Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-PFXC-R4M8-GW9P

Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-21 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

kprobes: avoid crash when rmmod/insmod after ftrace killed

After we hit ftrace is killed by some errors, the kernel crash if we remove modules in which kprobe probes.

BUG: unable to handle page fault for address: fffffbfff805000d PGD 817fcc067 P4D 817fcc067 PUD 817fc8067 PMD 101555067 PTE 0 Oops: Oops: 0000 [#1] SMP KASAN PTI CPU: 4 UID: 0 PID: 2012 Comm: rmmod Tainted: G W OE Tainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE RIP: 0010:kprobes_module_callback+0x89/0x790 RSP: 0018:ffff88812e157d30 EFLAGS: 00010a02 RAX: 1ffffffff805000d RBX: dffffc0000000000 RCX: ffffffff86a8de90 RDX: ffffed1025c2af9b RSI: 0000000000000008 RDI: ffffffffc0280068 RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1025c2af9a R10: ffff88812e157cd7 R11: 205d323130325420 R12: 0000000000000002 R13: ffffffffc0290488 R14: 0000000000000002 R15: ffffffffc0280040 FS: 00007fbc450dd740(0000) GS:ffff888420331000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffbfff805000d CR3: 000000010f624000 CR4: 00000000000006f0 Call Trace: notifier_call_chain+0xc6/0x280 blocking_notifier_call_chain+0x60/0x90 __do_sys_delete_module.constprop.0+0x32a/0x4e0 do_syscall_64+0x5d/0xfa0 entry_SYSCALL_64_after_hwframe+0x76/0x7e

This is because the kprobe on ftrace does not correctly handles the kprobe_ftrace_disabled flag set by ftrace_kill().

To prevent this error, check kprobe_ftrace_disabled in __disarm_kprobe_ftrace() and skip all ftrace related operations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43409"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-08T15:16:52Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nkprobes: avoid crash when rmmod/insmod after ftrace killed\n\nAfter we hit ftrace is killed by some errors, the kernel crash if\nwe remove modules in which kprobe probes.\n\nBUG: unable to handle page fault for address: fffffbfff805000d\nPGD 817fcc067 P4D 817fcc067 PUD 817fc8067 PMD 101555067 PTE 0\nOops: Oops: 0000 [#1] SMP KASAN PTI\nCPU: 4 UID: 0 PID: 2012 Comm: rmmod Tainted: G        W  OE\nTainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nRIP: 0010:kprobes_module_callback+0x89/0x790\nRSP: 0018:ffff88812e157d30 EFLAGS: 00010a02\nRAX: 1ffffffff805000d RBX: dffffc0000000000 RCX: ffffffff86a8de90\nRDX: ffffed1025c2af9b RSI: 0000000000000008 RDI: ffffffffc0280068\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1025c2af9a\nR10: ffff88812e157cd7 R11: 205d323130325420 R12: 0000000000000002\nR13: ffffffffc0290488 R14: 0000000000000002 R15: ffffffffc0280040\nFS:  00007fbc450dd740(0000) GS:ffff888420331000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: fffffbfff805000d CR3: 000000010f624000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n notifier_call_chain+0xc6/0x280\n blocking_notifier_call_chain+0x60/0x90\n __do_sys_delete_module.constprop.0+0x32a/0x4e0\n do_syscall_64+0x5d/0xfa0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because the kprobe on ftrace does not correctly handles\nthe kprobe_ftrace_disabled flag set by ftrace_kill().\n\nTo prevent this error, check kprobe_ftrace_disabled in\n__disarm_kprobe_ftrace() and skip all ftrace related operations.",
  "id": "GHSA-pfxc-r4m8-gw9p",
  "modified": "2026-05-21T21:30:30Z",
  "published": "2026-05-08T15:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43409"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8b6767e4141b2a42745b544d4555cf1614ba1a2d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9edc79d664832a842012ad105b1521c1a3c35ab3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b0ca81616a010807e91fc31db9be242b96326adc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cae928e3178c75602c21d67e21255d73e7e9ed4f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e113f0b46d19626ec15388bcb91432c9a4fd6261"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PG75-XXXV-PV8J

Vulnerability from github – Published: 2023-11-17 06:31 – Updated: 2024-06-20 18:34
VLAI
Details

An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38313"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-17T06:15:33Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set.",
  "id": "GHSA-pg75-xxxv-pv8j",
  "modified": "2024-06-20T18:34:06Z",
  "published": "2023-11-17T06:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38313"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openNDS/openNDS/releases/tag/v10.1.2"
    },
    {
      "type": "WEB",
      "url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PG76-Q8R9-XQW5

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-05-07 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

phy: qcom-qmp-combo: fix NULL-deref on runtime resume

Commit fc64623637da ("phy: qcom-qmp-combo,usb: add support for separate PCS_USB region") started treating the PCS_USB registers as potentially separate from the PCS registers but used the wrong base when no PCS_USB offset has been provided.

Fix the PCS_USB base used at runtime resume to prevent dereferencing a NULL pointer on platforms that do not provide a PCS_USB offset (e.g. SC7180).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49848"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T15:16:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qmp-combo: fix NULL-deref on runtime resume\n\nCommit fc64623637da (\"phy: qcom-qmp-combo,usb: add support for separate\nPCS_USB region\") started treating the PCS_USB registers as potentially\nseparate from the PCS registers but used the wrong base when no PCS_USB\noffset has been provided.\n\nFix the PCS_USB base used at runtime resume to prevent dereferencing a\nNULL pointer on platforms that do not provide a PCS_USB offset (e.g.\nSC7180).",
  "id": "GHSA-pg76-q8r9-xqw5",
  "modified": "2025-05-07T15:31:24Z",
  "published": "2025-05-01T15:31:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49848"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/04948e757148f870a31f4887ea2239403f516c3c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c559a8b5cfa3db196ced0257b288f17027621348"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGCR-7VHJ-26W2

Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2024-10-25 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

gpiolib: Fix potential NULL pointer dereference in gpiod_get_label()

In gpiod_get_label(), it is possible that srcu_dereference_check() may return a NULL pointer, leading to a scenario where label->str is accessed without verifying if label itself is NULL.

This patch adds a proper NULL check for label before accessing label->str. The check for label->str != NULL is removed because label->str can never be NULL if label is not NULL.

This fixes the issue where the label name was being printed as (efault) when dumping the sysfs GPIO file when label == NULL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49941"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:15Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: Fix potential NULL pointer dereference in gpiod_get_label()\n\nIn `gpiod_get_label()`, it is possible that `srcu_dereference_check()` may\nreturn a NULL pointer, leading to a scenario where `label-\u003estr` is accessed\nwithout verifying if `label` itself is NULL.\n\nThis patch adds a proper NULL check for `label` before accessing\n`label-\u003estr`. The check for `label-\u003estr != NULL` is removed because\n`label-\u003estr` can never be NULL if `label` is not NULL.\n\nThis fixes the issue where the label name was being printed as `(efault)`\nwhen dumping the sysfs GPIO file when `label == NULL`.",
  "id": "GHSA-pgcr-7vhj-26w2",
  "modified": "2024-10-25T15:31:26Z",
  "published": "2024-10-21T18:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49941"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7b99b5ab885993bff010ebcd93be5e511c56e28a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9ee4b907d7a5d7a53b4ff7727c371ff3d44ccbbb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGFV-564H-29R2

Vulnerability from github – Published: 2022-05-14 03:25 – Updated: 2022-05-14 03:25
VLAI
Details

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, the device may crash while accessing an invalid pointer or expose otherwise inaccessible memory contents.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-9124"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-18T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, the device may crash while accessing an invalid pointer or expose otherwise inaccessible memory contents.",
  "id": "GHSA-pgfv-564h-29r2",
  "modified": "2022-05-14T03:25:09Z",
  "published": "2022-05-14T03:25:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9124"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2018-04-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103671"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGJC-H8G4-V6J2

Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2024-10-24 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer

This commit addresses a potential null pointer dereference issue in the dcn32_acquire_idle_pipe_for_head_pipe_in_layer function. The issue could occur when head_pipe is null.

The fix adds a check to ensure head_pipe is not null before asserting it. If head_pipe is null, the function returns NULL to prevent a potential null pointer dereference.

Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn32/dcn32_resource.c:2690 dcn32_acquire_idle_pipe_for_head_pipe_in_layer() error: we previously assumed 'head_pipe' could be null (see line 2681)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49918"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:14Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn32_acquire_idle_pipe_for_head_pipe_in_layer` function. The issue\ncould occur when `head_pipe` is null.\n\nThe fix adds a check to ensure `head_pipe` is not null before asserting\nit. If `head_pipe` is null, the function returns NULL to prevent a\npotential null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn32/dcn32_resource.c:2690 dcn32_acquire_idle_pipe_for_head_pipe_in_layer() error: we previously assumed \u0027head_pipe\u0027 could be null (see line 2681)",
  "id": "GHSA-pgjc-h8g4-v6j2",
  "modified": "2024-10-24T18:30:42Z",
  "published": "2024-10-21T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49918"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4f47292f488fa7041284dca1f1244116c18721f1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/96d4c2ee18d732a248d053aae8c4a27cb1d68d1c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ac2140449184a26eac99585b7f69814bd3ba8f2d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGM2-2P72-H4HG

Vulnerability from github – Published: 2024-04-03 18:30 – Updated: 2025-01-07 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: fix null-pointer dereference on edid reading

Use i2c adapter when there isn't aux_mode in dc_link to fix a null-pointer derefence that happens when running igt@kms_force_connector_basic in a system with DCN2.1 and HDMI connector detected as below:

[ +0.178146] BUG: kernel NULL pointer dereference, address: 00000000000004c0 [ +0.000010] #PF: supervisor read access in kernel mode [ +0.000005] #PF: error_code(0x0000) - not-present page [ +0.000004] PGD 0 P4D 0 [ +0.000006] Oops: 0000 [#1] PREEMPT SMP NOPTI [ +0.000006] CPU: 15 PID: 2368 Comm: kms_force_conne Not tainted 6.5.0-asdn+ #152 [ +0.000005] Hardware name: HP HP ENVY x360 Convertible 13-ay1xxx/8929, BIOS F.01 07/14/2021 [ +0.000004] RIP: 0010:i2c_transfer+0xd/0x100 [ +0.000011] Code: ea fc ff ff 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 55 53 <48> 8b 47 10 48 89 fb 48 83 38 00 0f 84 b3 00 00 00 83 3d 2f 80 16 [ +0.000004] RSP: 0018:ffff9c4f89c0fad0 EFLAGS: 00010246 [ +0.000005] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000080 [ +0.000003] RDX: 0000000000000002 RSI: ffff9c4f89c0fb20 RDI: 00000000000004b0 [ +0.000003] RBP: ffff9c4f89c0fb80 R08: 0000000000000080 R09: ffff8d8e0b15b980 [ +0.000003] R10: 00000000000380e0 R11: 0000000000000000 R12: 0000000000000080 [ +0.000002] R13: 0000000000000002 R14: ffff9c4f89c0fb0e R15: ffff9c4f89c0fb0f [ +0.000004] FS: 00007f9ad2176c40(0000) GS:ffff8d90fe9c0000(0000) knlGS:0000000000000000 [ +0.000003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ +0.000004] CR2: 00000000000004c0 CR3: 0000000121bc4000 CR4: 0000000000750ee0 [ +0.000003] PKRU: 55555554 [ +0.000003] Call Trace: [ +0.000006] [ +0.000006] ? __die+0x23/0x70 [ +0.000011] ? page_fault_oops+0x17d/0x4c0 [ +0.000008] ? preempt_count_add+0x6e/0xa0 [ +0.000008] ? srso_alias_return_thunk+0x5/0x7f [ +0.000011] ? exc_page_fault+0x7f/0x180 [ +0.000009] ? asm_exc_page_fault+0x26/0x30 [ +0.000013] ? i2c_transfer+0xd/0x100 [ +0.000010] drm_do_probe_ddc_edid+0xc2/0x140 [drm] [ +0.000067] ? srso_alias_return_thunk+0x5/0x7f [ +0.000006] ? _drm_do_get_edid+0x97/0x3c0 [drm] [ +0.000043] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm] [ +0.000042] edid_block_read+0x3b/0xd0 [drm] [ +0.000043] _drm_do_get_edid+0xb6/0x3c0 [drm] [ +0.000041] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm] [ +0.000043] drm_edid_read_custom+0x37/0xd0 [drm] [ +0.000044] amdgpu_dm_connector_mode_valid+0x129/0x1d0 [amdgpu] [ +0.000153] drm_connector_mode_valid+0x3b/0x60 [drm_kms_helper] [ +0.000000] __drm_helper_update_and_validate+0xfe/0x3c0 [drm_kms_helper] [ +0.000000] ? amdgpu_dm_connector_get_modes+0xb6/0x520 [amdgpu] [ +0.000000] ? srso_alias_return_thunk+0x5/0x7f [ +0.000000] drm_helper_probe_single_connector_modes+0x2ab/0x540 [drm_kms_helper] [ +0.000000] status_store+0xb2/0x1f0 [drm] [ +0.000000] kernfs_fop_write_iter+0x136/0x1d0 [ +0.000000] vfs_write+0x24d/0x440 [ +0.000000] ksys_write+0x6f/0xf0 [ +0.000000] do_syscall_64+0x60/0xc0 [ +0.000000] ? srso_alias_return_thunk+0x5/0x7f [ +0.000000] ? syscall_exit_to_user_mode+0x2b/0x40 [ +0.000000] ? srso_alias_return_thunk+0x5/0x7f [ +0.000000] ? do_syscall_64+0x6c/0xc0 [ +0.000000] ? do_syscall_64+0x6c/0xc0 [ +0.000000] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ +0.000000] RIP: 0033:0x7f9ad46b4b00 [ +0.000000] Code: 40 00 48 8b 15 19 b3 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d e1 3a 0e 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ +0.000000] RSP: 002b:00007ffcbd3bd6d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ +0.000000] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9ad46b4b00 [ +0.000000] RDX: 0000000000000002 RSI: 00007f9ad48a7417 RDI: 0000000000000009 [ +0.000000] RBP: 0000000000000002 R08 ---truncated---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26728"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-03T17:15:50Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix null-pointer dereference on edid reading\n\nUse i2c adapter when there isn\u0027t aux_mode in dc_link to fix a\nnull-pointer derefence that happens when running\nigt@kms_force_connector_basic in a system with DCN2.1 and HDMI connector\ndetected as below:\n\n[  +0.178146] BUG: kernel NULL pointer dereference, address: 00000000000004c0\n[  +0.000010] #PF: supervisor read access in kernel mode\n[  +0.000005] #PF: error_code(0x0000) - not-present page\n[  +0.000004] PGD 0 P4D 0\n[  +0.000006] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[  +0.000006] CPU: 15 PID: 2368 Comm: kms_force_conne Not tainted 6.5.0-asdn+ #152\n[  +0.000005] Hardware name: HP HP ENVY x360 Convertible 13-ay1xxx/8929, BIOS F.01 07/14/2021\n[  +0.000004] RIP: 0010:i2c_transfer+0xd/0x100\n[  +0.000011] Code: ea fc ff ff 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 55 53 \u003c48\u003e 8b 47 10 48 89 fb 48 83 38 00 0f 84 b3 00 00 00 83 3d 2f 80 16\n[  +0.000004] RSP: 0018:ffff9c4f89c0fad0 EFLAGS: 00010246\n[  +0.000005] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000080\n[  +0.000003] RDX: 0000000000000002 RSI: ffff9c4f89c0fb20 RDI: 00000000000004b0\n[  +0.000003] RBP: ffff9c4f89c0fb80 R08: 0000000000000080 R09: ffff8d8e0b15b980\n[  +0.000003] R10: 00000000000380e0 R11: 0000000000000000 R12: 0000000000000080\n[  +0.000002] R13: 0000000000000002 R14: ffff9c4f89c0fb0e R15: ffff9c4f89c0fb0f\n[  +0.000004] FS:  00007f9ad2176c40(0000) GS:ffff8d90fe9c0000(0000) knlGS:0000000000000000\n[  +0.000003] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  +0.000004] CR2: 00000000000004c0 CR3: 0000000121bc4000 CR4: 0000000000750ee0\n[  +0.000003] PKRU: 55555554\n[  +0.000003] Call Trace:\n[  +0.000006]  \u003cTASK\u003e\n[  +0.000006]  ? __die+0x23/0x70\n[  +0.000011]  ? page_fault_oops+0x17d/0x4c0\n[  +0.000008]  ? preempt_count_add+0x6e/0xa0\n[  +0.000008]  ? srso_alias_return_thunk+0x5/0x7f\n[  +0.000011]  ? exc_page_fault+0x7f/0x180\n[  +0.000009]  ? asm_exc_page_fault+0x26/0x30\n[  +0.000013]  ? i2c_transfer+0xd/0x100\n[  +0.000010]  drm_do_probe_ddc_edid+0xc2/0x140 [drm]\n[  +0.000067]  ? srso_alias_return_thunk+0x5/0x7f\n[  +0.000006]  ? _drm_do_get_edid+0x97/0x3c0 [drm]\n[  +0.000043]  ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\n[  +0.000042]  edid_block_read+0x3b/0xd0 [drm]\n[  +0.000043]  _drm_do_get_edid+0xb6/0x3c0 [drm]\n[  +0.000041]  ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\n[  +0.000043]  drm_edid_read_custom+0x37/0xd0 [drm]\n[  +0.000044]  amdgpu_dm_connector_mode_valid+0x129/0x1d0 [amdgpu]\n[  +0.000153]  drm_connector_mode_valid+0x3b/0x60 [drm_kms_helper]\n[  +0.000000]  __drm_helper_update_and_validate+0xfe/0x3c0 [drm_kms_helper]\n[  +0.000000]  ? amdgpu_dm_connector_get_modes+0xb6/0x520 [amdgpu]\n[  +0.000000]  ? srso_alias_return_thunk+0x5/0x7f\n[  +0.000000]  drm_helper_probe_single_connector_modes+0x2ab/0x540 [drm_kms_helper]\n[  +0.000000]  status_store+0xb2/0x1f0 [drm]\n[  +0.000000]  kernfs_fop_write_iter+0x136/0x1d0\n[  +0.000000]  vfs_write+0x24d/0x440\n[  +0.000000]  ksys_write+0x6f/0xf0\n[  +0.000000]  do_syscall_64+0x60/0xc0\n[  +0.000000]  ? srso_alias_return_thunk+0x5/0x7f\n[  +0.000000]  ? syscall_exit_to_user_mode+0x2b/0x40\n[  +0.000000]  ? srso_alias_return_thunk+0x5/0x7f\n[  +0.000000]  ? do_syscall_64+0x6c/0xc0\n[  +0.000000]  ? do_syscall_64+0x6c/0xc0\n[  +0.000000]  entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[  +0.000000] RIP: 0033:0x7f9ad46b4b00\n[  +0.000000] Code: 40 00 48 8b 15 19 b3 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d e1 3a 0e 00 00 74 17 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89\n[  +0.000000] RSP: 002b:00007ffcbd3bd6d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\n[  +0.000000] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9ad46b4b00\n[  +0.000000] RDX: 0000000000000002 RSI: 00007f9ad48a7417 RDI: 0000000000000009\n[  +0.000000] RBP: 0000000000000002 R08\n---truncated---",
  "id": "GHSA-pgm2-2p72-h4hg",
  "modified": "2025-01-07T21:30:54Z",
  "published": "2024-04-03T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26728"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2d392f7268a1a9bfbd98c831f0f4c964e59aa145"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9671761792156f2339627918bafcd713a8a6f777"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGPC-54GC-3694

Vulnerability from github – Published: 2024-10-21 12:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param

In the wilc_parse_join_bss_param function, the TSF field of the ies structure is accessed after the RCU read-side critical section is unlocked. According to RCU usage rules, this is illegal. Reusing this pointer can lead to unpredictable behavior, including accessing memory that has been updated or causing use-after-free issues.

This possible bug was identified using a static analysis tool developed by myself, specifically designed to detect RCU-related issues.

To address this, the TSF value is now stored in a local variable ies_tsf before the RCU lock is released. The param->tsf_lo field is then assigned using this local variable, ensuring that the TSF value is safely accessed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47712"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T12:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param\n\nIn the `wilc_parse_join_bss_param` function, the TSF field of the `ies`\nstructure is accessed after the RCU read-side critical section is\nunlocked. According to RCU usage rules, this is illegal. Reusing this\npointer can lead to unpredictable behavior, including accessing memory\nthat has been updated or causing use-after-free issues.\n\nThis possible bug was identified using a static analysis tool developed\nby myself, specifically designed to detect RCU-related issues.\n\nTo address this, the TSF value is now stored in a local variable\n`ies_tsf` before the RCU lock is released. The `param-\u003etsf_lo` field is\nthen assigned using this local variable, ensuring that the TSF value is\nsafely accessed.",
  "id": "GHSA-pgpc-54gc-3694",
  "modified": "2025-11-04T00:31:37Z",
  "published": "2024-10-21T12:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47712"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2f944e6255c2fc1c9bd9ee32f6b14ee0b2a51eb5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/557418e1704605a81c9e26732449f71b1d40ba1e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a24cedc243ace5ed7c1016f52a7bfc8f5b07815"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6d7c6ae1efb1ff68bc01d79d94fdf0388f86cdd8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/79510414a7626317f13cc9073244ab7a8deb3192"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/84398204c5df5aaf89453056cf0647cda9664d2b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b040b71d99ee5e17bb7a743dc01cbfcae8908ce1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bf090f4fe935294361eabd9dc5a949fdd77d3d1b"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGQC-XW7P-GM9J

Vulnerability from github – Published: 2024-02-18 06:30 – Updated: 2024-12-04 18:32
VLAI
Details

Vulnerability of null references in the motor module.Successful exploitation of this vulnerability may affect availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52371"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-18T04:15:07Z",
    "severity": "LOW"
  },
  "details": "Vulnerability of null references in the motor module.Successful exploitation of this vulnerability may affect availability.",
  "id": "GHSA-pgqc-xw7p-gm9j",
  "modified": "2024-12-04T18:32:33Z",
  "published": "2024-02-18T06:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52371"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2024/2"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202402-0000001834855405"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGRR-Q7VF-XGG9

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10
VLAI
Details

The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-32440"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-11T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.",
  "id": "GHSA-pgrr-q7vf-xgg9",
  "modified": "2022-05-24T19:10:40Z",
  "published": "2022-05-24T19:10:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32440"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/1772"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/f0ba83717b6e4d7a15a1676d1fe06152e199b011"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.