CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
GHSA-PCF2-F983-H6W2
Vulnerability from github – Published: 2025-01-22 00:33 – Updated: 2025-01-23 21:31An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDU Session Resource Setup Response.
{
"affected": [],
"aliases": [
"CVE-2024-24443"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-21T23:15:12Z",
"severity": "MODERATE"
},
"details": "An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDU Session Resource Setup Response.",
"id": "GHSA-pcf2-f983-h6w2",
"modified": "2025-01-23T21:31:51Z",
"published": "2025-01-22T00:33:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24443"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
},
{
"type": "WEB",
"url": "http://openairinterface.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PCH2-664M-XCCV
Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-08-06 00:00Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
{
"affected": [],
"aliases": [
"CVE-2021-1274"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-20T20:15:00Z",
"severity": "HIGH"
},
"details": "Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. ",
"id": "GHSA-pch2-664m-xccv",
"modified": "2022-08-06T00:00:38Z",
"published": "2022-05-24T17:39:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1274"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PCM6-6X97-2MRC
Vulnerability from github – Published: 2022-05-02 06:21 – Updated: 2022-05-02 06:21The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.
{
"affected": [],
"aliases": [
"CVE-2010-1321"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-05-19T18:30:00Z",
"severity": "MODERATE"
},
"details": "The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator\u0027s checksum field is missing.",
"id": "GHSA-pcm6-6x97-2mrc",
"modified": "2022-05-02T06:21:31Z",
"published": "2022-05-02T06:21:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1321"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450"
},
{
"type": "WEB",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"type": "WEB",
"url": "http://osvdb.org/64744"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/39762"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/39784"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/39799"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/39818"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/39849"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40346"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40685"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/41967"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42432"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42974"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43335"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44954"
},
{
"type": "WEB",
"url": "http://support.avaya.com/css/P8/documents/100114315"
},
{
"type": "WEB",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2010/dsa-2052"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:100"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0423.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0935.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0152.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/511331/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/40235"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-940-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-940-2"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1177"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1192"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1193"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1196"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1222"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1574"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1882"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/3112"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0134"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PCP6-2JQ5-M5CF
Vulnerability from github – Published: 2025-07-22 18:30 – Updated: 2025-11-03 21:34A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message functionality of Bloomberg Comdb2 8.1. A specially crafted network packets can lead to a denial of service. An attacker can send packets to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2025-36520"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-22T16:15:27Z",
"severity": "HIGH"
},
"details": "A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message functionality of Bloomberg Comdb2 8.1. A specially crafted network packets can lead to a denial of service. An attacker can send packets to trigger this vulnerability.",
"id": "GHSA-pcp6-2jq5-m5cf",
"modified": "2025-11-03T21:34:10Z",
"published": "2025-07-22T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36520"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2197"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2197"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PCQC-C89R-492H
Vulnerability from github – Published: 2024-02-26 18:30 – Updated: 2024-04-17 21:30In the Linux kernel, the following vulnerability has been resolved:
crypto: rsa - add a check for allocation failure
Static checkers insist that the mpi_alloc() allocation can fail so add a check to prevent a NULL dereference. Small allocations like this can't actually fail in current kernels, but adding a check is very simple and makes the static checkers happy.
{
"affected": [],
"aliases": [
"CVE-2023-52472"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-26T16:27:48Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: rsa - add a check for allocation failure\n\nStatic checkers insist that the mpi_alloc() allocation can fail so add\na check to prevent a NULL dereference. Small allocations like this\ncan\u0027t actually fail in current kernels, but adding a check is very\nsimple and makes the static checkers happy.",
"id": "GHSA-pcqc-c89r-492h",
"modified": "2024-04-17T21:30:45Z",
"published": "2024-02-26T18:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52472"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2831f4d3bfa68e64c5f83e96688be779c87b3511"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/95ad8b6879e2e49d02e3bfc0e1fb46421633fe2a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d872ca165cb67112f2841ef9c37d51ef7e63d1e4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PCW3-HVMM-479H
Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-02-06 15:30In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_rbtree: fix null deref on element insertion
There is no guarantee that rb_prev() will not return NULL in nft_rbtree_gc_elem():
general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] nft_add_set_elem+0x14b0/0x2990 nf_tables_newsetelem+0x528/0xb30
Furthermore, there is a possible use-after-free while iterating, 'node' can be free'd so we need to cache the next value to use.
{
"affected": [],
"aliases": [
"CVE-2023-53566"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-04T16:15:52Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: fix null deref on element insertion\n\nThere is no guarantee that rb_prev() will not return NULL in nft_rbtree_gc_elem():\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n nft_add_set_elem+0x14b0/0x2990\n nf_tables_newsetelem+0x528/0xb30\n\nFurthermore, there is a possible use-after-free while iterating,\n\u0027node\u0027 can be free\u0027d so we need to cache the next value to use.",
"id": "GHSA-pcw3-hvmm-479h",
"modified": "2026-02-06T15:30:58Z",
"published": "2025-10-04T18:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53566"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3fa13203b6d90cc3a33af47b058739f92ab82eef"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/61ae320a29b0540c16931816299eb86bf2b66c08"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/899aa5638568abf5d69de7a7bb95e4615157375b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a337706c1fb35aac3f26b48aca80421bdbe1d33a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a836be60a3aabcedcd9c79f545d409ace1f20ba6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b76db53ee8802ee5683f8cb401d7e2ec6f9b3d56"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ec5caa765f7f6960011c919c9aeb1467940421f6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PCW9-JCMV-XQQQ
Vulnerability from github – Published: 2024-09-18 15:30 – Updated: 2024-09-20 21:31Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::QueuePropertyList::unpack10.
This issue affects libfluid: 0.1.0.
{
"affected": [],
"aliases": [
"CVE-2024-31182"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-690"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T14:15:16Z",
"severity": "MODERATE"
},
"details": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::QueuePropertyList::unpack10.\n\nThis issue affects libfluid: 0.1.0.",
"id": "GHSA-pcw9-jcmv-xqqq",
"modified": "2024-09-20T21:31:39Z",
"published": "2024-09-18T15:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31182"
},
{
"type": "WEB",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31182"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-PF2Q-6C5M-PVCJ
Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.
{
"affected": [],
"aliases": [
"CVE-2024-23357"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-05T15:15:47Z",
"severity": "MODERATE"
},
"details": "Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.",
"id": "GHSA-pf2q-6c5m-pvcj",
"modified": "2024-08-05T15:30:53Z",
"published": "2024-08-05T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23357"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PF46-57MF-CMPH
Vulnerability from github – Published: 2025-01-19 12:31 – Updated: 2025-10-01 21:30In the Linux kernel, the following vulnerability has been resolved:
rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy
As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons:
-
Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns.
-
current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2).
The per-netns structure can be obtained from the table->data using container_of(), then the 'net' one can be retrieved from the listen socket (if available).
{
"affected": [],
"aliases": [
"CVE-2025-21635"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-19T11:15:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe per-netns structure can be obtained from the table-\u003edata using\ncontainer_of(), then the \u0027net\u0027 one can be retrieved from the listen\nsocket (if available).",
"id": "GHSA-pf46-57mf-cmph",
"modified": "2025-10-01T21:30:49Z",
"published": "2025-01-19T12:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21635"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7f5611cbc4871c7fb1ad36c2e5a9edad63dca95c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/de8d6de0ee27be4b2b1e5b06f04aeacbabbba492"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PF52-4F6C-2P5W
Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-11-12 21:31In the Linux kernel, the following vulnerability has been resolved:
media: rc: gpio-ir-recv: add remove function
In case runtime PM is enabled, do runtime PM clean up to remove cpu latency qos request, otherwise driver removal may have below kernel dump:
[ 19.463299] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000048 [ 19.472161] Mem abort info: [ 19.474985] ESR = 0x0000000096000004 [ 19.478754] EC = 0x25: DABT (current EL), IL = 32 bits [ 19.484081] SET = 0, FnV = 0 [ 19.487149] EA = 0, S1PTW = 0 [ 19.490361] FSC = 0x04: level 0 translation fault [ 19.495256] Data abort info: [ 19.498149] ISV = 0, ISS = 0x00000004 [ 19.501997] CM = 0, WnR = 0 [ 19.504977] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000049f81000 [ 19.511432] [0000000000000048] pgd=0000000000000000, p4d=0000000000000000 [ 19.518245] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 19.524520] Modules linked in: gpio_ir_recv(+) rc_core [last unloaded: rc_core] [ 19.531845] CPU: 0 PID: 445 Comm: insmod Not tainted 6.2.0-rc1-00028-g2c397a46d47c #72 [ 19.531854] Hardware name: FSL i.MX8MM EVK board (DT) [ 19.531859] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 19.551777] pc : cpu_latency_qos_remove_request+0x20/0x110 [ 19.557277] lr : gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv] [ 19.557294] sp : ffff800008ce3740 [ 19.557297] x29: ffff800008ce3740 x28: 0000000000000000 x27: ffff800008ce3d50 [ 19.574270] x26: ffffc7e3e9cea100 x25: 00000000000f4240 x24: ffffc7e3f9ef0e30 [ 19.574284] x23: 0000000000000000 x22: ffff0061803820f4 x21: 0000000000000008 [ 19.574296] x20: ffffc7e3fa75df30 x19: 0000000000000020 x18: ffffffffffffffff [ 19.588570] x17: 0000000000000000 x16: ffffc7e3f9efab70 x15: ffffffffffffffff [ 19.595712] x14: ffff800008ce37b8 x13: ffff800008ce37aa x12: 0000000000000001 [ 19.602853] x11: 0000000000000001 x10: ffffcbe3ec0dff87 x9 : 0000000000000008 [ 19.609991] x8 : 0101010101010101 x7 : 0000000000000000 x6 : 000000000f0bfe9f [ 19.624261] x5 : 00ffffffffffffff x4 : 0025ab8e00000000 x3 : ffff006180382010 [ 19.631405] x2 : ffffc7e3e9ce8030 x1 : ffffc7e3fc3eb810 x0 : 0000000000000020 [ 19.638548] Call trace: [ 19.640995] cpu_latency_qos_remove_request+0x20/0x110 [ 19.646142] gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv] [ 19.652339] pm_generic_runtime_suspend+0x2c/0x44 [ 19.657055] __rpm_callback+0x48/0x1dc [ 19.660807] rpm_callback+0x6c/0x80 [ 19.664301] rpm_suspend+0x10c/0x640 [ 19.667880] rpm_idle+0x250/0x2d0 [ 19.671198] update_autosuspend+0x38/0xe0 [ 19.675213] pm_runtime_set_autosuspend_delay+0x40/0x60 [ 19.680442] gpio_ir_recv_probe+0x1b4/0x21c [gpio_ir_recv] [ 19.685941] platform_probe+0x68/0xc0 [ 19.689610] really_probe+0xc0/0x3dc [ 19.693189] __driver_probe_device+0x7c/0x190 [ 19.697550] driver_probe_device+0x3c/0x110 [ 19.701739] __driver_attach+0xf4/0x200 [ 19.705578] bus_for_each_dev+0x70/0xd0 [ 19.709417] driver_attach+0x24/0x30 [ 19.712998] bus_add_driver+0x17c/0x240 [ 19.716834] driver_register+0x78/0x130 [ 19.720676] __platform_driver_register+0x28/0x34 [ 19.725386] gpio_ir_recv_driver_init+0x20/0x1000 [gpio_ir_recv] [ 19.731404] do_one_initcall+0x44/0x2ac [ 19.735243] do_init_module+0x48/0x1d0 [ 19.739003] load_module+0x19fc/0x2034 [ 19.742759] __do_sys_finit_module+0xac/0x12c [ 19.747124] __arm64_sys_finit_module+0x20/0x30 [ 19.751664] invoke_syscall+0x48/0x114 [ 19.755420] el0_svc_common.constprop.0+0xcc/0xec [ 19.760132] do_el0_svc+0x38/0xb0 [ 19.763456] el0_svc+0x2c/0x84 [ 19.766516] el0t_64_sync_handler+0xf4/0x120 [ 19.770789] el0t_64_sync+0x190/0x194 [ 19.774460] Code: 910003fd a90153f3 aa0003f3 91204021 (f9401400) [ 19.780556] ---[ end trace 0000000000000000 ]---
{
"affected": [],
"aliases": [
"CVE-2023-53098"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-02T16:15:28Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: gpio-ir-recv: add remove function\n\nIn case runtime PM is enabled, do runtime PM clean up to remove\ncpu latency qos request, otherwise driver removal may have below\nkernel dump:\n\n[ 19.463299] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000048\n[ 19.472161] Mem abort info:\n[ 19.474985] ESR = 0x0000000096000004\n[ 19.478754] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 19.484081] SET = 0, FnV = 0\n[ 19.487149] EA = 0, S1PTW = 0\n[ 19.490361] FSC = 0x04: level 0 translation fault\n[ 19.495256] Data abort info:\n[ 19.498149] ISV = 0, ISS = 0x00000004\n[ 19.501997] CM = 0, WnR = 0\n[ 19.504977] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000049f81000\n[ 19.511432] [0000000000000048] pgd=0000000000000000,\np4d=0000000000000000\n[ 19.518245] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 19.524520] Modules linked in: gpio_ir_recv(+) rc_core [last\nunloaded: rc_core]\n[ 19.531845] CPU: 0 PID: 445 Comm: insmod Not tainted\n6.2.0-rc1-00028-g2c397a46d47c #72\n[ 19.531854] Hardware name: FSL i.MX8MM EVK board (DT)\n[ 19.531859] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS\nBTYPE=--)\n[ 19.551777] pc : cpu_latency_qos_remove_request+0x20/0x110\n[ 19.557277] lr : gpio_ir_recv_runtime_suspend+0x18/0x30\n[gpio_ir_recv]\n[ 19.557294] sp : ffff800008ce3740\n[ 19.557297] x29: ffff800008ce3740 x28: 0000000000000000 x27:\nffff800008ce3d50\n[ 19.574270] x26: ffffc7e3e9cea100 x25: 00000000000f4240 x24:\nffffc7e3f9ef0e30\n[ 19.574284] x23: 0000000000000000 x22: ffff0061803820f4 x21:\n0000000000000008\n[ 19.574296] x20: ffffc7e3fa75df30 x19: 0000000000000020 x18:\nffffffffffffffff\n[ 19.588570] x17: 0000000000000000 x16: ffffc7e3f9efab70 x15:\nffffffffffffffff\n[ 19.595712] x14: ffff800008ce37b8 x13: ffff800008ce37aa x12:\n0000000000000001\n[ 19.602853] x11: 0000000000000001 x10: ffffcbe3ec0dff87 x9 :\n0000000000000008\n[ 19.609991] x8 : 0101010101010101 x7 : 0000000000000000 x6 :\n000000000f0bfe9f\n[ 19.624261] x5 : 00ffffffffffffff x4 : 0025ab8e00000000 x3 :\nffff006180382010\n[ 19.631405] x2 : ffffc7e3e9ce8030 x1 : ffffc7e3fc3eb810 x0 :\n0000000000000020\n[ 19.638548] Call trace:\n[ 19.640995] cpu_latency_qos_remove_request+0x20/0x110\n[ 19.646142] gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv]\n[ 19.652339] pm_generic_runtime_suspend+0x2c/0x44\n[ 19.657055] __rpm_callback+0x48/0x1dc\n[ 19.660807] rpm_callback+0x6c/0x80\n[ 19.664301] rpm_suspend+0x10c/0x640\n[ 19.667880] rpm_idle+0x250/0x2d0\n[ 19.671198] update_autosuspend+0x38/0xe0\n[ 19.675213] pm_runtime_set_autosuspend_delay+0x40/0x60\n[ 19.680442] gpio_ir_recv_probe+0x1b4/0x21c [gpio_ir_recv]\n[ 19.685941] platform_probe+0x68/0xc0\n[ 19.689610] really_probe+0xc0/0x3dc\n[ 19.693189] __driver_probe_device+0x7c/0x190\n[ 19.697550] driver_probe_device+0x3c/0x110\n[ 19.701739] __driver_attach+0xf4/0x200\n[ 19.705578] bus_for_each_dev+0x70/0xd0\n[ 19.709417] driver_attach+0x24/0x30\n[ 19.712998] bus_add_driver+0x17c/0x240\n[ 19.716834] driver_register+0x78/0x130\n[ 19.720676] __platform_driver_register+0x28/0x34\n[ 19.725386] gpio_ir_recv_driver_init+0x20/0x1000 [gpio_ir_recv]\n[ 19.731404] do_one_initcall+0x44/0x2ac\n[ 19.735243] do_init_module+0x48/0x1d0\n[ 19.739003] load_module+0x19fc/0x2034\n[ 19.742759] __do_sys_finit_module+0xac/0x12c\n[ 19.747124] __arm64_sys_finit_module+0x20/0x30\n[ 19.751664] invoke_syscall+0x48/0x114\n[ 19.755420] el0_svc_common.constprop.0+0xcc/0xec\n[ 19.760132] do_el0_svc+0x38/0xb0\n[ 19.763456] el0_svc+0x2c/0x84\n[ 19.766516] el0t_64_sync_handler+0xf4/0x120\n[ 19.770789] el0t_64_sync+0x190/0x194\n[ 19.774460] Code: 910003fd a90153f3 aa0003f3 91204021 (f9401400)\n[ 19.780556] ---[ end trace 0000000000000000 ]---",
"id": "GHSA-pf52-4f6c-2p5w",
"modified": "2025-11-12T21:31:01Z",
"published": "2025-05-02T18:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53098"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/00e81f191bc00cb6faabf468960e96ebf0404a6c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2ece4d2f7eac1cb51dc0e9859e09bfdb00faa28e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/30040818b338b8ebc956ce0ebd198f8d593586a6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/513572bb89e8075f5d2a2bb4c89f1152e44da9d8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a5c140d88a69eb43de2a030f1d7ff7b16bff3b1a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.