CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-PQW3-898V-HG67
Vulnerability from github – Published: 2024-12-29 12:30 – Updated: 2025-01-07 21:30In the Linux kernel, the following vulnerability has been resolved:
net/9p/usbg: fix handling of the failed kzalloc() memory allocation
On the linux-next, next-20241108 vanilla kernel, the coccinelle tool gave the following error report:
./net/9p/trans_usbg.c:912:5-11: ERROR: allocation function on line 911 returns NULL not ERR_PTR on failure
kzalloc() failure is fixed to handle the NULL return case on the memory exhaustion.
{
"affected": [],
"aliases": [
"CVE-2024-56730"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-29T12:15:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p/usbg: fix handling of the failed kzalloc() memory allocation\n\nOn the linux-next, next-20241108 vanilla kernel, the coccinelle tool gave the\nfollowing error report:\n\n./net/9p/trans_usbg.c:912:5-11: ERROR: allocation function on line 911 returns\nNULL not ERR_PTR on failure\n\nkzalloc() failure is fixed to handle the NULL return case on the memory exhaustion.",
"id": "GHSA-pqw3-898v-hg67",
"modified": "2025-01-07T21:30:55Z",
"published": "2024-12-29T12:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56730"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2cdb416de8b5795fd25fadcb69e1198b6df6d8cc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ff1060813d9347e8c45c8b8cff93a4dfdb6726ad"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQX6-2262-G74W
Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2024-12-31 21:30In the Linux kernel, the following vulnerability has been resolved:
pinctrl: single: fix potential NULL dereference
Added checking of pointer "function" in pcs_set_mux(). pinmux_generic_get_function() can return NULL and the pointer "function" was dereferenced without checking against NULL.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
{
"affected": [],
"aliases": [
"CVE-2022-48708"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T16:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: single: fix potential NULL dereference\n\nAdded checking of pointer \"function\" in pcs_set_mux().\npinmux_generic_get_function() can return NULL and the pointer\n\"function\" was dereferenced without checking against NULL.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"id": "GHSA-pqx6-2262-g74w",
"modified": "2024-12-31T21:30:44Z",
"published": "2024-05-21T18:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48708"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1177bdafe87cbe543a2dc48a9bbac265aa5864db"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2b763f7de108cb1a5ad5ed08e617d677341947cb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6e2a0521e4e84a2698f2da3950fb5c5496a4d208"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/71668706fbe7d20e6f172fa3287fa8aac1b56c26"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bcc487001a15f71f103d102cba4ac8145d7a68f2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d2d73e6d4822140445ad4a7b1c6091e0f5fe703b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e671e63587c92b3fd767cf82e73129f6d5feeb33"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PR2G-95MC-47FV
Vulnerability from github – Published: 2025-08-22 18:31 – Updated: 2025-11-26 00:30In the Linux kernel, the following vulnerability has been resolved:
Revert "drm/gem-shmem: Use dma_buf from GEM object instance"
This reverts commit 1a148af06000e545e714fe3210af3d77ff903c11.
The dma_buf field in struct drm_gem_object is not stable over the object instance's lifetime. The field becomes NULL when user space releases the final GEM handle on the buffer object. This resulted in a NULL-pointer deref.
Workarounds in commit 5307dce878d4 ("drm/gem: Acquire references on GEM handles for framebuffers") and commit f6bfc9afc751 ("drm/framebuffer: Acquire internal references on GEM handles") only solved the problem partially. They especially don't work for buffer objects without a DRM framebuffer associated.
Hence, this revert to going back to using .import_attach->dmabuf.
v3: - cc stable
{
"affected": [],
"aliases": [
"CVE-2025-38669"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-22T16:15:42Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/gem-shmem: Use dma_buf from GEM object instance\"\n\nThis reverts commit 1a148af06000e545e714fe3210af3d77ff903c11.\n\nThe dma_buf field in struct drm_gem_object is not stable over the\nobject instance\u0027s lifetime. The field becomes NULL when user space\nreleases the final GEM handle on the buffer object. This resulted\nin a NULL-pointer deref.\n\nWorkarounds in commit 5307dce878d4 (\"drm/gem: Acquire references on\nGEM handles for framebuffers\") and commit f6bfc9afc751 (\"drm/framebuffer:\nAcquire internal references on GEM handles\") only solved the problem\npartially. They especially don\u0027t work for buffer objects without a DRM\nframebuffer associated.\n\nHence, this revert to going back to using .import_attach-\u003edmabuf.\n\nv3:\n- cc stable",
"id": "GHSA-pr2g-95mc-47fv",
"modified": "2025-11-26T00:30:15Z",
"published": "2025-08-22T18:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38669"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/291a77604858a8b47cf6640a12b76e97f99e00ed"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6d496e9569983a0d7a05be6661126d0702cf94f7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PR36-74PG-M583
Vulnerability from github – Published: 2024-11-19 03:31 – Updated: 2025-11-04 00:32In the Linux kernel, the following vulnerability has been resolved:
ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove
In case of error when requesting ctrl_chan DMA channel, ctrl_chan is not null. So the release of the dma channel leads to the following issue: [ 4.879000] st,stm32-spdifrx 500d0000.audio-controller: dma_request_slave_channel error -19 [ 4.888975] Unable to handle kernel NULL pointer dereference at virtual address 000000000000003d [...] [ 5.096577] Call trace: [ 5.099099] dma_release_channel+0x24/0x100 [ 5.103235] stm32_spdifrx_remove+0x24/0x60 [snd_soc_stm32_spdifrx] [ 5.109494] stm32_spdifrx_probe+0x320/0x4c4 [snd_soc_stm32_spdifrx]
To avoid this issue, release channel only if the pointer is valid.
{
"affected": [],
"aliases": [
"CVE-2024-50292"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-19T02:16:31Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove\n\nIn case of error when requesting ctrl_chan DMA channel, ctrl_chan is not\nnull. So the release of the dma channel leads to the following issue:\n[ 4.879000] st,stm32-spdifrx 500d0000.audio-controller:\ndma_request_slave_channel error -19\n[ 4.888975] Unable to handle kernel NULL pointer dereference\nat virtual address 000000000000003d\n[...]\n[ 5.096577] Call trace:\n[ 5.099099] dma_release_channel+0x24/0x100\n[ 5.103235] stm32_spdifrx_remove+0x24/0x60 [snd_soc_stm32_spdifrx]\n[ 5.109494] stm32_spdifrx_probe+0x320/0x4c4 [snd_soc_stm32_spdifrx]\n\nTo avoid this issue, release channel only if the pointer is valid.",
"id": "GHSA-pr36-74pg-m583",
"modified": "2025-11-04T00:32:03Z",
"published": "2024-11-19T03:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50292"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0d75f887aabd80cf37ea48d28f159afa7850ea28"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/22ae9321054cf7f36c537702af133659f51a0b88"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/23bdbd1ef3e063e03d3c50c15a591b005ebbae39"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3a977b554f668382dfba31fd62e4cce4fe5643db"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4f1d74f74752eab8af6b8b28797dc6490d57374c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9bb4af400c386374ab1047df44c508512c08c31f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PR3R-4WRP-R2PV
Vulnerability from github – Published: 2017-10-24 18:33 – Updated: 2023-07-04 00:01Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.2.7.0"
},
"package": {
"ecosystem": "RubyGems",
"name": "activerecord"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0"
},
{
"fixed": "4.2.7.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-6317"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:49:56Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.",
"id": "GHSA-pr3r-4wrp-r2pv",
"modified": "2023-07-04T00:01:26Z",
"published": "2017-10-24T18:33:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6317"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html"
},
{
"type": "WEB",
"url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/08/11/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "ActiveRecord in Ruby on Rails allows database-query bypass"
}
GHSA-PR4X-XMGG-HG68
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a
{
"affected": [],
"aliases": [
"CVE-2021-32979"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-23T14:15:00Z",
"severity": "HIGH"
},
"details": "Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a",
"id": "GHSA-pr4x-xmgg-hg68",
"modified": "2022-05-24T19:15:33Z",
"published": "2022-05-24T19:15:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32979"
},
{
"type": "WEB",
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PR54-G5F8-4JQW
Vulnerability from github – Published: 2024-10-21 15:32 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
RDMA/cxgb4: Added NULL check for lookup_atid
The lookup_atid() function can return NULL if the ATID is
invalid or does not exist in the identifier table, which
could lead to dereferencing a null pointer without a
check in the act_establish() and act_open_rpl() functions.
Add a NULL check to prevent null pointer dereferencing.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
{
"affected": [],
"aliases": [
"CVE-2024-47749"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T13:15:04Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cxgb4: Added NULL check for lookup_atid\n\nThe lookup_atid() function can return NULL if the ATID is\ninvalid or does not exist in the identifier table, which\ncould lead to dereferencing a null pointer without a\ncheck in the `act_establish()` and `act_open_rpl()` functions.\nAdd a NULL check to prevent null pointer dereferencing.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"id": "GHSA-pr54-g5f8-4jqw",
"modified": "2025-11-04T00:31:38Z",
"published": "2024-10-21T15:32:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47749"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0d50ae281a1712b9b2ca72830a96b8f11882358d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/39cb9f39913566ec5865581135f3e8123ad1aee1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4e1fe68d695af367506ea3c794c5969630f21697"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/54aaa3ed40972511e423b604324b881425b9ff1e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b11318dc8a1ec565300bb1a9073095af817cc508"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b12e25d91c7f97958341538c7dc63ee49d01548f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b9c94c8ba5a713817cffd74c4bacc05187469624"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dd598ac57dcae796cb58551074660c39b43fb155"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e766e6a92410ca269161de059fff0843b8ddd65f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PR9V-GFW5-55X8
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function rice::RiceDecoder::process() located in rice_decoder.c. It allows an attacker to cause Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2021-39545"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-20T16:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function rice::RiceDecoder::process() located in rice_decoder.c. It allows an attacker to cause Denial of Service.",
"id": "GHSA-pr9v-gfw5-55x8",
"modified": "2022-05-24T19:15:08Z",
"published": "2022-05-24T19:15:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39545"
},
{
"type": "WEB",
"url": "https://github.com/sahaRatul/sela/issues/31"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PRF7-7JVX-HXJ5
Vulnerability from github – Published: 2025-07-10 18:31 – Updated: 2026-05-12 15:30A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system.
{
"affected": [],
"aliases": [
"CVE-2025-6395"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-10T16:15:25Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system.",
"id": "GHSA-prf7-7jvx-hxj5",
"modified": "2026-05-12T15:30:56Z",
"published": "2025-07-10T18:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:16115"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:16116"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:17181"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:17348"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:17361"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:17415"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:19088"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:22529"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-6395"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376755"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1718"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html"
},
{
"type": "WEB",
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/11/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PRG5-M4W6-PJJV
Vulnerability from github – Published: 2024-06-25 15:31 – Updated: 2024-08-19 21:35In the Linux kernel, the following vulnerability has been resolved:
eventfs: Fix a possible null pointer dereference in eventfs_find_events()
In function eventfs_find_events,there is a potential null pointer that may be caused by calling update_events_attr which will perform some operations on the members of the ei struct when ei is NULL.
Hence,When ei->is_freed is set,return NULL directly.
{
"affected": [],
"aliases": [
"CVE-2024-39470"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-25T15:15:15Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\neventfs: Fix a possible null pointer dereference in eventfs_find_events()\n\nIn function eventfs_find_events,there is a potential null pointer\nthat may be caused by calling update_events_attr which will perform\nsome operations on the members of the ei struct when ei is NULL.\n\nHence,When ei-\u003eis_freed is set,return NULL directly.",
"id": "GHSA-prg5-m4w6-pjjv",
"modified": "2024-08-19T21:35:07Z",
"published": "2024-06-25T15:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39470"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5ade5fbdbbb1f023bb70730ba4d74146c8bc7eb9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7a1b2d138189375ed1dcd7d0851118230221bd1d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d4e9a968738bf66d3bb852dd5588d4c7afd6d7f4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.