Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-GQ2G-QWMW-M5Q3

Vulnerability from github – Published: 2022-05-17 03:21 – Updated: 2022-05-17 03:21
VLAI
Details

XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-8241"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-14T22:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.",
  "id": "GHSA-gq2g-qwmw-m5q3",
  "modified": "2022-05-17T03:21:05Z",
  "published": "2022-05-17T03:21:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8241"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151312"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2015-2233.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/oss-sec/2014/q4/278"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/oss-sec/2014/q4/300"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/70390"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQ3M-5WP3-HVHP

Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-16 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

FS: JFS: Fix null-ptr-deref Read in txBegin

Syzkaller reported an issue where txBegin may be called on a superblock in a read-only mounted filesystem which leads to NULL pointer deref. This could be solved by checking if the filesystem is read-only before calling txBegin, and returning with appropiate error code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53457"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T12:15:47Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nFS: JFS: Fix null-ptr-deref Read in txBegin\n\n Syzkaller reported an issue where txBegin may be called\n on a superblock in a read-only mounted filesystem which leads\n to NULL pointer deref. This could be solved by checking if\n the filesystem is read-only before calling txBegin, and returning\n with appropiate error code.",
  "id": "GHSA-gq3m-5wp3-hvhp",
  "modified": "2026-01-16T21:30:29Z",
  "published": "2025-10-01T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53457"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1b4c144767736221cad92c132f72b3c6ed06a0ea"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2a3f20efe6c901d4c0871cfd1d8c65e2ade71fc1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3e5eb6c5ecd8ddb9cfea751cf30f9e23eac97ca3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3e94d0d378d2754b26fc54b429582553f7b53e15"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/47cfdc338d674d38f4b2f22b7612cc6a2763ba27"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a7225e9e09519deb7e0c42eb6070029cc456e84d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a7d17d6bd7cd4f6940b335ea7a6fce5b6d22adc2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fd2db13fb72ff18c633a48229589d42ceb89d1f8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQ5R-CC4W-G8XF

Vulnerability from github – Published: 2021-06-23 17:25 – Updated: 2024-05-20 20:18
VLAI
Summary
Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-prjq-f4q3-fvfr. This link is maintained to preserve external references.

Original Description

This affects all versions less than 0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on null pointer dereference caused by sending malformed XML signatures.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/russellhaering/gosaml2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/russellhaering/goxmldsig"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-20T21:39:22Z",
    "nvd_published_at": "2021-04-30T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-prjq-f4q3-fvfr. This link is maintained to preserve external references.\n\n## Original Description\nThis affects all versions less than 0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on null pointer dereference caused by sending malformed XML signatures.",
  "id": "GHSA-gq5r-cc4w-g8xf",
  "modified": "2024-05-20T20:18:56Z",
  "published": "2021-06-23T17:25:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7731"
    },
    {
      "type": "WEB",
      "url": "https://github.com/russellhaering/gosaml2/issues/59"
    },
    {
      "type": "WEB",
      "url": "https://github.com/russellhaering/goxmldsig/issues/48"
    },
    {
      "type": "WEB",
      "url": "https://github.com/russellhaering/gosaml2/pull/90"
    },
    {
      "type": "WEB",
      "url": "https://github.com/russellhaering/gosaml2/commit/66e3b7affd622b8b24ea1e18845f045e46b23424"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/russellhaering/gosaml2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/russellhaering/gosaml2/releases/tag/v0.7.0"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures",
  "withdrawn": "2024-05-20T20:18:56Z"
}

GHSA-GQ92-C2VH-PQWX

Vulnerability from github – Published: 2025-10-24 18:30 – Updated: 2025-10-24 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

afs: Fix dynamic root getattr

The recent patch to make afs_getattr consult the server didn't account for the pseudo-inodes employed by the dynamic root-type afs superblock not having a volume or a server to access, and thus an oops occurs if such a directory is stat'd.

Fix this by checking to see if the vnode->volume pointer actually points anywhere before following it in afs_getattr().

This can be tested by stat'ing a directory in /afs. It may be sufficient just to do "ls /afs" and the oops looks something like:

    BUG: kernel NULL pointer dereference, address: 0000000000000020
    ...
    RIP: 0010:afs_getattr+0x8b/0x14b
    ...
    Call Trace:
     <TASK>
     vfs_statx+0x79/0xf5
     vfs_fstatat+0x49/0x62
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49688"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:43Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix dynamic root getattr\n\nThe recent patch to make afs_getattr consult the server didn\u0027t account\nfor the pseudo-inodes employed by the dynamic root-type afs superblock\nnot having a volume or a server to access, and thus an oops occurs if\nsuch a directory is stat\u0027d.\n\nFix this by checking to see if the vnode-\u003evolume pointer actually points\nanywhere before following it in afs_getattr().\n\nThis can be tested by stat\u0027ing a directory in /afs.  It may be\nsufficient just to do \"ls /afs\" and the oops looks something like:\n\n        BUG: kernel NULL pointer dereference, address: 0000000000000020\n        ...\n        RIP: 0010:afs_getattr+0x8b/0x14b\n        ...\n        Call Trace:\n         \u003cTASK\u003e\n         vfs_statx+0x79/0xf5\n         vfs_fstatat+0x49/0x62",
  "id": "GHSA-gq92-c2vh-pqwx",
  "modified": "2025-10-24T18:30:56Z",
  "published": "2025-10-24T18:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49688"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2b2bba96526f25f2eba74ecadb031de2e05a83ce"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/65c24caf1b9f5b08397c6e805ec24ebc390c6e4d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7844ceada44eca740d31beb3d97b8511b1ca0a9b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7b564e3254b7db5fbfbf11a824627a6c31b932b4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cb78d1b5efffe4cf97e16766329dd7358aed3deb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e3a232e5767051483ffad4cef7d0a89d292a192b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQGC-F2J4-FXX4

Vulnerability from github – Published: 2026-07-08 21:30 – Updated: 2026-07-08 21:30
VLAI
Details

SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-15171"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-08T21:16:47Z",
    "severity": "MODERATE"
  },
  "details": "SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service",
  "id": "GHSA-gqgc-f2j4-fxx4",
  "modified": "2026-07-08T21:30:31Z",
  "published": "2026-07-08T21:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-15171"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21378"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2026-55.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQGF-RXRP-GRHX

Vulnerability from github – Published: 2024-12-12 03:33 – Updated: 2024-12-12 03:33
VLAI
Details

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49121"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-12T02:04:38Z",
    "severity": "HIGH"
  },
  "details": "Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability",
  "id": "GHSA-gqgf-rxrp-grhx",
  "modified": "2024-12-12T03:33:05Z",
  "published": "2024-12-12T03:33:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49121"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49121"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQMM-FCCW-XJF3

Vulnerability from github – Published: 2025-03-06 18:31 – Updated: 2025-03-25 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

clk: mmp2: call pm_genpd_init() only after genpd.name is set

Setting the genpd's struct device's name with dev_set_name() is happening within pm_genpd_init(). If it remains NULL, things can blow up later, such as when crafting the devfs hierarchy for the power domain:

Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read ... Call trace: strlen from start_creating+0x90/0x138 start_creating from debugfs_create_dir+0x20/0x178 debugfs_create_dir from genpd_debug_add.part.0+0x4c/0x144 genpd_debug_add.part.0 from genpd_debug_init+0x74/0x90 genpd_debug_init from do_one_initcall+0x5c/0x244 do_one_initcall from kernel_init_freeable+0x19c/0x1f4 kernel_init_freeable from kernel_init+0x1c/0x12c kernel_init from ret_from_fork+0x14/0x28

Bisecting tracks this crash back to commit 899f44531fe6 ("pmdomain: core: Add GENPD_FLAG_DEV_NAME_FW flag"), which exchanges use of genpd->name with dev_name(&genpd->dev) in genpd_debug_add.part().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-58081"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-06T17:15:21Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mmp2: call pm_genpd_init() only after genpd.name is set\n\nSetting the genpd\u0027s struct device\u0027s name with dev_set_name() is\nhappening within pm_genpd_init(). If it remains NULL, things can blow up\nlater, such as when crafting the devfs hierarchy for the power domain:\n\n  Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n  ...\n  Call trace:\n   strlen from start_creating+0x90/0x138\n   start_creating from debugfs_create_dir+0x20/0x178\n   debugfs_create_dir from genpd_debug_add.part.0+0x4c/0x144\n   genpd_debug_add.part.0 from genpd_debug_init+0x74/0x90\n   genpd_debug_init from do_one_initcall+0x5c/0x244\n   do_one_initcall from kernel_init_freeable+0x19c/0x1f4\n   kernel_init_freeable from kernel_init+0x1c/0x12c\n   kernel_init from ret_from_fork+0x14/0x28\n\nBisecting tracks this crash back to commit 899f44531fe6 (\"pmdomain: core:\nAdd GENPD_FLAG_DEV_NAME_FW flag\"), which exchanges use of genpd-\u003ename\nwith dev_name(\u0026genpd-\u003edev) in genpd_debug_add.part().",
  "id": "GHSA-gqmm-fccw-xjf3",
  "modified": "2025-03-25T15:31:22Z",
  "published": "2025-03-06T18:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58081"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/763517124e27b07fa300b486d7d13c5d563a215e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e24b15d4704dcb73920c3d18a6157abd18df08c1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eca01d5911fb34218d10a58d8d9534b758c8fd0a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQP2-93HC-49W7

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-14 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead

ftrace_startup does not remove ops from ftrace_ops_list when ftrace_startup_enable fails:

register_ftrace_function ftrace_startup __register_ftrace_function ... add_ftrace_ops(&ftrace_ops_list, ops) ... ... ftrace_startup_enable // if ftrace failed to modify, ftrace_disabled is set to 1 ... return 0 // ops is in the ftrace_ops_list.

When ftrace_disabled = 1, unregister_ftrace_function simply returns without doing anything: unregister_ftrace_function ftrace_shutdown if (unlikely(ftrace_disabled)) return -ENODEV; // return here, __unregister_ftrace_function is not executed, // as a result, ops is still in the ftrace_ops_list __unregister_ftrace_function ...

If ops is dynamically allocated, it will be free later, in this case, is_ftrace_trampoline accesses NULL pointer:

is_ftrace_trampoline ftrace_ops_trampoline do_for_each_ftrace_op(op, ftrace_ops_list) // OOPS! op may be NULL!

Syzkaller reports as follows: [ 1203.506103] BUG: kernel NULL pointer dereference, address: 000000000000010b [ 1203.508039] #PF: supervisor read access in kernel mode [ 1203.508798] #PF: error_code(0x0000) - not-present page [ 1203.509558] PGD 800000011660b067 P4D 800000011660b067 PUD 130fb8067 PMD 0 [ 1203.510560] Oops: 0000 [#1] SMP KASAN PTI [ 1203.511189] CPU: 6 PID: 29532 Comm: syz-executor.2 Tainted: G B W 5.10.0 #8 [ 1203.512324] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1203.513895] RIP: 0010:is_ftrace_trampoline+0x26/0xb0 [ 1203.514644] Code: ff eb d3 90 41 55 41 54 49 89 fc 55 53 e8 f2 00 fd ff 48 8b 1d 3b 35 5d 03 e8 e6 00 fd ff 48 8d bb 90 00 00 00 e8 2a 81 26 00 <48> 8b ab 90 00 00 00 48 85 ed 74 1d e8 c9 00 fd ff 48 8d bb 98 00 [ 1203.518838] RSP: 0018:ffffc900012cf960 EFLAGS: 00010246 [ 1203.520092] RAX: 0000000000000000 RBX: 000000000000007b RCX: ffffffff8a331866 [ 1203.521469] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 000000000000010b [ 1203.522583] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8df18b07 [ 1203.523550] R10: fffffbfff1be3160 R11: 0000000000000001 R12: 0000000000478399 [ 1203.524596] R13: 0000000000000000 R14: ffff888145088000 R15: 0000000000000008 [ 1203.525634] FS: 00007f429f5f4700(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000 [ 1203.526801] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1203.527626] CR2: 000000000000010b CR3: 0000000170e1e001 CR4: 00000000003706e0 [ 1203.528611] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1203.529605] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Therefore, when ftrace_startup_enable fails, we need to rollback registration process and remove ops from ftrace_ops_list.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49977"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:25Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead\n\nftrace_startup does not remove ops from ftrace_ops_list when\nftrace_startup_enable fails:\n\nregister_ftrace_function\n  ftrace_startup\n    __register_ftrace_function\n      ...\n      add_ftrace_ops(\u0026ftrace_ops_list, ops)\n      ...\n    ...\n    ftrace_startup_enable // if ftrace failed to modify, ftrace_disabled is set to 1\n    ...\n  return 0 // ops is in the ftrace_ops_list.\n\nWhen ftrace_disabled = 1, unregister_ftrace_function simply returns without doing anything:\nunregister_ftrace_function\n  ftrace_shutdown\n    if (unlikely(ftrace_disabled))\n            return -ENODEV;  // return here, __unregister_ftrace_function is not executed,\n                             // as a result, ops is still in the ftrace_ops_list\n    __unregister_ftrace_function\n    ...\n\nIf ops is dynamically allocated, it will be free later, in this case,\nis_ftrace_trampoline accesses NULL pointer:\n\nis_ftrace_trampoline\n  ftrace_ops_trampoline\n    do_for_each_ftrace_op(op, ftrace_ops_list) // OOPS! op may be NULL!\n\nSyzkaller reports as follows:\n[ 1203.506103] BUG: kernel NULL pointer dereference, address: 000000000000010b\n[ 1203.508039] #PF: supervisor read access in kernel mode\n[ 1203.508798] #PF: error_code(0x0000) - not-present page\n[ 1203.509558] PGD 800000011660b067 P4D 800000011660b067 PUD 130fb8067 PMD 0\n[ 1203.510560] Oops: 0000 [#1] SMP KASAN PTI\n[ 1203.511189] CPU: 6 PID: 29532 Comm: syz-executor.2 Tainted: G    B   W         5.10.0 #8\n[ 1203.512324] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n[ 1203.513895] RIP: 0010:is_ftrace_trampoline+0x26/0xb0\n[ 1203.514644] Code: ff eb d3 90 41 55 41 54 49 89 fc 55 53 e8 f2 00 fd ff 48 8b 1d 3b 35 5d 03 e8 e6 00 fd ff 48 8d bb 90 00 00 00 e8 2a 81 26 00 \u003c48\u003e 8b ab 90 00 00 00 48 85 ed 74 1d e8 c9 00 fd ff 48 8d bb 98 00\n[ 1203.518838] RSP: 0018:ffffc900012cf960 EFLAGS: 00010246\n[ 1203.520092] RAX: 0000000000000000 RBX: 000000000000007b RCX: ffffffff8a331866\n[ 1203.521469] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 000000000000010b\n[ 1203.522583] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8df18b07\n[ 1203.523550] R10: fffffbfff1be3160 R11: 0000000000000001 R12: 0000000000478399\n[ 1203.524596] R13: 0000000000000000 R14: ffff888145088000 R15: 0000000000000008\n[ 1203.525634] FS:  00007f429f5f4700(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000\n[ 1203.526801] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1203.527626] CR2: 000000000000010b CR3: 0000000170e1e001 CR4: 00000000003706e0\n[ 1203.528611] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 1203.529605] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n\nTherefore, when ftrace_startup_enable fails, we need to rollback registration\nprocess and remove ops from ftrace_ops_list.",
  "id": "GHSA-gqp2-93hc-49w7",
  "modified": "2025-11-14T18:31:23Z",
  "published": "2025-06-18T12:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49977"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4c34a2a6c9927c239dd2e295a03d49b37b618d2c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8569b4ada1e0b9bfaa125bd0c0967918b6560fa2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/934e49f7d696afdae9f979abe3f308408184e17b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c3b0f72e805f0801f05fa2aa52011c4bfc694c44"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d81bd6671f45fde4c3ac7fd7733c6e3082ae9d8e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dbd8c8fc60480e3faa3ae7e27ebe03371ecd1b77"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ddffe882d74ef43a3494f0ab0c24baf076c45f96"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e4ae97295984ff1b9b340ed18ae1b066f36b7835"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQRW-4VCW-M5FJ

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10
VLAI
Details

A vulnerability has been identified in JT2Go (All versions < V13.2.0.1), Teamcenter Visualization (All versions < V13.2.0.1). When parsing specially crafted CGM Files, a NULL pointer deference condition could cause the application to crash. The application must be restarted to restore the service. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33717"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-10T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.1), Teamcenter Visualization (All versions \u003c V13.2.0.1). When parsing specially crafted CGM Files, a NULL pointer deference condition could cause the application to crash. The application must be restarted to restore the service. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.",
  "id": "GHSA-gqrw-4vcw-m5fj",
  "modified": "2022-05-24T19:10:37Z",
  "published": "2022-05-24T19:10:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33717"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GQX7-8F9W-H83G

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2023-05-05 21:31
VLAI
Details

An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-32270"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-20T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service.",
  "id": "GHSA-gqx7-8f9w-h83g",
  "modified": "2023-05-05T21:31:08Z",
  "published": "2022-05-24T19:15:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32270"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/1586"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.