ffbecd0994"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fea017a7f6abe179decf575a2d8464c74edb3964"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G4QH-PGMQ-G946

Vulnerability from github – Published: 2023-12-25 09:30 – Updated: 2023-12-29 21:30
VLAI
Details

C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-37187"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-25T07:15:09Z",
    "severity": "HIGH"
  },
  "details": "C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. function.",
  "id": "GHSA-g4qh-pgmq-g946",
  "modified": "2023-12-29T21:30:46Z",
  "published": "2023-12-25T09:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37187"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Blosc/c-blosc2/issues/520"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Blosc/c-blosc2/compare/v2.9.2...v2.9.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G4QQ-W8W3-624Q

Vulnerability from github – Published: 2022-05-17 02:54 – Updated: 2022-05-17 02:54
VLAI
Details

The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted VIRGL_CCMD_CLEAR command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-5937"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-15T19:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted VIRGL_CCMD_CLEAR command.",
  "id": "GHSA-g4qq-w8w3-624q",
  "modified": "2022-05-17T02:54:58Z",
  "published": "2022-05-17T02:54:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5937"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420246"
    },
    {
      "type": "WEB",
      "url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/02/09/4"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96180"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G4VX-757M-G7RM

Vulnerability from github – Published: 2022-12-14 21:30 – Updated: 2022-12-17 00:30
VLAI
Details

An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3110"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-14T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference.",
  "id": "GHSA-g4vx-757m-g7rm",
  "modified": "2022-12-17T00:30:21Z",
  "published": "2022-12-14T21:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3110"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153055"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2\u0026id=f94b47c6bde624d6c07f43054087607c52054a95"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G4W6-JW6R-6882

Vulnerability from github – Published: 2025-03-06 18:31 – Updated: 2025-03-25 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

clk: mmp: pxa1908-apbc: Fix NULL vs IS_ERR() check

The devm_kzalloc() function returns NULL on error, not error pointers. Fix the check.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-58065"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-06T16:15:52Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mmp: pxa1908-apbc: Fix NULL vs IS_ERR() check\n\nThe devm_kzalloc() function returns NULL on error, not error pointers.\nFix the check.",
  "id": "GHSA-g4w6-jw6r-6882",
  "modified": "2025-03-25T15:31:22Z",
  "published": "2025-03-06T18:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58065"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6628f7f88de5f65f01adef5a63c707cb49d0fddb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e5ca5d7b4d7c29246d957dc45d63610584ae3a54"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.