Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-H6RM-FWMF-3CQC

Vulnerability from github – Published: 2025-08-16 12:30 – Updated: 2026-01-07 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()

There is a potential NULL pointer dereference in zd_mac_tx_to_dev(). For example, the following is possible:

    T0                      T1

zd_mac_tx_to_dev() / len == skb_queue_len(q) / while (len > ZD_MAC_MAX_ACK_WAITERS) {

                  filter_ack()
                    spin_lock_irqsave(&q->lock, flags);
                    /* position == skb_queue_len(q) */
                    for (i=1; i<position; i++)
                          skb = __skb_dequeue(q)

                    if (mac->type == NL80211_IFTYPE_AP)
                      skb = __skb_dequeue(q);
                    spin_unlock_irqrestore(&q->lock, flags);

skb_dequeue() -> NULL

Since there is a small gap between checking skb queue length and skb being unconditionally dequeued in zd_mac_tx_to_dev(), skb_dequeue() can return NULL. Then the pointer is passed to zd_mac_tx_status() where it is dereferenced.

In order to avoid potential NULL pointer dereference due to situations like above, check if skb is not NULL before passing it to zd_mac_tx_status().

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38513"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-16T11:15:44Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()\n\nThere is a potential NULL pointer dereference in zd_mac_tx_to_dev(). For\nexample, the following is possible:\n\n    \tT0\t\t\t    \t\tT1\nzd_mac_tx_to_dev()\n  /* len == skb_queue_len(q) */\n  while (len \u003e ZD_MAC_MAX_ACK_WAITERS) {\n\n\t\t\t\t\t  filter_ack()\n\t\t\t\t\t    spin_lock_irqsave(\u0026q-\u003elock, flags);\n\t\t\t\t\t    /* position == skb_queue_len(q) */\n\t\t\t\t\t    for (i=1; i\u003cposition; i++)\n\t\t\t\t    \t      skb = __skb_dequeue(q)\n\n\t\t\t\t\t    if (mac-\u003etype == NL80211_IFTYPE_AP)\n\t\t\t\t\t      skb = __skb_dequeue(q);\n\t\t\t\t\t    spin_unlock_irqrestore(\u0026q-\u003elock, flags);\n\n    skb_dequeue() -\u003e NULL\n\nSince there is a small gap between checking skb queue length and skb being\nunconditionally dequeued in zd_mac_tx_to_dev(), skb_dequeue() can return NULL.\nThen the pointer is passed to zd_mac_tx_status() where it is dereferenced.\n\nIn order to avoid potential NULL pointer dereference due to situations like\nabove, check if skb is not NULL before passing it to zd_mac_tx_status().\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
  "id": "GHSA-h6rm-fwmf-3cqc",
  "modified": "2026-01-07T18:30:19Z",
  "published": "2025-08-16T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38513"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/014c34dc132015c4f918ada4982e952947ac1047"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5420de65efbeb6503bcf1d43451c9df67ad60298"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/602b4eb2f25668de15de69860ec99caf65b3684d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/74b1ec9f5d627d2bdd5e5b6f3f81c23317657023"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/adf08c96b963c7cd7ec1ee1c0c556228d9bedaae"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b24f65c184540dfb967479320ecf7e8c2e9220dc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c1958270de947604cc6de05fc96dbba256b49cf0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fcd9c923b58e86501450b9b442ccc7ce4a8d0fda"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H6WJ-6663-2GVH

Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-05-22 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drbd: fix null-pointer dereference on local read error

In drbd_request_endio(), READ_COMPLETED_WITH_ERROR is passed to __req_mod() with a NULL peer_device:

__req_mod(req, what, NULL, &m);

The READ_COMPLETED_WITH_ERROR handler then unconditionally passes this NULL peer_device to drbd_set_out_of_sync(), which dereferences it, causing a null-pointer dereference.

Fix this by obtaining the peer_device via first_peer_device(device), matching how drbd_req_destroy() handles the same situation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23285"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T11:16:23Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: fix null-pointer dereference on local read error\n\nIn drbd_request_endio(), READ_COMPLETED_WITH_ERROR is passed to\n__req_mod() with a NULL peer_device:\n\n  __req_mod(req, what, NULL, \u0026m);\n\nThe READ_COMPLETED_WITH_ERROR handler then unconditionally passes this\nNULL peer_device to drbd_set_out_of_sync(), which dereferences it,\ncausing a null-pointer dereference.\n\nFix this by obtaining the peer_device via first_peer_device(device),\nmatching how drbd_req_destroy() handles the same situation.",
  "id": "GHSA-h6wj-6663-2gvh",
  "modified": "2026-05-22T00:31:15Z",
  "published": "2026-03-25T12:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23285"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d195d3b205ca90db30d70d09d7bb6909aac178f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1e906c08594c8f9a6a524f38ede2c4e051196106"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4e8935053ba389ae8d6685c10854d8021931bd89"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6f1d1614f841d91a4169db65812ffd1271735b42"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/91df51d2df0ca4fd3281f73626341563d64a98a5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H6WR-63V9-2M6H

Vulnerability from github – Published: 2024-04-10 21:30 – Updated: 2025-01-14 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

selinux: fix NULL-pointer dereference when hashtab allocation fails

When the hash table slot array allocation fails in hashtab_init(), h->size is left initialized with a non-zero value, but the h->htable pointer is NULL. This may then cause a NULL pointer dereference, since the policydb code relies on the assumption that even after a failed hashtab_init(), hashtab_map() and hashtab_destroy() can be safely called on it. Yet, these detect an empty hashtab only by looking at the size.

Fix this by making sure that hashtab_init() always leaves behind a valid empty hashtab when the allocation fails.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47218"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-10T19:15:48Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: fix NULL-pointer dereference when hashtab allocation fails\n\nWhen the hash table slot array allocation fails in hashtab_init(),\nh-\u003esize is left initialized with a non-zero value, but the h-\u003ehtable\npointer is NULL. This may then cause a NULL pointer dereference, since\nthe policydb code relies on the assumption that even after a failed\nhashtab_init(), hashtab_map() and hashtab_destroy() can be safely called\non it. Yet, these detect an empty hashtab only by looking at the size.\n\nFix this by making sure that hashtab_init() always leaves behind a valid\nempty hashtab when the allocation fails.",
  "id": "GHSA-h6wr-63v9-2m6h",
  "modified": "2025-01-14T15:30:48Z",
  "published": "2024-04-10T21:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47218"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/83c8ab8503adf56bf68dafc7a382f4946c87da79"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b17dd53cac769dd13031b0ca34f90cc65e523fab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dc27f3c5d10c58069672215787a96b4fae01818b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H73V-7W7M-QJ4R

Vulnerability from github – Published: 2024-12-16 18:31 – Updated: 2024-12-16 18:31
VLAI
Details

A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Affected by this vulnerability is the function 0x220408 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12654"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-404",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-16T16:15:06Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Affected by this vulnerability is the function 0x220408 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-h73v-7w7m-qj4r",
  "modified": "2024-12-16T18:31:09Z",
  "published": "2024-12-16T18:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12654"
    },
    {
      "type": "WEB",
      "url": "https://shareforall.notion.site/FabulaTech-USB-over-Network-Client-ftusbbus2-0x220408-NPD-DOS-15160437bb1e803e9b3df784e61c6dcd"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.288523"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.288523"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.456028"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-H74M-54FH-XP9P

Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23
VLAI
Details

The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-5077"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-08-01T11:13:00Z",
    "severity": "HIGH"
  },
  "details": "The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.",
  "id": "GHSA-h74m-54fh-xp9p",
  "modified": "2022-05-13T01:23:44Z",
  "published": "2022-05-13T01:23:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5077"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/1be9a950c646c9092fb3618197f7b6bfb50e82aa"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:1083"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:1392"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:1668"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:1724"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:1763"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:1872"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2014-5077"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1122982"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95134"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1be9a950c646c9092fb3618197f7b6bfb50e82aa"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1083.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1668.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1763.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59777"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60430"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60545"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60564"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60744"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62563"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/07/26/1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/68881"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030681"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2334-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2335-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2358-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2359-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-H77R-2P45-QP9H

Vulnerability from github – Published: 2025-03-25 15:31 – Updated: 2025-03-25 15:31
VLAI
Details

A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections.

The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-11499"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-25T13:15:39Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections.\n\nThe affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.",
  "id": "GHSA-h77r-2p45-qp9h",
  "modified": "2025-03-25T15:31:29Z",
  "published": "2025-03-25T15:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11499"
    },
    {
      "type": "WEB",
      "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207\u0026languageCode=en\u0026Preview=true"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-H7G6-MWMP-G4CJ

Vulnerability from github – Published: 2024-11-05 18:32 – Updated: 2024-11-08 21:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

md/raid10: fix null ptr dereference in raid10_size()

In raid10_run() if raid10_set_queue_limits() succeed, the return value is set to zero, and if following procedures failed raid10_run() will return zero while mddev->private is still NULL, causing null ptr dereference in raid10_size().

Fix the problem by only overwrite the return value if raid10_set_queue_limits() failed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50109"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-05T18:15:14Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: fix null ptr dereference in raid10_size()\n\nIn raid10_run() if raid10_set_queue_limits() succeed, the return value\nis set to zero, and if following procedures failed raid10_run() will\nreturn zero while mddev-\u003eprivate is still NULL, causing null ptr\ndereference in raid10_size().\n\nFix the problem by only overwrite the return value if\nraid10_set_queue_limits() failed.",
  "id": "GHSA-h7g6-mwmp-g4cj",
  "modified": "2024-11-08T21:33:53Z",
  "published": "2024-11-05T18:32:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50109"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/825711e00117fc686ab89ac36a9a7b252dc349c6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b3054db2fd2d35f2eb3b4b5fb1407792f465391c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H7H5-4HM9-WWX3

Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-12-03 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

Drivers: vmbus: Check for channel allocation before looking up relids

relid2channel() assumes vmbus channel array to be allocated when called. However, in cases such as kdump/kexec, not all relids will be reset by the host. When the second kernel boots and if the guest receives a vmbus interrupt during vmbus driver initialization before vmbus_connect() is called, before it finishes, or if it fails, the vmbus interrupt service routine is called which in turn calls relid2channel() and can cause a null pointer dereference.

Print a warning and error out in relid2channel() for a channel id that's invalid in the second kernel.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53273"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T08:15:36Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: vmbus: Check for channel allocation before looking up relids\n\nrelid2channel() assumes vmbus channel array to be allocated when called.\nHowever, in cases such as kdump/kexec, not all relids will be reset by the host.\nWhen the second kernel boots and if the guest receives a vmbus interrupt during\nvmbus driver initialization before vmbus_connect() is called, before it finishes,\nor if it fails, the vmbus interrupt service routine is called which in turn calls\nrelid2channel() and can cause a null pointer dereference.\n\nPrint a warning and error out in relid2channel() for a channel id that\u0027s invalid\nin the second kernel.",
  "id": "GHSA-h7h5-4hm9-wwx3",
  "modified": "2025-12-03T18:30:20Z",
  "published": "2025-09-16T15:32:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53273"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/176c6b4889195fbe7016d9401175b48c5c9edf68"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1eb65c8687316c65140b48fad27133d583178e15"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8c3f0ae5435fd20bb1e3a8308488aa6ac33151ee"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a5c44f3446a0565139b7d8abc78f58b86c398123"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c373e49fbb87aa177819866ed9194ebc5414dfd6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H7M2-QRW8-57P9

Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04
VLAI
Details

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-16455"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-19T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",
  "id": "GHSA-h7m2-qrw8-57p9",
  "modified": "2022-05-24T17:04:43Z",
  "published": "2022-05-24T17:04:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16455"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-55.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-H7MH-FFWW-7V4W

Vulnerability from github – Published: 2022-10-18 12:00 – Updated: 2022-10-20 19:00
VLAI
Details

A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3563"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-404",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-17T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.",
  "id": "GHSA-h7mh-ffww-7v4w",
  "modified": "2022-10-20T19:00:36Z",
  "published": "2022-10-18T12:00:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3563"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.211086"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.