CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-H6RM-FWMF-3CQC
Vulnerability from github – Published: 2025-08-16 12:30 – Updated: 2026-01-07 18:30In the Linux kernel, the following vulnerability has been resolved:
wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
There is a potential NULL pointer dereference in zd_mac_tx_to_dev(). For example, the following is possible:
T0 T1
zd_mac_tx_to_dev() / len == skb_queue_len(q) / while (len > ZD_MAC_MAX_ACK_WAITERS) {
filter_ack()
spin_lock_irqsave(&q->lock, flags);
/* position == skb_queue_len(q) */
for (i=1; i<position; i++)
skb = __skb_dequeue(q)
if (mac->type == NL80211_IFTYPE_AP)
skb = __skb_dequeue(q);
spin_unlock_irqrestore(&q->lock, flags);
skb_dequeue() -> NULL
Since there is a small gap between checking skb queue length and skb being unconditionally dequeued in zd_mac_tx_to_dev(), skb_dequeue() can return NULL. Then the pointer is passed to zd_mac_tx_status() where it is dereferenced.
In order to avoid potential NULL pointer dereference due to situations like above, check if skb is not NULL before passing it to zd_mac_tx_status().
Found by Linux Verification Center (linuxtesting.org) with SVACE.
{
"affected": [],
"aliases": [
"CVE-2025-38513"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-16T11:15:44Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()\n\nThere is a potential NULL pointer dereference in zd_mac_tx_to_dev(). For\nexample, the following is possible:\n\n \tT0\t\t\t \t\tT1\nzd_mac_tx_to_dev()\n /* len == skb_queue_len(q) */\n while (len \u003e ZD_MAC_MAX_ACK_WAITERS) {\n\n\t\t\t\t\t filter_ack()\n\t\t\t\t\t spin_lock_irqsave(\u0026q-\u003elock, flags);\n\t\t\t\t\t /* position == skb_queue_len(q) */\n\t\t\t\t\t for (i=1; i\u003cposition; i++)\n\t\t\t\t \t skb = __skb_dequeue(q)\n\n\t\t\t\t\t if (mac-\u003etype == NL80211_IFTYPE_AP)\n\t\t\t\t\t skb = __skb_dequeue(q);\n\t\t\t\t\t spin_unlock_irqrestore(\u0026q-\u003elock, flags);\n\n skb_dequeue() -\u003e NULL\n\nSince there is a small gap between checking skb queue length and skb being\nunconditionally dequeued in zd_mac_tx_to_dev(), skb_dequeue() can return NULL.\nThen the pointer is passed to zd_mac_tx_status() where it is dereferenced.\n\nIn order to avoid potential NULL pointer dereference due to situations like\nabove, check if skb is not NULL before passing it to zd_mac_tx_status().\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"id": "GHSA-h6rm-fwmf-3cqc",
"modified": "2026-01-07T18:30:19Z",
"published": "2025-08-16T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38513"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/014c34dc132015c4f918ada4982e952947ac1047"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5420de65efbeb6503bcf1d43451c9df67ad60298"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/602b4eb2f25668de15de69860ec99caf65b3684d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/74b1ec9f5d627d2bdd5e5b6f3f81c23317657023"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/adf08c96b963c7cd7ec1ee1c0c556228d9bedaae"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b24f65c184540dfb967479320ecf7e8c2e9220dc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c1958270de947604cc6de05fc96dbba256b49cf0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fcd9c923b58e86501450b9b442ccc7ce4a8d0fda"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H6WJ-6663-2GVH
Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-05-22 00:31In the Linux kernel, the following vulnerability has been resolved:
drbd: fix null-pointer dereference on local read error
In drbd_request_endio(), READ_COMPLETED_WITH_ERROR is passed to __req_mod() with a NULL peer_device:
__req_mod(req, what, NULL, &m);
The READ_COMPLETED_WITH_ERROR handler then unconditionally passes this NULL peer_device to drbd_set_out_of_sync(), which dereferences it, causing a null-pointer dereference.
Fix this by obtaining the peer_device via first_peer_device(device), matching how drbd_req_destroy() handles the same situation.
{
"affected": [],
"aliases": [
"CVE-2026-23285"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T11:16:23Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: fix null-pointer dereference on local read error\n\nIn drbd_request_endio(), READ_COMPLETED_WITH_ERROR is passed to\n__req_mod() with a NULL peer_device:\n\n __req_mod(req, what, NULL, \u0026m);\n\nThe READ_COMPLETED_WITH_ERROR handler then unconditionally passes this\nNULL peer_device to drbd_set_out_of_sync(), which dereferences it,\ncausing a null-pointer dereference.\n\nFix this by obtaining the peer_device via first_peer_device(device),\nmatching how drbd_req_destroy() handles the same situation.",
"id": "GHSA-h6wj-6663-2gvh",
"modified": "2026-05-22T00:31:15Z",
"published": "2026-03-25T12:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23285"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0d195d3b205ca90db30d70d09d7bb6909aac178f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1e906c08594c8f9a6a524f38ede2c4e051196106"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4e8935053ba389ae8d6685c10854d8021931bd89"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6f1d1614f841d91a4169db65812ffd1271735b42"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/91df51d2df0ca4fd3281f73626341563d64a98a5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H6WR-63V9-2M6H
Vulnerability from github – Published: 2024-04-10 21:30 – Updated: 2025-01-14 15:30In the Linux kernel, the following vulnerability has been resolved:
selinux: fix NULL-pointer dereference when hashtab allocation fails
When the hash table slot array allocation fails in hashtab_init(), h->size is left initialized with a non-zero value, but the h->htable pointer is NULL. This may then cause a NULL pointer dereference, since the policydb code relies on the assumption that even after a failed hashtab_init(), hashtab_map() and hashtab_destroy() can be safely called on it. Yet, these detect an empty hashtab only by looking at the size.
Fix this by making sure that hashtab_init() always leaves behind a valid empty hashtab when the allocation fails.
{
"affected": [],
"aliases": [
"CVE-2021-47218"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-10T19:15:48Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: fix NULL-pointer dereference when hashtab allocation fails\n\nWhen the hash table slot array allocation fails in hashtab_init(),\nh-\u003esize is left initialized with a non-zero value, but the h-\u003ehtable\npointer is NULL. This may then cause a NULL pointer dereference, since\nthe policydb code relies on the assumption that even after a failed\nhashtab_init(), hashtab_map() and hashtab_destroy() can be safely called\non it. Yet, these detect an empty hashtab only by looking at the size.\n\nFix this by making sure that hashtab_init() always leaves behind a valid\nempty hashtab when the allocation fails.",
"id": "GHSA-h6wr-63v9-2m6h",
"modified": "2025-01-14T15:30:48Z",
"published": "2024-04-10T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47218"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/83c8ab8503adf56bf68dafc7a382f4946c87da79"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b17dd53cac769dd13031b0ca34f90cc65e523fab"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dc27f3c5d10c58069672215787a96b4fae01818b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H73V-7W7M-QJ4R
Vulnerability from github – Published: 2024-12-16 18:31 – Updated: 2024-12-16 18:31A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Affected by this vulnerability is the function 0x220408 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-12654"
],
"database_specific": {
"cwe_ids": [
"CWE-404",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-16T16:15:06Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Affected by this vulnerability is the function 0x220408 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-h73v-7w7m-qj4r",
"modified": "2024-12-16T18:31:09Z",
"published": "2024-12-16T18:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12654"
},
{
"type": "WEB",
"url": "https://shareforall.notion.site/FabulaTech-USB-over-Network-Client-ftusbbus2-0x220408-NPD-DOS-15160437bb1e803e9b3df784e61c6dcd"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.288523"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.288523"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.456028"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-H74M-54FH-XP9P
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.
{
"affected": [],
"aliases": [
"CVE-2014-5077"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-08-01T11:13:00Z",
"severity": "HIGH"
},
"details": "The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.",
"id": "GHSA-h74m-54fh-xp9p",
"modified": "2022-05-13T01:23:44Z",
"published": "2022-05-13T01:23:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5077"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/1be9a950c646c9092fb3618197f7b6bfb50e82aa"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:1083"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:1392"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:1668"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:1724"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:1763"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:1872"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2014-5077"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1122982"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95134"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1be9a950c646c9092fb3618197f7b6bfb50e82aa"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1083.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1668.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1763.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59777"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60430"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60545"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60564"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60744"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/62563"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2014/07/26/1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/68881"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1030681"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2334-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2335-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2358-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2359-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-H77R-2P45-QP9H
Vulnerability from github – Published: 2025-03-25 15:31 – Updated: 2025-03-25 15:31A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections.
The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2024-11499"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-25T13:15:39Z",
"severity": "MODERATE"
},
"details": "A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections.\n\nThe affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.",
"id": "GHSA-h77r-2p45-qp9h",
"modified": "2025-03-25T15:31:29Z",
"published": "2025-03-25T15:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11499"
},
{
"type": "WEB",
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207\u0026languageCode=en\u0026Preview=true"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-H7G6-MWMP-G4CJ
Vulnerability from github – Published: 2024-11-05 18:32 – Updated: 2024-11-08 21:33In the Linux kernel, the following vulnerability has been resolved:
md/raid10: fix null ptr dereference in raid10_size()
In raid10_run() if raid10_set_queue_limits() succeed, the return value is set to zero, and if following procedures failed raid10_run() will return zero while mddev->private is still NULL, causing null ptr dereference in raid10_size().
Fix the problem by only overwrite the return value if raid10_set_queue_limits() failed.
{
"affected": [],
"aliases": [
"CVE-2024-50109"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-05T18:15:14Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: fix null ptr dereference in raid10_size()\n\nIn raid10_run() if raid10_set_queue_limits() succeed, the return value\nis set to zero, and if following procedures failed raid10_run() will\nreturn zero while mddev-\u003eprivate is still NULL, causing null ptr\ndereference in raid10_size().\n\nFix the problem by only overwrite the return value if\nraid10_set_queue_limits() failed.",
"id": "GHSA-h7g6-mwmp-g4cj",
"modified": "2024-11-08T21:33:53Z",
"published": "2024-11-05T18:32:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50109"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/825711e00117fc686ab89ac36a9a7b252dc349c6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b3054db2fd2d35f2eb3b4b5fb1407792f465391c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H7H5-4HM9-WWX3
Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-12-03 18:30In the Linux kernel, the following vulnerability has been resolved:
Drivers: vmbus: Check for channel allocation before looking up relids
relid2channel() assumes vmbus channel array to be allocated when called. However, in cases such as kdump/kexec, not all relids will be reset by the host. When the second kernel boots and if the guest receives a vmbus interrupt during vmbus driver initialization before vmbus_connect() is called, before it finishes, or if it fails, the vmbus interrupt service routine is called which in turn calls relid2channel() and can cause a null pointer dereference.
Print a warning and error out in relid2channel() for a channel id that's invalid in the second kernel.
{
"affected": [],
"aliases": [
"CVE-2023-53273"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-16T08:15:36Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: vmbus: Check for channel allocation before looking up relids\n\nrelid2channel() assumes vmbus channel array to be allocated when called.\nHowever, in cases such as kdump/kexec, not all relids will be reset by the host.\nWhen the second kernel boots and if the guest receives a vmbus interrupt during\nvmbus driver initialization before vmbus_connect() is called, before it finishes,\nor if it fails, the vmbus interrupt service routine is called which in turn calls\nrelid2channel() and can cause a null pointer dereference.\n\nPrint a warning and error out in relid2channel() for a channel id that\u0027s invalid\nin the second kernel.",
"id": "GHSA-h7h5-4hm9-wwx3",
"modified": "2025-12-03T18:30:20Z",
"published": "2025-09-16T15:32:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53273"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/176c6b4889195fbe7016d9401175b48c5c9edf68"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1eb65c8687316c65140b48fad27133d583178e15"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8c3f0ae5435fd20bb1e3a8308488aa6ac33151ee"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a5c44f3446a0565139b7d8abc78f58b86c398123"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c373e49fbb87aa177819866ed9194ebc5414dfd6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H7M2-QRW8-57P9
Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
{
"affected": [],
"aliases": [
"CVE-2019-16455"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-19T15:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",
"id": "GHSA-h7m2-qrw8-57p9",
"modified": "2022-05-24T17:04:43Z",
"published": "2022-05-24T17:04:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16455"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-55.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-H7MH-FFWW-7V4W
Vulnerability from github – Published: 2022-10-18 12:00 – Updated: 2022-10-20 19:00A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-3563"
],
"database_specific": {
"cwe_ids": [
"CWE-404",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-17T19:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.",
"id": "GHSA-h7mh-ffww-7v4w",
"modified": "2022-10-20T19:00:36Z",
"published": "2022-10-18T12:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3563"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.211086"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.