Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-GVC4-PVFX-8P8M

Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2025-04-11 04:07
VLAI
Details

The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-1415"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-03-05T05:05:00Z",
    "severity": "MODERATE"
  },
  "details": "The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.",
  "id": "GHSA-gvc4-pvfx-8p8m",
  "modified": "2025-04-11T04:07:58Z",
  "published": "2022-05-13T01:11:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1415"
    },
    {
      "type": "WEB",
      "url": "https://github.com/krb5/krb5/commit/f249555301940c6df3a2cdda13b56b5674eebc2e"
    },
    {
      "type": "WEB",
      "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7570"
    },
    {
      "type": "WEB",
      "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7577"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00090.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/55040"
    },
    {
      "type": "WEB",
      "url": "http://web.mit.edu/kerberos/www/krb5-1.10"
    },
    {
      "type": "WEB",
      "url": "http://web.mit.edu/kerberos/www/krb5-1.11"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:157"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GVG4-XH6R-GGRP

Vulnerability from github – Published: 2025-04-16 15:34 – Updated: 2025-09-19 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix null pointer dereference in alloc_preauth_hash()

The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-22037"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-16T15:15:56Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix null pointer dereference in alloc_preauth_hash()\n\nThe Client send malformed smb2 negotiate request. ksmbd return error\nresponse. Subsequently, the client can send smb2 session setup even\nthought conn-\u003epreauth_info is not allocated.\nThis patch add KSMBD_SESS_NEED_SETUP status of connection to ignore\nsession setup request if smb2 negotiate phase is not complete.",
  "id": "GHSA-gvg4-xh6r-ggrp",
  "modified": "2025-09-19T15:31:07Z",
  "published": "2025-04-16T15:34:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22037"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8f216b33a5e1b3489c073b1ea1b3d7cb63c8dc4d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b8eb243e670ecf30e91524dd12f7260dac07d335"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c8b5b7c5da7d0c31c9b7190b4a7bba5281fc4780"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ca8bed31edf728a662ef9d6f39f50e7a7dc2b5ad"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cce57cd8c5dead24127cf2308fdd60fcad2d6ba6"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-310"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GVJP-HXQQ-9FC2

Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19
VLAI
Details

An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27836"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-03T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file.",
  "id": "GHSA-gvjp-hxqq-9fc2",
  "modified": "2022-05-24T19:19:33Z",
  "published": "2022-05-24T19:19:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27836"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libxls/libxls/issues/94"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5D7XXCVFYRRMI4ENXYSD3MZEBS6SMI7E"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFOE4Z6T46LA47VXWUVET4ELXRZQ3BWB"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y6XOTFEOCHYKZAFCB6H3KNIIFJ3UFV7V"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GVMV-7RG8-V686

Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2022-05-24 17:09
VLAI
Details

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Dangling pointer dereference vulnerability. An authenticated attacker may do some special operations in the affected products in some special scenarios to exploit the vulnerability. Due to improper race conditions of different operations, successful exploit will lead to Dangling pointer dereference, causing some service abnormal.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1814"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-18T02:15:00Z",
    "severity": "LOW"
  },
  "details": "Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Dangling pointer dereference vulnerability. An authenticated attacker may do some special operations in the affected products in some special scenarios to exploit the vulnerability. Due to improper race conditions of different operations, successful exploit will lead to Dangling pointer dereference, causing some service abnormal.",
  "id": "GHSA-gvmv-7rg8-v686",
  "modified": "2022-05-24T17:09:15Z",
  "published": "2022-05-24T17:09:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1814"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-01-firewall-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GVQH-2PG4-FC8Q

Vulnerability from github – Published: 2025-05-13 18:30 – Updated: 2025-05-13 18:30
VLAI
Details

Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-29838"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-13T17:15:54Z",
    "severity": "HIGH"
  },
  "details": "Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally.",
  "id": "GHSA-gvqh-2pg4-fc8q",
  "modified": "2025-05-13T18:30:54Z",
  "published": "2025-05-13T18:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29838"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29838"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GVV6-QC64-74PQ

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-12-17 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Disable MACsec offload for uplink representor profile

MACsec offload is not supported in switchdev mode for uplink representors. When switching to the uplink representor profile, the MACsec offload feature must be cleared from the netdevice's features.

If left enabled, attempts to add offloads result in a null pointer dereference, as the uplink representor does not support MACsec offload even though the feature bit remains set.

Clear NETIF_F_HW_MACSEC in mlx5e_fix_uplink_rep_features().

Kernel log:

Oops: general protection fault, probably for non-canonical address 0xdffffc000000000f: 0000 [#1] SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000078-0x000000000000007f] CPU: 29 UID: 0 PID: 4714 Comm: ip Not tainted 6.14.0-rc4_for_upstream_debug_2025_03_02_17_35 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:__mutex_lock+0x128/0x1dd0 Code: d0 7c 08 84 d2 0f 85 ad 15 00 00 8b 35 91 5c fe 03 85 f6 75 29 49 8d 7e 60 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 a6 15 00 00 4d 3b 76 60 0f 85 fd 0b 00 00 65 ff RSP: 0018:ffff888147a4f160 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000078 RBP: ffff888147a4f2e0 R08: ffffffffa05d2c19 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 R13: dffffc0000000000 R14: 0000000000000018 R15: ffff888152de0000 FS: 00007f855e27d800(0000) GS:ffff88881ee80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004e5768 CR3: 000000013ae7c005 CR4: 0000000000372eb0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 Call Trace: ? die_addr+0x3d/0xa0 ? exc_general_protection+0x144/0x220 ? asm_exc_general_protection+0x22/0x30 ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core] ? __mutex_lock+0x128/0x1dd0 ? lockdep_set_lock_cmp_fn+0x190/0x190 ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core] ? mutex_lock_io_nested+0x1ae0/0x1ae0 ? lock_acquire+0x1c2/0x530 ? macsec_upd_offload+0x145/0x380 ? lockdep_hardirqs_on_prepare+0x400/0x400 ? kasan_save_stack+0x30/0x40 ? kasan_save_stack+0x20/0x40 ? kasan_save_track+0x10/0x30 ? __kasan_kmalloc+0x77/0x90 ? __kmalloc_noprof+0x249/0x6b0 ? genl_family_rcv_msg_attrs_parse.constprop.0+0xb5/0x240 ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core] mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core] ? mlx5e_macsec_add_rxsa+0x11a0/0x11a0 [mlx5_core] macsec_update_offload+0x26c/0x820 ? macsec_set_mac_address+0x4b0/0x4b0 ? lockdep_hardirqs_on_prepare+0x284/0x400 ? _raw_spin_unlock_irqrestore+0x47/0x50 macsec_upd_offload+0x2c8/0x380 ? macsec_update_offload+0x820/0x820 ? __nla_parse+0x22/0x30 ? genl_family_rcv_msg_attrs_parse.constprop.0+0x15e/0x240 genl_family_rcv_msg_doit+0x1cc/0x2a0 ? genl_family_rcv_msg_attrs_parse.constprop.0+0x240/0x240 ? cap_capable+0xd4/0x330 genl_rcv_msg+0x3ea/0x670 ? genl_family_rcv_msg_dumpit+0x2a0/0x2a0 ? lockdep_set_lock_cmp_fn+0x190/0x190 ? macsec_update_offload+0x820/0x820 netlink_rcv_skb+0x12b/0x390 ? genl_family_rcv_msg_dumpit+0x2a0/0x2a0 ? netlink_ack+0xd80/0xd80 ? rwsem_down_read_slowpath+0xf90/0xf90 ? netlink_deliver_tap+0xcd/0xac0 ? netlink_deliver_tap+0x155/0xac0 ? _copy_from_iter+0x1bb/0x12c0 genl_rcv+0x24/0x40 netlink_unicast+0x440/0x700 ? netlink_attachskb+0x760/0x760 ? lock_acquire+0x1c2/0x530 ? __might_fault+0xbb/0x170 netlink_sendmsg+0x749/0xc10 ? netlink_unicast+0x700/0x700 ? __might_fault+0xbb/0x170 ? netlink_unicast+0x700/0x700 __sock_sendmsg+0xc5/0x190 _syssendmsg+0x53f/0x760 ? import_iovec+0x7/0x10 ? kernel_sendmsg+0x30/0x30 ? copy_msghdr+0x3c0/0x3c0 ? filter_irq_stacks+0x90/0x90 ? stack_depot_save_flags+0x28/0xa30 ___sys_sen ---truncated---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38020"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T10:15:33Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Disable MACsec offload for uplink representor profile\n\nMACsec offload is not supported in switchdev mode for uplink\nrepresentors. When switching to the uplink representor profile, the\nMACsec offload feature must be cleared from the netdevice\u0027s features.\n\nIf left enabled, attempts to add offloads result in a null pointer\ndereference, as the uplink representor does not support MACsec offload\neven though the feature bit remains set.\n\nClear NETIF_F_HW_MACSEC in mlx5e_fix_uplink_rep_features().\n\nKernel log:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000000f: 0000 [#1] SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000078-0x000000000000007f]\nCPU: 29 UID: 0 PID: 4714 Comm: ip Not tainted 6.14.0-rc4_for_upstream_debug_2025_03_02_17_35 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__mutex_lock+0x128/0x1dd0\nCode: d0 7c 08 84 d2 0f 85 ad 15 00 00 8b 35 91 5c fe 03 85 f6 75 29 49 8d 7e 60 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 a6 15 00 00 4d 3b 76 60 0f 85 fd 0b 00 00 65 ff\nRSP: 0018:ffff888147a4f160 EFLAGS: 00010206\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000001\nRDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000078\nRBP: ffff888147a4f2e0 R08: ffffffffa05d2c19 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: dffffc0000000000 R14: 0000000000000018 R15: ffff888152de0000\nFS:  00007f855e27d800(0000) GS:ffff88881ee80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000004e5768 CR3: 000000013ae7c005 CR4: 0000000000372eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x3d/0xa0\n ? exc_general_protection+0x144/0x220\n ? asm_exc_general_protection+0x22/0x30\n ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core]\n ? __mutex_lock+0x128/0x1dd0\n ? lockdep_set_lock_cmp_fn+0x190/0x190\n ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core]\n ? mutex_lock_io_nested+0x1ae0/0x1ae0\n ? lock_acquire+0x1c2/0x530\n ? macsec_upd_offload+0x145/0x380\n ? lockdep_hardirqs_on_prepare+0x400/0x400\n ? kasan_save_stack+0x30/0x40\n ? kasan_save_stack+0x20/0x40\n ? kasan_save_track+0x10/0x30\n ? __kasan_kmalloc+0x77/0x90\n ? __kmalloc_noprof+0x249/0x6b0\n ? genl_family_rcv_msg_attrs_parse.constprop.0+0xb5/0x240\n ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core]\n mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core]\n ? mlx5e_macsec_add_rxsa+0x11a0/0x11a0 [mlx5_core]\n macsec_update_offload+0x26c/0x820\n ? macsec_set_mac_address+0x4b0/0x4b0\n ? lockdep_hardirqs_on_prepare+0x284/0x400\n ? _raw_spin_unlock_irqrestore+0x47/0x50\n macsec_upd_offload+0x2c8/0x380\n ? macsec_update_offload+0x820/0x820\n ? __nla_parse+0x22/0x30\n ? genl_family_rcv_msg_attrs_parse.constprop.0+0x15e/0x240\n genl_family_rcv_msg_doit+0x1cc/0x2a0\n ? genl_family_rcv_msg_attrs_parse.constprop.0+0x240/0x240\n ? cap_capable+0xd4/0x330\n genl_rcv_msg+0x3ea/0x670\n ? genl_family_rcv_msg_dumpit+0x2a0/0x2a0\n ? lockdep_set_lock_cmp_fn+0x190/0x190\n ? macsec_update_offload+0x820/0x820\n netlink_rcv_skb+0x12b/0x390\n ? genl_family_rcv_msg_dumpit+0x2a0/0x2a0\n ? netlink_ack+0xd80/0xd80\n ? rwsem_down_read_slowpath+0xf90/0xf90\n ? netlink_deliver_tap+0xcd/0xac0\n ? netlink_deliver_tap+0x155/0xac0\n ? _copy_from_iter+0x1bb/0x12c0\n genl_rcv+0x24/0x40\n netlink_unicast+0x440/0x700\n ? netlink_attachskb+0x760/0x760\n ? lock_acquire+0x1c2/0x530\n ? __might_fault+0xbb/0x170\n netlink_sendmsg+0x749/0xc10\n ? netlink_unicast+0x700/0x700\n ? __might_fault+0xbb/0x170\n ? netlink_unicast+0x700/0x700\n __sock_sendmsg+0xc5/0x190\n ____sys_sendmsg+0x53f/0x760\n ? import_iovec+0x7/0x10\n ? kernel_sendmsg+0x30/0x30\n ? __copy_msghdr+0x3c0/0x3c0\n ? filter_irq_stacks+0x90/0x90\n ? stack_depot_save_flags+0x28/0xa30\n ___sys_sen\n---truncated---",
  "id": "GHSA-gvv6-qc64-74pq",
  "modified": "2025-12-17T21:30:30Z",
  "published": "2025-06-18T12:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38020"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1a69d53922c1221351739f17837d38e317234e5d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1e577aeb51e9deba4f2c10edfcb07cb3cb406598"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1f80e6ff026041721d8089da8c269b1963628325"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/588431474eb7572e57a927fa8558c9ba2f8af143"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b48a47e137cedfd79655accaeeea6b296ad0b9e1"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GVWQ-VP5C-RPM6

Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-11 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/mediatek: dp: Only trigger DRM HPD events if bridge is attached

The MediaTek DisplayPort interface bridge driver starts its interrupts as soon as its probed. However when the interrupts trigger the bridge might not have been attached to a DRM device. As drm_helper_hpd_irq_event() does not check whether the passed in drm_device is valid or not, a NULL pointer passed in results in a kernel NULL pointer dereference in it.

Check whether the bridge is attached and only trigger an HPD event if it is.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53389"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T14:15:42Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: dp: Only trigger DRM HPD events if bridge is attached\n\nThe MediaTek DisplayPort interface bridge driver starts its interrupts\nas soon as its probed. However when the interrupts trigger the bridge\nmight not have been attached to a DRM device. As drm_helper_hpd_irq_event()\ndoes not check whether the passed in drm_device is valid or not, a NULL\npointer passed in results in a kernel NULL pointer dereference in it.\n\nCheck whether the bridge is attached and only trigger an HPD event if\nit is.",
  "id": "GHSA-gvwq-vp5c-rpm6",
  "modified": "2025-12-11T18:30:34Z",
  "published": "2025-09-18T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53389"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3551789d0635dfb2df8ab8e7fdbf0647e9c1724c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/36b617f7e4ae663fcadd202ea061ca695ca75539"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6524d3d58797975cc40b85be1e9b89721b4e8d0b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d1c04e338016ae2517c641806a831b1f3eee2bed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GW7X-JCRQ-44C3

Vulnerability from github – Published: 2024-12-28 12:30 – Updated: 2025-01-08 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: core: Fix possible NULL dereference caused by kunit_kzalloc()

kunit_kzalloc() may return a NULL pointer, dereferencing it without NULL check may lead to NULL dereference. Add NULL checks for all the kunit_kzalloc() in sound_kunit.c

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56696"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-28T10:15:15Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: core: Fix possible NULL dereference caused by kunit_kzalloc()\n\nkunit_kzalloc() may return a NULL pointer, dereferencing it without\nNULL check may lead to NULL dereference.\nAdd NULL checks for all the kunit_kzalloc() in sound_kunit.c",
  "id": "GHSA-gw7x-jcrq-44c3",
  "modified": "2025-01-08T18:30:48Z",
  "published": "2024-12-28T12:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56696"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8bfff486ecc79a72e9380e2d5e0ff234d5542d2f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9ad467a2b2716d4ed12f003b041aa6c776a13ff5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f5486bf8abfe778b368d8fd1aa655dc01d0013ca"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GW9F-FRR6-H3C2

Vulnerability from github – Published: 2025-05-14 18:30 – Updated: 2025-05-14 18:30
VLAI
Details

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-30667"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-14T18:15:30Z",
    "severity": "MODERATE"
  },
  "details": "NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.",
  "id": "GHSA-gw9f-frr6-h3c2",
  "modified": "2025-05-14T18:30:51Z",
  "published": "2025-05-14T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30667"
    },
    {
      "type": "WEB",
      "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25019"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GW9V-F3C7-QFQV

Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2024-07-03 18:34
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ice: fix uninitialized dplls mutex usage

The pf->dplls.lock mutex is initialized too late, after its first use. Move it to the top of ice_dpll_init. Note that the "err_exit" error path destroys the mutex. And the mutex is the last thing destroyed in ice_dpll_deinit. This fixes the following warning with CONFIG_DEBUG_MUTEXES:

ice 0000:10:00.0: The DDP package was successfully loaded: ICE OS Default Package version 1.3.36.0 ice 0000:10:00.0: 252.048 Gb/s available PCIe bandwidth (16.0 GT/s PCIe x16 link) ice 0000:10:00.0: PTP init successful ------------[ cut here ]------------ DEBUG_LOCKS_WARN_ON(lock->magic != lock) WARNING: CPU: 0 PID: 410 at kernel/locking/mutex.c:587 __mutex_lock+0x773/0xd40 Modules linked in: crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic ice(+) nvme nvme_c> CPU: 0 PID: 410 Comm: kworker/0:4 Not tainted 6.8.0-rc5+ #3 Hardware name: HPE ProLiant DL110 Gen10 Plus/ProLiant DL110 Gen10 Plus, BIOS U56 10/19/2023 Workqueue: events work_for_cpu_fn RIP: 0010:__mutex_lock+0x773/0xd40 Code: c0 0f 84 1d f9 ff ff 44 8b 35 0d 9c 69 01 45 85 f6 0f 85 0d f9 ff ff 48 c7 c6 12 a2 a9 85 48 c7 c7 12 f1 a> RSP: 0018:ff7eb1a3417a7ae0 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000 RDX: 0000000000000002 RSI: ffffffff85ac2bff RDI: 00000000ffffffff RBP: ff7eb1a3417a7b80 R08: 0000000000000000 R09: 00000000ffffbfff R10: ff7eb1a3417a7978 R11: ff32b80f7fd2e568 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ff32b7f02c50e0d8 FS: 0000000000000000(0000) GS:ff32b80efe800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055b5852cc000 CR3: 000000003c43a004 CR4: 0000000000771ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: ? __warn+0x84/0x170 ? __mutex_lock+0x773/0xd40 ? report_bug+0x1c7/0x1d0 ? prb_read_valid+0x1b/0x30 ? handle_bug+0x42/0x70 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? __mutex_lock+0x773/0xd40 ? rcu_is_watching+0x11/0x50 ? __kmalloc_node_track_caller+0x346/0x490 ? ice_dpll_lock_status_get+0x28/0x50 [ice] ? __pfx_ice_dpll_lock_status_get+0x10/0x10 [ice] ? ice_dpll_lock_status_get+0x28/0x50 [ice] ice_dpll_lock_status_get+0x28/0x50 [ice] dpll_device_get_one+0x14f/0x2e0 dpll_device_event_send+0x7d/0x150 dpll_device_register+0x124/0x180 ice_dpll_init_dpll+0x7b/0xd0 [ice] ice_dpll_init+0x224/0xa40 [ice] ? _dev_info+0x70/0x90 ice_load+0x468/0x690 [ice] ice_probe+0x75b/0xa10 [ice] ? _raw_spin_unlock_irqrestore+0x4f/0x80 ? process_one_work+0x1a3/0x500 local_pci_probe+0x47/0xa0 work_for_cpu_fn+0x17/0x30 process_one_work+0x20d/0x500 worker_thread+0x1df/0x3e0 ? __pfx_worker_thread+0x10/0x10 kthread+0x103/0x140 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 irq event stamp: 125197 hardirqs last enabled at (125197): [] finish_task_switch.isra.0+0x12d/0x3d0 hardirqs last disabled at (125196): [] __schedule+0xea4/0x19f0 softirqs last enabled at (105334): [] napi_get_frags_check+0x1a/0x60 softirqs last disabled at (105332): [] napi_get_frags_check+0x1a/0x60 ---[ end trace 0000000000000000 ]---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26854"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-17T11:15:08Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix uninitialized dplls mutex usage\n\nThe pf-\u003edplls.lock mutex is initialized too late, after its first use.\nMove it to the top of ice_dpll_init.\nNote that the \"err_exit\" error path destroys the mutex. And the mutex is\nthe last thing destroyed in ice_dpll_deinit.\nThis fixes the following warning with CONFIG_DEBUG_MUTEXES:\n\n ice 0000:10:00.0: The DDP package was successfully loaded: ICE OS Default Package version 1.3.36.0\n ice 0000:10:00.0: 252.048 Gb/s available PCIe bandwidth (16.0 GT/s PCIe x16 link)\n ice 0000:10:00.0: PTP init successful\n ------------[ cut here ]------------\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n WARNING: CPU: 0 PID: 410 at kernel/locking/mutex.c:587 __mutex_lock+0x773/0xd40\n Modules linked in: crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic ice(+) nvme nvme_c\u003e\n CPU: 0 PID: 410 Comm: kworker/0:4 Not tainted 6.8.0-rc5+ #3\n Hardware name: HPE ProLiant DL110 Gen10 Plus/ProLiant DL110 Gen10 Plus, BIOS U56 10/19/2023\n Workqueue: events work_for_cpu_fn\n RIP: 0010:__mutex_lock+0x773/0xd40\n Code: c0 0f 84 1d f9 ff ff 44 8b 35 0d 9c 69 01 45 85 f6 0f 85 0d f9 ff ff 48 c7 c6 12 a2 a9 85 48 c7 c7 12 f1 a\u003e\n RSP: 0018:ff7eb1a3417a7ae0 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000\n RDX: 0000000000000002 RSI: ffffffff85ac2bff RDI: 00000000ffffffff\n RBP: ff7eb1a3417a7b80 R08: 0000000000000000 R09: 00000000ffffbfff\n R10: ff7eb1a3417a7978 R11: ff32b80f7fd2e568 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: ff32b7f02c50e0d8\n FS:  0000000000000000(0000) GS:ff32b80efe800000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055b5852cc000 CR3: 000000003c43a004 CR4: 0000000000771ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n  \u003cTASK\u003e\n  ? __warn+0x84/0x170\n  ? __mutex_lock+0x773/0xd40\n  ? report_bug+0x1c7/0x1d0\n  ? prb_read_valid+0x1b/0x30\n  ? handle_bug+0x42/0x70\n  ? exc_invalid_op+0x18/0x70\n  ? asm_exc_invalid_op+0x1a/0x20\n  ? __mutex_lock+0x773/0xd40\n  ? rcu_is_watching+0x11/0x50\n  ? __kmalloc_node_track_caller+0x346/0x490\n  ? ice_dpll_lock_status_get+0x28/0x50 [ice]\n  ? __pfx_ice_dpll_lock_status_get+0x10/0x10 [ice]\n  ? ice_dpll_lock_status_get+0x28/0x50 [ice]\n  ice_dpll_lock_status_get+0x28/0x50 [ice]\n  dpll_device_get_one+0x14f/0x2e0\n  dpll_device_event_send+0x7d/0x150\n  dpll_device_register+0x124/0x180\n  ice_dpll_init_dpll+0x7b/0xd0 [ice]\n  ice_dpll_init+0x224/0xa40 [ice]\n  ? _dev_info+0x70/0x90\n  ice_load+0x468/0x690 [ice]\n  ice_probe+0x75b/0xa10 [ice]\n  ? _raw_spin_unlock_irqrestore+0x4f/0x80\n  ? process_one_work+0x1a3/0x500\n  local_pci_probe+0x47/0xa0\n  work_for_cpu_fn+0x17/0x30\n  process_one_work+0x20d/0x500\n  worker_thread+0x1df/0x3e0\n  ? __pfx_worker_thread+0x10/0x10\n  kthread+0x103/0x140\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork+0x31/0x50\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork_asm+0x1b/0x30\n  \u003c/TASK\u003e\n irq event stamp: 125197\n hardirqs last  enabled at (125197): [\u003cffffffff8416409d\u003e] finish_task_switch.isra.0+0x12d/0x3d0\n hardirqs last disabled at (125196): [\u003cffffffff85134044\u003e] __schedule+0xea4/0x19f0\n softirqs last  enabled at (105334): [\u003cffffffff84e1e65a\u003e] napi_get_frags_check+0x1a/0x60\n softirqs last disabled at (105332): [\u003cffffffff84e1e65a\u003e] napi_get_frags_check+0x1a/0x60\n ---[ end trace 0000000000000000 ]---",
  "id": "GHSA-gw9v-f3c7-qfqv",
  "modified": "2024-07-03T18:34:45Z",
  "published": "2024-04-17T12:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26854"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9224fc86f1776193650a33a275cac628952f80a9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/db29ceff3e25c48907016da456a7cbee6310fd83"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.