Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-M446-4VPX-74QM

Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04
VLAI
Details

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-16446"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-19T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",
  "id": "GHSA-m446-4vpx-74qm",
  "modified": "2022-05-24T17:04:42Z",
  "published": "2022-05-24T17:04:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16446"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-55.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-M46H-9PV9-W5XP

Vulnerability from github – Published: 2024-02-14 18:30 – Updated: 2024-06-10 18:30
VLAI
Details

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.

Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .

NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-24989"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-14T17:15:15Z",
    "severity": "HIGH"
  },
  "details": "\nWhen NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.\n\nNote: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to  Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .\n\n\n\nNOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated\n\n\n\n\n\n\n\n\n",
  "id": "GHSA-m46h-9pv9-w5xp",
  "modified": "2024-06-10T18:30:52Z",
  "published": "2024-02-14T18:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24989"
    },
    {
      "type": "WEB",
      "url": "https://my.f5.com/manage/s/article/K000138444"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/05/30/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M46P-V6C6-2XV2

Vulnerability from github – Published: 2025-04-17 21:30 – Updated: 2025-04-17 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

md: Don't set mddev private to NULL in raid0 pers->free

In normal stop process, it does like this: do_md_stop | __md_stop (pers->free(); mddev->private=NULL) | md_free (free mddev) __md_stop sets mddev->private to NULL after pers->free. The raid device will be stopped and mddev memory is free. But in reshape, it doesn't free the mddev and mddev will still be used in new raid.

In reshape, it first sets mddev->private to new_pers and then runs old_pers->free(). Now raid0 sets mddev->private to NULL in raid0_free. The new raid can't work anymore. It will panic when dereference mddev->private because of NULL pointer dereference.

It can panic like this: [63010.814972] kernel BUG at drivers/md/raid10.c:928! [63010.819778] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [63010.825011] CPU: 3 PID: 44437 Comm: md0_resync Kdump: loaded Not tainted 5.14.0-86.el9.x86_64 #1 [63010.833789] Hardware name: Dell Inc. PowerEdge R6415/07YXFK, BIOS 1.15.0 09/11/2020 [63010.841440] RIP: 0010:raise_barrier+0x161/0x170 [raid10] [63010.865508] RSP: 0018:ffffc312408bbc10 EFLAGS: 00010246 [63010.870734] RAX: 0000000000000000 RBX: ffffa00bf7d39800 RCX: 0000000000000000 [63010.877866] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffa00bf7d39800 [63010.884999] RBP: 0000000000000000 R08: fffffa4945e74400 R09: 0000000000000000 [63010.892132] R10: ffffa00eed02f798 R11: 0000000000000000 R12: ffffa00bbc435200 [63010.899266] R13: ffffa00bf7d39800 R14: 0000000000000400 R15: 0000000000000003 [63010.906399] FS: 0000000000000000(0000) GS:ffffa00eed000000(0000) knlGS:0000000000000000 [63010.914485] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [63010.920229] CR2: 00007f5cfbe99828 CR3: 0000000105efe000 CR4: 00000000003506e0 [63010.927363] Call Trace: [63010.929822] ? bio_reset+0xe/0x40 [63010.933144] ? raid10_alloc_init_r10buf+0x60/0xa0 [raid10] [63010.938629] raid10_sync_request+0x756/0x1610 [raid10] [63010.943770] md_do_sync.cold+0x3e4/0x94c [63010.947698] md_thread+0xab/0x160 [63010.951024] ? md_write_inc+0x50/0x50 [63010.954688] kthread+0x149/0x170 [63010.957923] ? set_kthread_struct+0x40/0x40 [63010.962107] ret_from_fork+0x22/0x30

Removing the code that sets mddev->private to NULL in raid0 can fix problem.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49400"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:16Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don\u0027t set mddev private to NULL in raid0 pers-\u003efree\n\nIn normal stop process, it does like this:\n   do_md_stop\n      |\n   __md_stop (pers-\u003efree(); mddev-\u003eprivate=NULL)\n      |\n   md_free (free mddev)\n__md_stop sets mddev-\u003eprivate to NULL after pers-\u003efree. The raid device\nwill be stopped and mddev memory is free. But in reshape, it doesn\u0027t\nfree the mddev and mddev will still be used in new raid.\n\nIn reshape, it first sets mddev-\u003eprivate to new_pers and then runs\nold_pers-\u003efree(). Now raid0 sets mddev-\u003eprivate to NULL in raid0_free.\nThe new raid can\u0027t work anymore. It will panic when dereference\nmddev-\u003eprivate because of NULL pointer dereference.\n\nIt can panic like this:\n[63010.814972] kernel BUG at drivers/md/raid10.c:928!\n[63010.819778] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[63010.825011] CPU: 3 PID: 44437 Comm: md0_resync Kdump: loaded Not tainted 5.14.0-86.el9.x86_64 #1\n[63010.833789] Hardware name: Dell Inc. PowerEdge R6415/07YXFK, BIOS 1.15.0 09/11/2020\n[63010.841440] RIP: 0010:raise_barrier+0x161/0x170 [raid10]\n[63010.865508] RSP: 0018:ffffc312408bbc10 EFLAGS: 00010246\n[63010.870734] RAX: 0000000000000000 RBX: ffffa00bf7d39800 RCX: 0000000000000000\n[63010.877866] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffa00bf7d39800\n[63010.884999] RBP: 0000000000000000 R08: fffffa4945e74400 R09: 0000000000000000\n[63010.892132] R10: ffffa00eed02f798 R11: 0000000000000000 R12: ffffa00bbc435200\n[63010.899266] R13: ffffa00bf7d39800 R14: 0000000000000400 R15: 0000000000000003\n[63010.906399] FS:  0000000000000000(0000) GS:ffffa00eed000000(0000) knlGS:0000000000000000\n[63010.914485] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[63010.920229] CR2: 00007f5cfbe99828 CR3: 0000000105efe000 CR4: 00000000003506e0\n[63010.927363] Call Trace:\n[63010.929822]  ? bio_reset+0xe/0x40\n[63010.933144]  ? raid10_alloc_init_r10buf+0x60/0xa0 [raid10]\n[63010.938629]  raid10_sync_request+0x756/0x1610 [raid10]\n[63010.943770]  md_do_sync.cold+0x3e4/0x94c\n[63010.947698]  md_thread+0xab/0x160\n[63010.951024]  ? md_write_inc+0x50/0x50\n[63010.954688]  kthread+0x149/0x170\n[63010.957923]  ? set_kthread_struct+0x40/0x40\n[63010.962107]  ret_from_fork+0x22/0x30\n\nRemoving the code that sets mddev-\u003eprivate to NULL in raid0 can fix\nproblem.",
  "id": "GHSA-m46p-v6c6-2xv2",
  "modified": "2025-04-17T21:30:44Z",
  "published": "2025-04-17T21:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49400"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f2571ad7a30ff6b33cde142439f9378669f8b4f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7da3454a65f8a56e65dfb44fa0ccac08cbc2f5a1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b7a51df785031cc49caf1c59766ca89cfa97b54b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f63fd1e0e0fc158023cc67ea6a07e278019061ba"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M46Q-JH97-XM5G

Vulnerability from github – Published: 2022-05-13 01:09 – Updated: 2022-05-13 01:09
VLAI
Details

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-14613"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-27T04:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c.",
  "id": "GHSA-m46q-jh97-xm5g",
  "modified": "2022-05-13T01:09:33Z",
  "published": "2022-05-13T01:09:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14613"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199849"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://patchwork.kernel.org/patch/10503147"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3932-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3932-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4094-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4118-1"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104917"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M476-VRJ2-GQQ7

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-04 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7996: rely on mt76_connac2_mac_tx_rate_val

In order to fix a possible NULL pointer dereference in mt7996_mac_write_txwi() of vif pointer, export mt76_connac2_mac_tx_rate_val utility routine and reuse it in mt7996 driver.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53203"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:46Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: rely on mt76_connac2_mac_tx_rate_val\n\nIn order to fix a possible NULL pointer dereference in\nmt7996_mac_write_txwi() of vif pointer, export\nmt76_connac2_mac_tx_rate_val utility routine and reuse it\nin mt7996 driver.",
  "id": "GHSA-m476-vrj2-gqq7",
  "modified": "2025-12-04T15:30:31Z",
  "published": "2025-09-15T15:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53203"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0765b5b4719f0435bb019370b317d2fb8138eb34"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b8e2d69467f78a7c9d87b452220e87012435e33"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M47C-XM2P-2V99

Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2024-04-04 01:17
VLAI
Details

In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-12175"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-17T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled.",
  "id": "GHSA-m47c-xm2p-2v99",
  "modified": "2024-04-04T01:17:20Z",
  "published": "2022-05-24T16:50:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12175"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zeek/zeek/releases/tag/v2.6.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M4F7-QQQH-44M7

Vulnerability from github – Published: 2025-03-04 06:30 – Updated: 2025-03-04 06:30
VLAI
Details

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer dereference.. This vulnerability can be exploited only in restricted scenarios.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21084"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-04T04:15:13Z",
    "severity": "LOW"
  },
  "details": "in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer dereference.. This vulnerability can be exploited only in restricted scenarios.",
  "id": "GHSA-m4f7-qqqh-44m7",
  "modified": "2025-03-04T06:30:33Z",
  "published": "2025-03-04T06:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21084"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M4QH-6FF4-G5XX

Vulnerability from github – Published: 2022-05-17 02:33 – Updated: 2022-05-17 02:33
VLAI
Details

The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-4912"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-27T17:59:00Z",
    "severity": "HIGH"
  },
  "details": "The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.",
  "id": "GHSA-m4qh-6ff4-g5xx",
  "modified": "2022-05-17T02:33:13Z",
  "published": "2022-05-17T02:33:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4912"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329295"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201707-05"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/05/18/6"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035916"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M4VF-R3XM-3QHJ

Vulnerability from github – Published: 2024-10-29 03:31 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: apple: check devm_kasprintf() returned value

devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value.

Found by code review.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50069"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-29T01:15:04Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: apple: check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked. Fix this lack and check the returned value.\n\nFound by code review.",
  "id": "GHSA-m4vf-r3xm-3qhj",
  "modified": "2025-11-04T00:31:51Z",
  "published": "2024-10-29T03:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50069"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0a4d4dbef622ac8796a6665e0080da2685f9220a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4d2296fb7c80fdc9925d29a8e85d617cad08731a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/665a58fe663ac7a9ea618dc0b29881649324b116"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fad940e2dd789155f99ecafa71a7baf6f96530bc"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M4W2-2J95-QX2Q

Vulnerability from github – Published: 2026-01-23 18:31 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: mscc: ocelot: Fix crash when adding interface under a lag

Commit 15faa1f67ab4 ("lan966x: Fix crash when adding interface under a lag") fixed a similar issue in the lan966x driver caused by a NULL pointer dereference. The ocelot_set_aggr_pgids() function in the ocelot driver has similar logic and is susceptible to the same crash.

This issue specifically affects the ocelot_vsc7514.c frontend, which leaves unused ports as NULL pointers. The felix_vsc9959.c frontend is unaffected as it uses the DSA framework which registers all ports.

Fix this by checking if the port pointer is valid before accessing it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-22982"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-23T16:15:54Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mscc: ocelot: Fix crash when adding interface under a lag\n\nCommit 15faa1f67ab4 (\"lan966x: Fix crash when adding interface under a lag\")\nfixed a similar issue in the lan966x driver caused by a NULL pointer dereference.\nThe ocelot_set_aggr_pgids() function in the ocelot driver has similar logic\nand is susceptible to the same crash.\n\nThis issue specifically affects the ocelot_vsc7514.c frontend, which leaves\nunused ports as NULL pointers. The felix_vsc9959.c frontend is unaffected as\nit uses the DSA framework which registers all ports.\n\nFix this by checking if the port pointer is valid before accessing it.",
  "id": "GHSA-m4w2-2j95-qx2q",
  "modified": "2026-07-14T15:31:32Z",
  "published": "2026-01-23T18:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22982"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/03fb1708b7d1e76aecebf767ad059c319845039f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2985712dc76dfa670eb7fd607c09d4d48e5f5c6e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/34f3ff52cb9fa7dbf04f5c734fcc4cb6ed5d1a95"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8767f238b0e6c3d0b295ac6dce9fbe6a99bd1b9d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b17818307446c5a8d925a39a792261dbfa930041"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f490af47bbee02441e356a1e0b86e3b3dd5120ff"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.