Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-XMM5-6QH4-9F74

Vulnerability from github – Published: 2022-05-14 02:57 – Updated: 2022-05-14 02:57
VLAI
Details

VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-6972"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-25T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.",
  "id": "GHSA-xmm5-6qh4-9f74",
  "modified": "2022-05-14T02:57:54Z",
  "published": "2022-05-14T02:57:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6972"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0018.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104884"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041356"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041357"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XMQF-P7F5-83HR

Vulnerability from github – Published: 2022-05-14 03:27 – Updated: 2022-05-14 03:27
VLAI
Details

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-4140"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-03T06:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the \"Telephony\" component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message.",
  "id": "GHSA-xmqf-p7f5-83hr",
  "modified": "2022-05-14T03:27:48Z",
  "published": "2022-05-14T03:27:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4140"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208693"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103578"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040604"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XMR6-MM5F-8MF2

Vulnerability from github – Published: 2026-02-11 15:30 – Updated: 2026-02-12 18:30
VLAI
Details

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59386"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-11T13:15:57Z",
    "severity": "LOW"
  },
  "details": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nQuTS hero h5.3.2.3354 build 20251225 and later",
  "id": "GHSA-xmr6-mm5f-8mf2",
  "modified": "2026-02-12T18:30:21Z",
  "published": "2026-02-11T15:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59386"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-26-08"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XP37-P5RQ-3C53

Vulnerability from github – Published: 2025-07-04 15:31 – Updated: 2025-11-18 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

smb: client: add NULL check in automount_fullpath

page is checked for null in __build_path_from_dentry_optional_prefix when tcon->origin_fullpath is not set. However, the check is missing when it is set. Add a check to prevent a potential NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38208"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-04T14:15:28Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: add NULL check in automount_fullpath\n\npage is checked for null in __build_path_from_dentry_optional_prefix\nwhen tcon-\u003eorigin_fullpath is not set. However, the check is missing when\nit is set.\nAdd a check to prevent a potential NULL pointer dereference.",
  "id": "GHSA-xp37-p5rq-3c53",
  "modified": "2025-11-18T18:32:47Z",
  "published": "2025-07-04T15:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38208"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/37166d63e42c34846a16001950ecec96229a8d17"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a9e916fa5c7d0ec2256aa44aa24ddd92f529ce35"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cce8e71ca1f7ad9045707f0d22490c1e9ed1df6c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f1e7a277a1736e12cc4bd6d93b8a5c439b8ca20c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XP6J-2QR8-4336

Vulnerability from github – Published: 2022-03-31 00:00 – Updated: 2022-04-06 00:01
VLAI
Details

Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1172"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-30T10:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV.",
  "id": "GHSA-xp6j-2qr8-4336",
  "modified": "2022-04-06T00:01:56Z",
  "published": "2022-03-31T00:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1172"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/55a183e6b8602369c04ea3836e05436a79fbc7f8"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/a26cb79c-9257-4fbf-98c5-a5a331efa264"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XP6Q-CM7H-QG74

Vulnerability from github – Published: 2023-06-20 21:30 – Updated: 2024-04-04 04:59
VLAI
Details

An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3220"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-20T20:15:09Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference.",
  "id": "GHSA-xp6q-cm7h-qg74",
  "modified": "2024-04-04T04:59:07Z",
  "published": "2023-06-20T21:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3220"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93340e10b9c5fc86730d149636e0aa8b47bb5a34"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XP7W-6352-489G

Vulnerability from github – Published: 2025-05-09 09:33 – Updated: 2025-11-12 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS

When testing a special config:

CONFIG_NETFS_SUPPORTS=y CONFIG_PROC_FS=n

The system crashes with something like:

[ 3.766197] ------------[ cut here ]------------ [ 3.766484] kernel BUG at mm/mempool.c:560! [ 3.766789] Oops: invalid opcode: 0000 [#1] SMP NOPTI [ 3.767123] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W [ 3.767777] Tainted: [W]=WARN [ 3.767968] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), [ 3.768523] RIP: 0010:mempool_alloc_slab.cold+0x17/0x19 [ 3.768847] Code: 50 fe ff 58 5b 5d 41 5c 41 5d 41 5e 41 5f e9 93 95 13 00 [ 3.769977] RSP: 0018:ffffc90000013998 EFLAGS: 00010286 [ 3.770315] RAX: 000000000000002f RBX: ffff888100ba8640 RCX: 0000000000000000 [ 3.770749] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 00000000ffffffff [ 3.771217] RBP: 0000000000092880 R08: 0000000000000000 R09: ffffc90000013828 [ 3.771664] R10: 0000000000000001 R11: 00000000ffffffea R12: 0000000000092cc0 [ 3.772117] R13: 0000000000000400 R14: ffff8881004b1620 R15: ffffea0004ef7e40 [ 3.772554] FS: 0000000000000000(0000) GS:ffff8881b5f3c000(0000) knlGS:0000000000000000 [ 3.773061] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.773443] CR2: ffffffff830901b4 CR3: 0000000004296001 CR4: 0000000000770ef0 [ 3.773884] PKRU: 55555554 [ 3.774058] Call Trace: [ 3.774232] [ 3.774371] mempool_alloc_noprof+0x6a/0x190 [ 3.774649] ? _printk+0x57/0x80 [ 3.774862] netfs_alloc_request+0x85/0x2ce [ 3.775147] netfs_readahead+0x28/0x170 [ 3.775395] read_pages+0x6c/0x350 [ 3.775623] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3.775928] page_cache_ra_unbounded+0x1bd/0x2a0 [ 3.776247] filemap_get_pages+0x139/0x970 [ 3.776510] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3.776820] filemap_read+0xf9/0x580 [ 3.777054] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3.777368] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3.777674] ? find_held_lock+0x32/0x90 [ 3.777929] ? netfs_start_io_read+0x19/0x70 [ 3.778221] ? netfs_start_io_read+0x19/0x70 [ 3.778489] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3.778800] ? lock_acquired+0x1e6/0x450 [ 3.779054] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3.779379] netfs_buffered_read_iter+0x57/0x80 [ 3.779670] __kernel_read+0x158/0x2c0 [ 3.779927] bprm_execve+0x300/0x7a0 [ 3.780185] kernel_execve+0x10c/0x140 [ 3.780423] ? __pfx_kernel_init+0x10/0x10 [ 3.780690] kernel_init+0xd5/0x150 [ 3.780910] ret_from_fork+0x2d/0x50 [ 3.781156] ? __pfx_kernel_init+0x10/0x10 [ 3.781414] ret_from_fork_asm+0x1a/0x30 [ 3.781677] [ 3.781823] Modules linked in: [ 3.782065] ---[ end trace 0000000000000000 ]---

This is caused by the following error path in netfs_init():

    if (!proc_mkdir("fs/netfs", NULL))
            goto error_proc;

Fix this by adding ifdef in netfs_main(), so that /proc/fs/netfs is only created with CONFIG_PROC_FS.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37876"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-09T07:16:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Only create /proc/fs/netfs with CONFIG_PROC_FS\n\nWhen testing a special config:\n\nCONFIG_NETFS_SUPPORTS=y\nCONFIG_PROC_FS=n\n\nThe system crashes with something like:\n\n[    3.766197] ------------[ cut here ]------------\n[    3.766484] kernel BUG at mm/mempool.c:560!\n[    3.766789] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[    3.767123] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G        W\n[    3.767777] Tainted: [W]=WARN\n[    3.767968] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n[    3.768523] RIP: 0010:mempool_alloc_slab.cold+0x17/0x19\n[    3.768847] Code: 50 fe ff 58 5b 5d 41 5c 41 5d 41 5e 41 5f e9 93 95 13 00\n[    3.769977] RSP: 0018:ffffc90000013998 EFLAGS: 00010286\n[    3.770315] RAX: 000000000000002f RBX: ffff888100ba8640 RCX: 0000000000000000\n[    3.770749] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 00000000ffffffff\n[    3.771217] RBP: 0000000000092880 R08: 0000000000000000 R09: ffffc90000013828\n[    3.771664] R10: 0000000000000001 R11: 00000000ffffffea R12: 0000000000092cc0\n[    3.772117] R13: 0000000000000400 R14: ffff8881004b1620 R15: ffffea0004ef7e40\n[    3.772554] FS:  0000000000000000(0000) GS:ffff8881b5f3c000(0000) knlGS:0000000000000000\n[    3.773061] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[    3.773443] CR2: ffffffff830901b4 CR3: 0000000004296001 CR4: 0000000000770ef0\n[    3.773884] PKRU: 55555554\n[    3.774058] Call Trace:\n[    3.774232]  \u003cTASK\u003e\n[    3.774371]  mempool_alloc_noprof+0x6a/0x190\n[    3.774649]  ? _printk+0x57/0x80\n[    3.774862]  netfs_alloc_request+0x85/0x2ce\n[    3.775147]  netfs_readahead+0x28/0x170\n[    3.775395]  read_pages+0x6c/0x350\n[    3.775623]  ? srso_alias_return_thunk+0x5/0xfbef5\n[    3.775928]  page_cache_ra_unbounded+0x1bd/0x2a0\n[    3.776247]  filemap_get_pages+0x139/0x970\n[    3.776510]  ? srso_alias_return_thunk+0x5/0xfbef5\n[    3.776820]  filemap_read+0xf9/0x580\n[    3.777054]  ? srso_alias_return_thunk+0x5/0xfbef5\n[    3.777368]  ? srso_alias_return_thunk+0x5/0xfbef5\n[    3.777674]  ? find_held_lock+0x32/0x90\n[    3.777929]  ? netfs_start_io_read+0x19/0x70\n[    3.778221]  ? netfs_start_io_read+0x19/0x70\n[    3.778489]  ? srso_alias_return_thunk+0x5/0xfbef5\n[    3.778800]  ? lock_acquired+0x1e6/0x450\n[    3.779054]  ? srso_alias_return_thunk+0x5/0xfbef5\n[    3.779379]  netfs_buffered_read_iter+0x57/0x80\n[    3.779670]  __kernel_read+0x158/0x2c0\n[    3.779927]  bprm_execve+0x300/0x7a0\n[    3.780185]  kernel_execve+0x10c/0x140\n[    3.780423]  ? __pfx_kernel_init+0x10/0x10\n[    3.780690]  kernel_init+0xd5/0x150\n[    3.780910]  ret_from_fork+0x2d/0x50\n[    3.781156]  ? __pfx_kernel_init+0x10/0x10\n[    3.781414]  ret_from_fork_asm+0x1a/0x30\n[    3.781677]  \u003c/TASK\u003e\n[    3.781823] Modules linked in:\n[    3.782065] ---[ end trace 0000000000000000 ]---\n\nThis is caused by the following error path in netfs_init():\n\n        if (!proc_mkdir(\"fs/netfs\", NULL))\n                goto error_proc;\n\nFix this by adding ifdef in netfs_main(), so that /proc/fs/netfs is only\ncreated with CONFIG_PROC_FS.",
  "id": "GHSA-xp7w-6352-489g",
  "modified": "2025-11-12T21:31:03Z",
  "published": "2025-05-09T09:33:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37876"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2ef6eea2efce01d1956ace483216f6b6e26330c9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/40cb48eba3b4b79e110c1a35d33a48cac54507a2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6c4c5e0b96a90f2a11c378e66edc1f25165e10b6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XP9G-FF98-2FFP

Vulnerability from github – Published: 2022-05-14 03:37 – Updated: 2022-05-14 03:37
VLAI
Details

A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7454"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-24T06:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.",
  "id": "GHSA-xp9g-ff98-2ffp",
  "modified": "2022-05-14T03:37:04Z",
  "published": "2022-05-14T03:37:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7454"
    },
    {
      "type": "WEB",
      "url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XP9R-Q4X9-G9FR

Vulnerability from github – Published: 2022-08-05 00:00 – Updated: 2022-08-11 00:00
VLAI
Details

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-35245"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-04T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-xp9r-q4x9-g9fr",
  "modified": "2022-08-11T00:00:31Z",
  "published": "2022-08-05T00:00:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35245"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K58235223"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XPFG-HQMQ-GR2W

Vulnerability from github – Published: 2025-09-23 15:31 – Updated: 2025-09-23 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: fix panic on shutdown if multi-chip tree failed to probe

DSA probing is atypical because a tree of devices must probe all at once, so out of N switches which call dsa_tree_setup_routing_table() during probe, for (N - 1) of them, "complete" will return false and they will exit probing early. The Nth switch will set up the whole tree on their behalf.

The implication is that for (N - 1) switches, the driver binds to the device successfully, without doing anything. When the driver is bound, the ->shutdown() method may run. But if the Nth switch has failed to initialize the tree, there is nothing to do for the (N - 1) driver instances, since the slave devices have not been created, etc. Moreover, dsa_switch_shutdown() expects that the calling @ds has been in fact initialized, so it jumps at dereferencing the various data structures, which is incorrect.

Avoid the ensuing NULL pointer dereferences by simply checking whether the Nth switch has previously set "ds->setup = true" for the switch which is currently shutting down. The entire setup is serialized under dsa2_mutex which we already hold.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49195"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:56Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: fix panic on shutdown if multi-chip tree failed to probe\n\nDSA probing is atypical because a tree of devices must probe all at\nonce, so out of N switches which call dsa_tree_setup_routing_table()\nduring probe, for (N - 1) of them, \"complete\" will return false and they\nwill exit probing early. The Nth switch will set up the whole tree on\ntheir behalf.\n\nThe implication is that for (N - 1) switches, the driver binds to the\ndevice successfully, without doing anything. When the driver is bound,\nthe -\u003eshutdown() method may run. But if the Nth switch has failed to\ninitialize the tree, there is nothing to do for the (N - 1) driver\ninstances, since the slave devices have not been created, etc. Moreover,\ndsa_switch_shutdown() expects that the calling @ds has been in fact\ninitialized, so it jumps at dereferencing the various data structures,\nwhich is incorrect.\n\nAvoid the ensuing NULL pointer dereferences by simply checking whether\nthe Nth switch has previously set \"ds-\u003esetup = true\" for the switch\nwhich is currently shutting down. The entire setup is serialized under\ndsa2_mutex which we already hold.",
  "id": "GHSA-xpfg-hqmq-gr2w",
  "modified": "2025-09-23T15:31:08Z",
  "published": "2025-09-23T15:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49195"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8fd36358ce82382519b50b05f437493e1e00c4a9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/95df5cd5a446df6738d2d45872e08594819080e4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b6e668ff43ebd87ccc8a19e5481345c428672295"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b864d5350c18bea9369d0bdd9e7eb6f6172cc283"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.