CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-WXFJ-MRV6-QF72
Vulnerability from github – Published: 2025-09-05 18:31 – Updated: 2026-05-12 15:31In the Linux kernel, the following vulnerability has been resolved:
s390/sclp: Fix SCCB present check
Tracing code called by the SCLP interrupt handler contains early exits if the SCCB address associated with an interrupt is NULL. This check is performed after physical to virtual address translation.
If the kernel identity mapping does not start at address zero, the resulting virtual address is never zero, so that the NULL checks won't work. Subsequently this may result in incorrect accesses to the first page of the identity mapping.
Fix this by introducing a function that handles the NULL case before address translation.
{
"affected": [],
"aliases": [
"CVE-2025-39694"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-05T18:15:46Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Fix SCCB present check\n\nTracing code called by the SCLP interrupt handler contains early exits\nif the SCCB address associated with an interrupt is NULL. This check is\nperformed after physical to virtual address translation.\n\nIf the kernel identity mapping does not start at address zero, the\nresulting virtual address is never zero, so that the NULL checks won\u0027t\nwork. Subsequently this may result in incorrect accesses to the first\npage of the identity mapping.\n\nFix this by introducing a function that handles the NULL case before\naddress translation.",
"id": "GHSA-wxfj-mrv6-qf72",
"modified": "2026-05-12T15:31:04Z",
"published": "2025-09-05T18:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39694"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/430fa71027b6ac9bb0ce5532b8d0676777d4219a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/61605c847599fbfdfafe638607841c7d73719081"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/86c2825791c3836a8f77a954b9c5ebe6fab410c5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aa5073ac1a2a274812f3b04c278992e68ff67cc7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bf83ae3537359af088d6577812ed93113dfbcb7b"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WXG9-7GQQ-WXGF
Vulnerability from github – Published: 2025-08-04 09:30 – Updated: 2025-08-04 09:30An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.
{
"affected": [],
"aliases": [
"CVE-2025-41691"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-04T08:15:48Z",
"severity": "HIGH"
},
"details": "An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.",
"id": "GHSA-wxg9-7gqq-wxgf",
"modified": "2025-08-04T09:30:28Z",
"published": "2025-08-04T09:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41691"
},
{
"type": "WEB",
"url": "https://certvde.com/de/advisories/VDE-2025-070"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WXGW-XR8V-5P75
Vulnerability from github – Published: 2025-03-06 18:31 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
ubifs: skip dumping tnc tree when zroot is null
Clearing slab cache will free all znode in memory and make c->zroot.znode = NULL, then dumping tnc tree will access c->zroot.znode which cause null pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2024-58058"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-06T16:15:52Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: skip dumping tnc tree when zroot is null\n\nClearing slab cache will free all znode in memory and make\nc-\u003ezroot.znode = NULL, then dumping tnc tree will access\nc-\u003ezroot.znode which cause null pointer dereference.",
"id": "GHSA-wxgw-xr8v-5p75",
"modified": "2026-07-14T15:31:19Z",
"published": "2025-03-06T18:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58058"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1787cd67bb94b106555ffe64f887f6aa24b47010"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2a987950df825d0144370e700dc5fb337684ffba"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/40e25a3c0063935763717877bb2a814c081509ff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/428aff8f7cfb0d9a8854477648022cef96bcab28"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6211c11fc20424bbc6d79c835c7c212b553ae898"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/77e5266e3d3faa6bdcf20d9c68a8972f6aa06522"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bdb0ca39e0acccf6771db49c3f94ed787d05f2d7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e01b55f261ccc96e347eba4931e4429d080d879d"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WXPG-MMXW-9MHR
Vulnerability from github – Published: 2023-05-31 15:30 – Updated: 2023-05-31 15:30NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.
{
"affected": [],
"aliases": [
"CVE-2023-3012"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-31T14:15:11Z",
"severity": "MODERATE"
},
"details": "NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.",
"id": "GHSA-wxpg-mmxw-9mhr",
"modified": "2023-05-31T15:30:19Z",
"published": "2023-05-31T15:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3012"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/53387aa86c1af1228d0fa57c67f9c7330716d5a7"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-WXPJ-3X4G-GRWP
Vulnerability from github – Published: 2022-05-17 02:21 – Updated: 2022-05-17 02:21The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080.
{
"affected": [],
"aliases": [
"CVE-2016-7079"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-29T09:59:00Z",
"severity": "HIGH"
},
"details": "The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080.",
"id": "GHSA-wxpj-3x4g-grwp",
"modified": "2022-05-17T02:21:03Z",
"published": "2022-05-17T02:21:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7079"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/92938"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036804"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0014.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WXQQ-8JJM-6PJM
Vulnerability from github – Published: 2024-11-07 12:30 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Don't call cleanup on profile rollback failure
When profile rollback fails in mlx5e_netdev_change_profile, the netdev profile var is left set to NULL. Avoid a crash when unloading the driver by not calling profile->cleanup in such a case.
This was encountered while testing, with the original trigger that the wq rescuer thread creation got interrupted (presumably due to Ctrl+C-ing modprobe), which gets converted to ENOMEM (-12) by mlx5e_priv_init, the profile rollback also fails for the same reason (signal still active) so the profile is left as NULL, leading to a crash later in _mlx5e_remove.
[ 732.473932] mlx5_core 0000:08:00.1: E-Switch: Unload vfs: mode(OFFLOADS), nvfs(2), necvfs(0), active vports(2) [ 734.525513] workqueue: Failed to create a rescuer kthread for wq "mlx5e": -EINTR [ 734.557372] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12 [ 734.559187] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: new profile init failed, -12 [ 734.560153] workqueue: Failed to create a rescuer kthread for wq "mlx5e": -EINTR [ 734.589378] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12 [ 734.591136] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12 [ 745.537492] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 745.538222] #PF: supervisor read access in kernel mode [ 745.551290] Call Trace: [ 745.551590] [ 745.551866] ? __die+0x20/0x60 [ 745.552218] ? page_fault_oops+0x150/0x400 [ 745.555307] ? exc_page_fault+0x79/0x240 [ 745.555729] ? asm_exc_page_fault+0x22/0x30 [ 745.556166] ? mlx5e_remove+0x6b/0xb0 [mlx5_core] [ 745.556698] auxiliary_bus_remove+0x18/0x30 [ 745.557134] device_release_driver_internal+0x1df/0x240 [ 745.557654] bus_remove_device+0xd7/0x140 [ 745.558075] device_del+0x15b/0x3c0 [ 745.558456] mlx5_rescan_drivers_locked.part.0+0xb1/0x2f0 [mlx5_core] [ 745.559112] mlx5_unregister_device+0x34/0x50 [mlx5_core] [ 745.559686] mlx5_uninit_one+0x46/0xf0 [mlx5_core] [ 745.560203] remove_one+0x4e/0xd0 [mlx5_core] [ 745.560694] pci_device_remove+0x39/0xa0 [ 745.561112] device_release_driver_internal+0x1df/0x240 [ 745.561631] driver_detach+0x47/0x90 [ 745.562022] bus_remove_driver+0x84/0x100 [ 745.562444] pci_unregister_driver+0x3b/0x90 [ 745.562890] mlx5_cleanup+0xc/0x1b [mlx5_core] [ 745.563415] __x64_sys_delete_module+0x14d/0x2f0 [ 745.563886] ? kmem_cache_free+0x1b0/0x460 [ 745.564313] ? lockdep_hardirqs_on_prepare+0xe2/0x190 [ 745.564825] do_syscall_64+0x6d/0x140 [ 745.565223] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 745.565725] RIP: 0033:0x7f1579b1288b
{
"affected": [],
"aliases": [
"CVE-2024-50146"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-07T10:15:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Don\u0027t call cleanup on profile rollback failure\n\nWhen profile rollback fails in mlx5e_netdev_change_profile, the netdev\nprofile var is left set to NULL. Avoid a crash when unloading the driver\nby not calling profile-\u003ecleanup in such a case.\n\nThis was encountered while testing, with the original trigger that\nthe wq rescuer thread creation got interrupted (presumably due to\nCtrl+C-ing modprobe), which gets converted to ENOMEM (-12) by\nmlx5e_priv_init, the profile rollback also fails for the same reason\n(signal still active) so the profile is left as NULL, leading to a crash\nlater in _mlx5e_remove.\n\n [ 732.473932] mlx5_core 0000:08:00.1: E-Switch: Unload vfs: mode(OFFLOADS), nvfs(2), necvfs(0), active vports(2)\n [ 734.525513] workqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\n [ 734.557372] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12\n [ 734.559187] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: new profile init failed, -12\n [ 734.560153] workqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\n [ 734.589378] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12\n [ 734.591136] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12\n [ 745.537492] BUG: kernel NULL pointer dereference, address: 0000000000000008\n [ 745.538222] #PF: supervisor read access in kernel mode\n\u003csnipped\u003e\n [ 745.551290] Call Trace:\n [ 745.551590] \u003cTASK\u003e\n [ 745.551866] ? __die+0x20/0x60\n [ 745.552218] ? page_fault_oops+0x150/0x400\n [ 745.555307] ? exc_page_fault+0x79/0x240\n [ 745.555729] ? asm_exc_page_fault+0x22/0x30\n [ 745.556166] ? mlx5e_remove+0x6b/0xb0 [mlx5_core]\n [ 745.556698] auxiliary_bus_remove+0x18/0x30\n [ 745.557134] device_release_driver_internal+0x1df/0x240\n [ 745.557654] bus_remove_device+0xd7/0x140\n [ 745.558075] device_del+0x15b/0x3c0\n [ 745.558456] mlx5_rescan_drivers_locked.part.0+0xb1/0x2f0 [mlx5_core]\n [ 745.559112] mlx5_unregister_device+0x34/0x50 [mlx5_core]\n [ 745.559686] mlx5_uninit_one+0x46/0xf0 [mlx5_core]\n [ 745.560203] remove_one+0x4e/0xd0 [mlx5_core]\n [ 745.560694] pci_device_remove+0x39/0xa0\n [ 745.561112] device_release_driver_internal+0x1df/0x240\n [ 745.561631] driver_detach+0x47/0x90\n [ 745.562022] bus_remove_driver+0x84/0x100\n [ 745.562444] pci_unregister_driver+0x3b/0x90\n [ 745.562890] mlx5_cleanup+0xc/0x1b [mlx5_core]\n [ 745.563415] __x64_sys_delete_module+0x14d/0x2f0\n [ 745.563886] ? kmem_cache_free+0x1b0/0x460\n [ 745.564313] ? lockdep_hardirqs_on_prepare+0xe2/0x190\n [ 745.564825] do_syscall_64+0x6d/0x140\n [ 745.565223] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n [ 745.565725] RIP: 0033:0x7f1579b1288b",
"id": "GHSA-wxqq-8jjm-6pjm",
"modified": "2025-11-03T21:31:33Z",
"published": "2024-11-07T12:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50146"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3955b77494c3c7d14873b1db67e7e00c46a714db"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4dbc1d1a9f39c3711ad2a40addca04d07d9ab5d0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d6fe973c8873c998734a050f366b28facc03d32a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/db84cb4c8c565e6d4de84b23c2818b63991adfdd"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WXV8-6X37-53R6
Vulnerability from github – Published: 2023-07-24 18:30 – Updated: 2024-08-27 21:31A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
{
"affected": [],
"aliases": [
"CVE-2023-32252"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-24T16:15:11Z",
"severity": "HIGH"
},
"details": "A flaw was found in the Linux kernel\u0027s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.",
"id": "GHSA-wxv8-6x37-53r6",
"modified": "2024-08-27T21:31:10Z",
"published": "2023-07-24T18:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32252"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-32252"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219815"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231124-0001"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20590"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WXWQ-C95X-686R
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-07-16 12:32In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw88: check for PCI upstream bridge existence
pci_upstream_bridge() returns NULL if the device is on a root bus. If 8821CE is installed in the system with such a PCI topology, the probing routine will crash. This has probably been unnoticed as 8821CE is mostly supplied in laptops where there is a PCI-to-PCI bridge located upstream from the device. However the card might be installed on a system with different configuration.
Check if the bridge does exist for the specific workaround to be applied.
Found by Linux Verification Center (linuxtesting.org) with Svace static analysis tool.
{
"affected": [],
"aliases": [
"CVE-2026-46092"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:30Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: check for PCI upstream bridge existence\n\npci_upstream_bridge() returns NULL if the device is on a root bus. If\n8821CE is installed in the system with such a PCI topology, the probing\nroutine will crash. This has probably been unnoticed as 8821CE is mostly\nsupplied in laptops where there is a PCI-to-PCI bridge located upstream\nfrom the device. However the card might be installed on a system with\ndifferent configuration.\n\nCheck if the bridge does exist for the specific workaround to be applied.\n\nFound by Linux Verification Center (linuxtesting.org) with Svace static\nanalysis tool.",
"id": "GHSA-wxwq-c95x-686r",
"modified": "2026-07-16T12:32:19Z",
"published": "2026-05-27T15:33:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46092"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/000134a20bbf89b1152520a2eef71f91fdb83a5b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3b89b4c095804c478d50376285e66700cf3c045f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3bbbb56204f7359ce2139a9341b43b52a186261c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6c53d68e3bcfc8faccdd76c3383a9232b05c9ae6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/959c13da6c36167ce1016d400a6104d2367f686e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cc9b6303e7ea91bc360b42c7edc1fe9ceb2f47fe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eb101d2abdcccb514ca4fccd3b278dd8267374f6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WXWX-RGHM-5HM2
Vulnerability from github – Published: 2026-01-02 15:30 – Updated: 2026-01-05 21:30A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
{
"affected": [],
"aliases": [
"CVE-2025-52431"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-02T15:16:00Z",
"severity": "LOW"
},
"details": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.7.3256 build 20250913 and later\nQuTS hero h5.2.7.3256 build 20250913 and later\nQuTS hero h5.3.1.3250 build 20250912 and later",
"id": "GHSA-wxwx-rghm-5hm2",
"modified": "2026-01-05T21:30:29Z",
"published": "2026-01-02T15:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52431"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-25-50"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-X236-J29M-67WP
Vulnerability from github – Published: 2025-03-12 00:31 – Updated: 2025-03-12 00:31In the Linux kernel, the following vulnerability has been resolved:
ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error
The initial settings will be written before the codec probe function. But, the rt711->component doesn't be assigned yet. If IO error happened during initial settings operations, it will cause the kernel panic. This patch changed component->dev to slave->dev to fix this issue.
{
"affected": [],
"aliases": [
"CVE-2022-49615"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:36Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error\n\nThe initial settings will be written before the codec probe function.\nBut, the rt711-\u003ecomponent doesn\u0027t be assigned yet.\nIf IO error happened during initial settings operations, it will cause the kernel panic.\nThis patch changed component-\u003edev to slave-\u003edev to fix this issue.",
"id": "GHSA-x236-j29m-67wp",
"modified": "2025-03-12T00:31:46Z",
"published": "2025-03-12T00:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49615"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1df793d479bef546569fc2e409ff8bb3f0fb8e99"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/269be8b2907378adf72d7347cfa43ef230351a06"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7bb71133cae88d3003a3490b97864af76533072b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.