Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-PCF2-F983-H6W2

Vulnerability from github – Published: 2025-01-22 00:33 – Updated: 2025-01-23 21:31
VLAI
Details

An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDU Session Resource Setup Response.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-24443"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-21T23:15:12Z",
    "severity": "MODERATE"
  },
  "details": "An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDU Session Resource Setup Response.",
  "id": "GHSA-pcf2-f983-h6w2",
  "modified": "2025-01-23T21:31:51Z",
  "published": "2025-01-22T00:33:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24443"
    },
    {
      "type": "WEB",
      "url": "https://cellularsecurity.org/ransacked"
    },
    {
      "type": "WEB",
      "url": "http://openairinterface.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PCH2-664M-XCCV

Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-08-06 00:00
VLAI
Details

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1274"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-20T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. ",
  "id": "GHSA-pch2-664m-xccv",
  "modified": "2022-08-06T00:00:38Z",
  "published": "2022-05-24T17:39:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1274"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PCM6-6X97-2MRC

Vulnerability from github – Published: 2022-05-02 06:21 – Updated: 2022-05-02 06:21
VLAI
Details

The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-1321"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-05-19T18:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator\u0027s checksum field is missing.",
  "id": "GHSA-pcm6-6x97-2mrc",
  "modified": "2022-05-02T06:21:31Z",
  "published": "2022-05-02T06:21:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1321"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/64744"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39762"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39784"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39799"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39818"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39849"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/40346"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/40685"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/41967"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42432"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42974"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43335"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44954"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/css/P8/documents/100114315"
    },
    {
      "type": "WEB",
      "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2010/dsa-2052"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:100"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0423.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0935.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0152.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/511331/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/40235"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-940-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-940-2"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1177"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1192"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1193"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1196"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1222"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1574"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1882"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/3112"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0134"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PCP6-2JQ5-M5CF

Vulnerability from github – Published: 2025-07-22 18:30 – Updated: 2025-11-03 21:34
VLAI
Details

A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message functionality of Bloomberg Comdb2 8.1. A specially crafted network packets can lead to a denial of service. An attacker can send packets to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36520"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-22T16:15:27Z",
    "severity": "HIGH"
  },
  "details": "A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message functionality of Bloomberg Comdb2 8.1. A specially crafted network packets can lead to a denial of service. An attacker can send packets to trigger this vulnerability.",
  "id": "GHSA-pcp6-2jq5-m5cf",
  "modified": "2025-11-03T21:34:10Z",
  "published": "2025-07-22T18:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36520"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2197"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2197"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PCQC-C89R-492H

Vulnerability from github – Published: 2024-02-26 18:30 – Updated: 2024-04-17 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: rsa - add a check for allocation failure

Static checkers insist that the mpi_alloc() allocation can fail so add a check to prevent a NULL dereference. Small allocations like this can't actually fail in current kernels, but adding a check is very simple and makes the static checkers happy.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52472"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-26T16:27:48Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: rsa - add a check for allocation failure\n\nStatic checkers insist that the mpi_alloc() allocation can fail so add\na check to prevent a NULL dereference.  Small allocations like this\ncan\u0027t actually fail in current kernels, but adding a check is very\nsimple and makes the static checkers happy.",
  "id": "GHSA-pcqc-c89r-492h",
  "modified": "2024-04-17T21:30:45Z",
  "published": "2024-02-26T18:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52472"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2831f4d3bfa68e64c5f83e96688be779c87b3511"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/95ad8b6879e2e49d02e3bfc0e1fb46421633fe2a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d872ca165cb67112f2841ef9c37d51ef7e63d1e4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PCW3-HVMM-479H

Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-02-06 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_rbtree: fix null deref on element insertion

There is no guarantee that rb_prev() will not return NULL in nft_rbtree_gc_elem():

general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] nft_add_set_elem+0x14b0/0x2990 nf_tables_newsetelem+0x528/0xb30

Furthermore, there is a possible use-after-free while iterating, 'node' can be free'd so we need to cache the next value to use.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53566"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-04T16:15:52Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: fix null deref on element insertion\n\nThere is no guarantee that rb_prev() will not return NULL in nft_rbtree_gc_elem():\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n nft_add_set_elem+0x14b0/0x2990\n  nf_tables_newsetelem+0x528/0xb30\n\nFurthermore, there is a possible use-after-free while iterating,\n\u0027node\u0027 can be free\u0027d so we need to cache the next value to use.",
  "id": "GHSA-pcw3-hvmm-479h",
  "modified": "2026-02-06T15:30:58Z",
  "published": "2025-10-04T18:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53566"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3fa13203b6d90cc3a33af47b058739f92ab82eef"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/61ae320a29b0540c16931816299eb86bf2b66c08"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/899aa5638568abf5d69de7a7bb95e4615157375b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a337706c1fb35aac3f26b48aca80421bdbe1d33a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a836be60a3aabcedcd9c79f545d409ace1f20ba6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b76db53ee8802ee5683f8cb401d7e2ec6f9b3d56"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ec5caa765f7f6960011c919c9aeb1467940421f6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PCW9-JCMV-XQQQ

Vulnerability from github – Published: 2024-09-18 15:30 – Updated: 2024-09-20 21:31
VLAI
Details

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::QueuePropertyList::unpack10.

This issue affects libfluid: 0.1.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31182"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476",
      "CWE-690"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-18T14:15:16Z",
    "severity": "MODERATE"
  },
  "details": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::QueuePropertyList::unpack10.\n\nThis issue affects libfluid: 0.1.0.",
  "id": "GHSA-pcw9-jcmv-xqqq",
  "modified": "2024-09-20T21:31:39Z",
  "published": "2024-09-18T15:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31182"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31182"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PF2Q-6C5M-PVCJ

Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30
VLAI
Details

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23357"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-05T15:15:47Z",
    "severity": "MODERATE"
  },
  "details": "Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.",
  "id": "GHSA-pf2q-6c5m-pvcj",
  "modified": "2024-08-05T15:30:53Z",
  "published": "2024-08-05T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23357"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PF46-57MF-CMPH

Vulnerability from github – Published: 2025-01-19 12:31 – Updated: 2025-10-01 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy

As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons:

  • Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns.

  • current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2).

The per-netns structure can be obtained from the table->data using container_of(), then the 'net' one can be retrieved from the listen socket (if available).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21635"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-19T11:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n  from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n  (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n  syzbot [1] using acct(2).\n\nThe per-netns structure can be obtained from the table-\u003edata using\ncontainer_of(), then the \u0027net\u0027 one can be retrieved from the listen\nsocket (if available).",
  "id": "GHSA-pf46-57mf-cmph",
  "modified": "2025-10-01T21:30:49Z",
  "published": "2025-01-19T12:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21635"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7f5611cbc4871c7fb1ad36c2e5a9edad63dca95c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/de8d6de0ee27be4b2b1e5b06f04aeacbabbba492"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PF52-4F6C-2P5W

Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-11-12 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: rc: gpio-ir-recv: add remove function

In case runtime PM is enabled, do runtime PM clean up to remove cpu latency qos request, otherwise driver removal may have below kernel dump:

[ 19.463299] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000048 [ 19.472161] Mem abort info: [ 19.474985] ESR = 0x0000000096000004 [ 19.478754] EC = 0x25: DABT (current EL), IL = 32 bits [ 19.484081] SET = 0, FnV = 0 [ 19.487149] EA = 0, S1PTW = 0 [ 19.490361] FSC = 0x04: level 0 translation fault [ 19.495256] Data abort info: [ 19.498149] ISV = 0, ISS = 0x00000004 [ 19.501997] CM = 0, WnR = 0 [ 19.504977] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000049f81000 [ 19.511432] [0000000000000048] pgd=0000000000000000, p4d=0000000000000000 [ 19.518245] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 19.524520] Modules linked in: gpio_ir_recv(+) rc_core [last unloaded: rc_core] [ 19.531845] CPU: 0 PID: 445 Comm: insmod Not tainted 6.2.0-rc1-00028-g2c397a46d47c #72 [ 19.531854] Hardware name: FSL i.MX8MM EVK board (DT) [ 19.531859] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 19.551777] pc : cpu_latency_qos_remove_request+0x20/0x110 [ 19.557277] lr : gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv] [ 19.557294] sp : ffff800008ce3740 [ 19.557297] x29: ffff800008ce3740 x28: 0000000000000000 x27: ffff800008ce3d50 [ 19.574270] x26: ffffc7e3e9cea100 x25: 00000000000f4240 x24: ffffc7e3f9ef0e30 [ 19.574284] x23: 0000000000000000 x22: ffff0061803820f4 x21: 0000000000000008 [ 19.574296] x20: ffffc7e3fa75df30 x19: 0000000000000020 x18: ffffffffffffffff [ 19.588570] x17: 0000000000000000 x16: ffffc7e3f9efab70 x15: ffffffffffffffff [ 19.595712] x14: ffff800008ce37b8 x13: ffff800008ce37aa x12: 0000000000000001 [ 19.602853] x11: 0000000000000001 x10: ffffcbe3ec0dff87 x9 : 0000000000000008 [ 19.609991] x8 : 0101010101010101 x7 : 0000000000000000 x6 : 000000000f0bfe9f [ 19.624261] x5 : 00ffffffffffffff x4 : 0025ab8e00000000 x3 : ffff006180382010 [ 19.631405] x2 : ffffc7e3e9ce8030 x1 : ffffc7e3fc3eb810 x0 : 0000000000000020 [ 19.638548] Call trace: [ 19.640995] cpu_latency_qos_remove_request+0x20/0x110 [ 19.646142] gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv] [ 19.652339] pm_generic_runtime_suspend+0x2c/0x44 [ 19.657055] __rpm_callback+0x48/0x1dc [ 19.660807] rpm_callback+0x6c/0x80 [ 19.664301] rpm_suspend+0x10c/0x640 [ 19.667880] rpm_idle+0x250/0x2d0 [ 19.671198] update_autosuspend+0x38/0xe0 [ 19.675213] pm_runtime_set_autosuspend_delay+0x40/0x60 [ 19.680442] gpio_ir_recv_probe+0x1b4/0x21c [gpio_ir_recv] [ 19.685941] platform_probe+0x68/0xc0 [ 19.689610] really_probe+0xc0/0x3dc [ 19.693189] __driver_probe_device+0x7c/0x190 [ 19.697550] driver_probe_device+0x3c/0x110 [ 19.701739] __driver_attach+0xf4/0x200 [ 19.705578] bus_for_each_dev+0x70/0xd0 [ 19.709417] driver_attach+0x24/0x30 [ 19.712998] bus_add_driver+0x17c/0x240 [ 19.716834] driver_register+0x78/0x130 [ 19.720676] __platform_driver_register+0x28/0x34 [ 19.725386] gpio_ir_recv_driver_init+0x20/0x1000 [gpio_ir_recv] [ 19.731404] do_one_initcall+0x44/0x2ac [ 19.735243] do_init_module+0x48/0x1d0 [ 19.739003] load_module+0x19fc/0x2034 [ 19.742759] __do_sys_finit_module+0xac/0x12c [ 19.747124] __arm64_sys_finit_module+0x20/0x30 [ 19.751664] invoke_syscall+0x48/0x114 [ 19.755420] el0_svc_common.constprop.0+0xcc/0xec [ 19.760132] do_el0_svc+0x38/0xb0 [ 19.763456] el0_svc+0x2c/0x84 [ 19.766516] el0t_64_sync_handler+0xf4/0x120 [ 19.770789] el0t_64_sync+0x190/0x194 [ 19.774460] Code: 910003fd a90153f3 aa0003f3 91204021 (f9401400) [ 19.780556] ---[ end trace 0000000000000000 ]---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53098"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-02T16:15:28Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: gpio-ir-recv: add remove function\n\nIn case runtime PM is enabled, do runtime PM clean up to remove\ncpu latency qos request, otherwise driver removal may have below\nkernel dump:\n\n[   19.463299] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000048\n[   19.472161] Mem abort info:\n[   19.474985]   ESR = 0x0000000096000004\n[   19.478754]   EC = 0x25: DABT (current EL), IL = 32 bits\n[   19.484081]   SET = 0, FnV = 0\n[   19.487149]   EA = 0, S1PTW = 0\n[   19.490361]   FSC = 0x04: level 0 translation fault\n[   19.495256] Data abort info:\n[   19.498149]   ISV = 0, ISS = 0x00000004\n[   19.501997]   CM = 0, WnR = 0\n[   19.504977] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000049f81000\n[   19.511432] [0000000000000048] pgd=0000000000000000,\np4d=0000000000000000\n[   19.518245] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[   19.524520] Modules linked in: gpio_ir_recv(+) rc_core [last\nunloaded: rc_core]\n[   19.531845] CPU: 0 PID: 445 Comm: insmod Not tainted\n6.2.0-rc1-00028-g2c397a46d47c #72\n[   19.531854] Hardware name: FSL i.MX8MM EVK board (DT)\n[   19.531859] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS\nBTYPE=--)\n[   19.551777] pc : cpu_latency_qos_remove_request+0x20/0x110\n[   19.557277] lr : gpio_ir_recv_runtime_suspend+0x18/0x30\n[gpio_ir_recv]\n[   19.557294] sp : ffff800008ce3740\n[   19.557297] x29: ffff800008ce3740 x28: 0000000000000000 x27:\nffff800008ce3d50\n[   19.574270] x26: ffffc7e3e9cea100 x25: 00000000000f4240 x24:\nffffc7e3f9ef0e30\n[   19.574284] x23: 0000000000000000 x22: ffff0061803820f4 x21:\n0000000000000008\n[   19.574296] x20: ffffc7e3fa75df30 x19: 0000000000000020 x18:\nffffffffffffffff\n[   19.588570] x17: 0000000000000000 x16: ffffc7e3f9efab70 x15:\nffffffffffffffff\n[   19.595712] x14: ffff800008ce37b8 x13: ffff800008ce37aa x12:\n0000000000000001\n[   19.602853] x11: 0000000000000001 x10: ffffcbe3ec0dff87 x9 :\n0000000000000008\n[   19.609991] x8 : 0101010101010101 x7 : 0000000000000000 x6 :\n000000000f0bfe9f\n[   19.624261] x5 : 00ffffffffffffff x4 : 0025ab8e00000000 x3 :\nffff006180382010\n[   19.631405] x2 : ffffc7e3e9ce8030 x1 : ffffc7e3fc3eb810 x0 :\n0000000000000020\n[   19.638548] Call trace:\n[   19.640995]  cpu_latency_qos_remove_request+0x20/0x110\n[   19.646142]  gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv]\n[   19.652339]  pm_generic_runtime_suspend+0x2c/0x44\n[   19.657055]  __rpm_callback+0x48/0x1dc\n[   19.660807]  rpm_callback+0x6c/0x80\n[   19.664301]  rpm_suspend+0x10c/0x640\n[   19.667880]  rpm_idle+0x250/0x2d0\n[   19.671198]  update_autosuspend+0x38/0xe0\n[   19.675213]  pm_runtime_set_autosuspend_delay+0x40/0x60\n[   19.680442]  gpio_ir_recv_probe+0x1b4/0x21c [gpio_ir_recv]\n[   19.685941]  platform_probe+0x68/0xc0\n[   19.689610]  really_probe+0xc0/0x3dc\n[   19.693189]  __driver_probe_device+0x7c/0x190\n[   19.697550]  driver_probe_device+0x3c/0x110\n[   19.701739]  __driver_attach+0xf4/0x200\n[   19.705578]  bus_for_each_dev+0x70/0xd0\n[   19.709417]  driver_attach+0x24/0x30\n[   19.712998]  bus_add_driver+0x17c/0x240\n[   19.716834]  driver_register+0x78/0x130\n[   19.720676]  __platform_driver_register+0x28/0x34\n[   19.725386]  gpio_ir_recv_driver_init+0x20/0x1000 [gpio_ir_recv]\n[   19.731404]  do_one_initcall+0x44/0x2ac\n[   19.735243]  do_init_module+0x48/0x1d0\n[   19.739003]  load_module+0x19fc/0x2034\n[   19.742759]  __do_sys_finit_module+0xac/0x12c\n[   19.747124]  __arm64_sys_finit_module+0x20/0x30\n[   19.751664]  invoke_syscall+0x48/0x114\n[   19.755420]  el0_svc_common.constprop.0+0xcc/0xec\n[   19.760132]  do_el0_svc+0x38/0xb0\n[   19.763456]  el0_svc+0x2c/0x84\n[   19.766516]  el0t_64_sync_handler+0xf4/0x120\n[   19.770789]  el0t_64_sync+0x190/0x194\n[   19.774460] Code: 910003fd a90153f3 aa0003f3 91204021 (f9401400)\n[   19.780556] ---[ end trace 0000000000000000 ]---",
  "id": "GHSA-pf52-4f6c-2p5w",
  "modified": "2025-11-12T21:31:01Z",
  "published": "2025-05-02T18:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53098"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/00e81f191bc00cb6faabf468960e96ebf0404a6c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2ece4d2f7eac1cb51dc0e9859e09bfdb00faa28e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/30040818b338b8ebc956ce0ebd198f8d593586a6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/513572bb89e8075f5d2a2bb4c89f1152e44da9d8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a5c140d88a69eb43de2a030f1d7ff7b16bff3b1a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.