CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6298 vulnerabilities reference this CWE, most recent first.
GHSA-F37V-82C4-4X64
Vulnerability from github – Published: 2026-04-07 15:52 – Updated: 2026-04-08 11:57Impact
Apps that call clipboard.readImage() may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decode, the resulting null bitmap is passed unchecked to image construction, triggering a controlled abort and crashing the process.
Apps are only affected if they call clipboard.readImage(). Apps that do not read images from the clipboard are not affected. This issue does not allow memory corruption or code execution.
Workarounds
Validate that the clipboard contains image data via clipboard.availableFormats() before calling clipboard.readImage(). Note this only narrows the window — upgrading to a fixed version is recommended.
Fixed Versions
42.0.0-alpha.541.1.040.8.539.8.5
For more information
If you have any questions or comments about this advisory, email us at security@electronjs.org
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "39.8.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "40.0.0-alpha.1"
},
{
"fixed": "40.8.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "41.0.0-alpha.1"
},
{
"fixed": "41.1.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "42.0.0-alpha.1"
},
{
"fixed": "42.0.0-alpha.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-34781"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-07T15:52:28Z",
"nvd_published_at": "2026-04-07T22:16:23Z",
"severity": "LOW"
},
"details": "### Impact\nApps that call `clipboard.readImage()` may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decode, the resulting null bitmap is passed unchecked to image construction, triggering a controlled abort and crashing the process.\n\nApps are only affected if they call `clipboard.readImage()`. Apps that do not read images from the clipboard are not affected. This issue does not allow memory corruption or code execution.\n\n### Workarounds\nValidate that the clipboard contains image data via `clipboard.availableFormats()` before calling `clipboard.readImage()`. Note this only narrows the window \u2014 upgrading to a fixed version is recommended.\n\n### Fixed Versions\n* `42.0.0-alpha.5`\n* `41.1.0`\n* `40.8.5`\n* `39.8.5`\n\n### For more information\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org)",
"id": "GHSA-f37v-82c4-4x64",
"modified": "2026-04-08T11:57:06Z",
"published": "2026-04-07T15:52:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34781"
},
{
"type": "WEB",
"url": "https://github.com/electron/electron/pull/50475"
},
{
"type": "WEB",
"url": "https://github.com/electron/electron/commit/a48f03fb8d03933547281ddb2dbb6c6b9e705287"
},
{
"type": "PACKAGE",
"url": "https://github.com/electron/electron"
},
{
"type": "WEB",
"url": "https://github.com/electron/electron/releases/tag/v39.8.5"
},
{
"type": "WEB",
"url": "https://github.com/electron/electron/releases/tag/v40.8.5"
},
{
"type": "WEB",
"url": "https://github.com/electron/electron/releases/tag/v41.1.0"
},
{
"type": "WEB",
"url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Electron: Crash in clipboard.readImage() on malformed clipboard image data"
}
GHSA-F38C-296G-J6X2
Vulnerability from github – Published: 2025-09-24 15:31 – Updated: 2025-09-24 15:31NVIDIA CUDA Toolkit contains a vulnerability in cuobjdump, where an unprivileged user can cause a NULL pointer dereference. A successful exploit of this vulnerability may lead to a limited denial of service.
{
"affected": [],
"aliases": [
"CVE-2025-23346"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-24T14:15:48Z",
"severity": "LOW"
},
"details": "NVIDIA CUDA Toolkit contains a vulnerability in cuobjdump, where an unprivileged user can cause a NULL pointer dereference. A successful exploit of this vulnerability may lead to a limited denial of service.",
"id": "GHSA-f38c-296g-j6x2",
"modified": "2025-09-24T15:31:14Z",
"published": "2025-09-24T15:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23346"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5661"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23346"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-F39X-MP5J-46F3
Vulnerability from github – Published: 2025-07-04 15:31 – Updated: 2025-12-18 18:30In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix null pointer dereference in destroy_previous_session
If client set ->PreviousSessionId on kerberos session setup stage, NULL pointer dereference error will happen. Since sess->user is not set yet, It can pass the user argument as NULL to destroy_previous_session. sess->user will be set in ksmbd_krb5_authenticate(). So this patch move calling destroy_previous_session() after ksmbd_krb5_authenticate().
{
"affected": [],
"aliases": [
"CVE-2025-38191"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-04T14:15:26Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix null pointer dereference in destroy_previous_session\n\nIf client set -\u003ePreviousSessionId on kerberos session setup stage,\nNULL pointer dereference error will happen. Since sess-\u003euser is not\nset yet, It can pass the user argument as NULL to destroy_previous_session.\nsess-\u003euser will be set in ksmbd_krb5_authenticate(). So this patch move\ncalling destroy_previous_session() after ksmbd_krb5_authenticate().",
"id": "GHSA-f39x-mp5j-46f3",
"modified": "2025-12-18T18:30:28Z",
"published": "2025-07-04T15:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38191"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/076f1adefb9837977af7ed233883842ddc446644"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0902625a24eea7fdc187faa5d97df244d159dd6e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1193486dffb7432a09f57f5d09049b4d4123538b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/281afc52e2961cd5dd8326ebc9c5bc40904c0468"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7ac5b66acafcc9292fb935d7e03790f2b8b2dc0e"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-610"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F3FV-7PQW-59CX
Vulnerability from github – Published: 2022-05-17 00:27 – Updated: 2022-05-17 00:27BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.
{
"affected": [],
"aliases": [
"CVE-2016-10189"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-14T14:59:00Z",
"severity": "HIGH"
},
"details": "BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.",
"id": "GHSA-f3fv-7pqw-59cx",
"modified": "2022-05-17T00:27:43Z",
"published": "2022-05-17T00:27:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10189"
},
{
"type": "WEB",
"url": "https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f"
},
{
"type": "WEB",
"url": "https://bugs.bitlbee.org/ticket/1282"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3853"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/11"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95931"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F3GG-2QFF-FG59
Vulnerability from github – Published: 2026-06-03 15:30 – Updated: 2026-06-03 18:33A NULL pointer dereference in the gf_filter_pid_resolve_file_template_ex function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.
{
"affected": [],
"aliases": [
"CVE-2025-60477"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-03T14:16:31Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference in the gf_filter_pid_resolve_file_template_ex function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.",
"id": "GHSA-f3gg-2qff-fg59",
"modified": "2026-06-03T18:33:09Z",
"published": "2026-06-03T15:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60477"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/3301"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/13eb5b76560aaf7813b865a2ad433258478e2695"
},
{
"type": "WEB",
"url": "https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/48/README.md"
},
{
"type": "WEB",
"url": "https://infosec.exchange/@sigdevel/116658486442433074"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F3GG-6F8F-39GH
Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()
Since commit 3f8ca2e115e5 ("vhost/scsi: Extract common handling code from control queue handler") a null pointer dereference bug can be triggered when guest sends an SCSI AN request.
In vhost_scsi_ctl_handle_vq(), vc.target is assigned with
&v_req.tmf.lun[1] within a switch-case block and is then passed to
vhost_scsi_get_req() which extracts vc->req and tpg. However, for
a VIRTIO_SCSI_T_AN_* request, tpg is not required, so vc.target is
set to NULL in this branch. Later, in vhost_scsi_get_req(),
vc->target is dereferenced without being checked, leading to a null
pointer dereference bug. This bug can be triggered from guest.
When this bug occurs, the vhost_worker process is killed while holding
vq->mutex and the corresponding tpg will remain occupied
indefinitely.
Below is the KASAN report: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 840 Comm: poc Not tainted 6.10.0+ #1 Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:vhost_scsi_get_req+0x165/0x3a0 Code: 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2b 02 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 65 30 4c 89 e2 48 c1 ea 03 <0f> b6 04 02 4c 89 e2 83 e2 07 38 d0 7f 08 84 c0 0f 85 be 01 00 00 RSP: 0018:ffff888017affb50 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff88801b000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888017affcb8 RBP: ffff888017affb80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff888017affc88 R14: ffff888017affd1c R15: ffff888017993000 FS: 000055556e076500(0000) GS:ffff88806b100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000200027c0 CR3: 0000000010ed0004 CR4: 0000000000370ef0 Call Trace: ? show_regs+0x86/0xa0 ? die_addr+0x4b/0xd0 ? exc_general_protection+0x163/0x260 ? asm_exc_general_protection+0x27/0x30 ? vhost_scsi_get_req+0x165/0x3a0 vhost_scsi_ctl_handle_vq+0x2a4/0xca0 ? __pfx_vhost_scsi_ctl_handle_vq+0x10/0x10 ? __switch_to+0x721/0xeb0 ? __schedule+0xda5/0x5710 ? __kasan_check_write+0x14/0x30 ? _raw_spin_lock+0x82/0xf0 vhost_scsi_ctl_handle_kick+0x52/0x90 vhost_run_work_list+0x134/0x1b0 vhost_task_fn+0x121/0x350 ... ---[ end trace 0000000000000000 ]---
Let's add a check in vhost_scsi_get_req.
[whitespace fixes]
{
"affected": [],
"aliases": [
"CVE-2024-49863"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/scsi: null-ptr-dereference in vhost_scsi_get_req()\n\nSince commit 3f8ca2e115e5 (\"vhost/scsi: Extract common handling code\nfrom control queue handler\") a null pointer dereference bug can be\ntriggered when guest sends an SCSI AN request.\n\nIn vhost_scsi_ctl_handle_vq(), `vc.target` is assigned with\n`\u0026v_req.tmf.lun[1]` within a switch-case block and is then passed to\nvhost_scsi_get_req() which extracts `vc-\u003ereq` and `tpg`. However, for\na `VIRTIO_SCSI_T_AN_*` request, tpg is not required, so `vc.target` is\nset to NULL in this branch. Later, in vhost_scsi_get_req(),\n`vc-\u003etarget` is dereferenced without being checked, leading to a null\npointer dereference bug. This bug can be triggered from guest.\n\nWhen this bug occurs, the vhost_worker process is killed while holding\n`vq-\u003emutex` and the corresponding tpg will remain occupied\nindefinitely.\n\nBelow is the KASAN report:\nOops: general protection fault, probably for non-canonical address\n0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 PID: 840 Comm: poc Not tainted 6.10.0+ #1\nHardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS\n1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:vhost_scsi_get_req+0x165/0x3a0\nCode: 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2b 02 00 00\n48 b8 00 00 00 00 00 fc ff df 4d 8b 65 30 4c 89 e2 48 c1 ea 03 \u003c0f\u003e b6\n04 02 4c 89 e2 83 e2 07 38 d0 7f 08 84 c0 0f 85 be 01 00 00\nRSP: 0018:ffff888017affb50 EFLAGS: 00010246\nRAX: dffffc0000000000 RBX: ffff88801b000000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888017affcb8\nRBP: ffff888017affb80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888017affc88 R14: ffff888017affd1c R15: ffff888017993000\nFS: 000055556e076500(0000) GS:ffff88806b100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200027c0 CR3: 0000000010ed0004 CR4: 0000000000370ef0\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x86/0xa0\n ? die_addr+0x4b/0xd0\n ? exc_general_protection+0x163/0x260\n ? asm_exc_general_protection+0x27/0x30\n ? vhost_scsi_get_req+0x165/0x3a0\n vhost_scsi_ctl_handle_vq+0x2a4/0xca0\n ? __pfx_vhost_scsi_ctl_handle_vq+0x10/0x10\n ? __switch_to+0x721/0xeb0\n ? __schedule+0xda5/0x5710\n ? __kasan_check_write+0x14/0x30\n ? _raw_spin_lock+0x82/0xf0\n vhost_scsi_ctl_handle_kick+0x52/0x90\n vhost_run_work_list+0x134/0x1b0\n vhost_task_fn+0x121/0x350\n...\n \u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nLet\u0027s add a check in vhost_scsi_get_req.\n\n[whitespace fixes]",
"id": "GHSA-f3gg-6f8f-39gh",
"modified": "2025-11-04T00:31:40Z",
"published": "2024-10-21T18:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49863"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/00fb5b23e1c9cdbe496f5cd6b40367cb895f6c93"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/221af82f606d928ccef19a16d35633c63026f1be"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/25613e6d9841a1f9fb985be90df921fa99f800de"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/46128370a72c431df733af5ebb065c4d48c9ad39"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/61517f33e76d2c5247c1e61e668693afe5b67e6f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6592347f06e2b19a624270a85ad4b3ae48c3b241"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ace9c778a214da9c98d7b69d904d1b0816f4f681"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F3GR-QVC9-J8PV
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42An Untrusted Pointer Dereference can occur while doing USB control transfers, if multiple requests of different standard request categories like device, interface & endpoint are made together. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
{
"affected": [],
"aliases": [
"CVE-2020-11286"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-22T07:15:00Z",
"severity": "MODERATE"
},
"details": "An Untrusted Pointer Dereference can occur while doing USB control transfers, if multiple requests of different standard request categories like device, interface \u0026 endpoint are made together. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"id": "GHSA-f3gr-qvc9-j8pv",
"modified": "2022-05-24T17:42:46Z",
"published": "2022-05-24T17:42:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11286"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-F3JX-M3PV-VM95
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a null pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2021-25693"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-13T14:15:00Z",
"severity": "HIGH"
},
"details": "An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a null pointer dereference.",
"id": "GHSA-f3jx-m3pv-vm95",
"modified": "2022-05-24T19:02:22Z",
"published": "2022-05-24T19:02:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25693"
},
{
"type": "WEB",
"url": "https://advisory.teradici.com/security-advisories/79"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-F3MW-FG4X-6X2P
Vulnerability from github – Published: 2025-04-01 18:30 – Updated: 2025-04-10 18:32In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Fix NULL Pointer Dereference in KFD queue
Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrence when calling kfd_queue_acquire_buffers.
(cherry picked from commit 049e5bf3c8406f87c3d8e1958e0a16804fa1d530)
{
"affected": [],
"aliases": [
"CVE-2025-21940"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-01T16:15:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix NULL Pointer Dereference in KFD queue\n\nThrough KFD IOCTL Fuzzing we encountered a NULL pointer derefrence\nwhen calling kfd_queue_acquire_buffers.\n\n(cherry picked from commit 049e5bf3c8406f87c3d8e1958e0a16804fa1d530)",
"id": "GHSA-f3mw-fg4x-6x2p",
"modified": "2025-04-10T18:32:00Z",
"published": "2025-04-01T18:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21940"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/33eb8041c5d6c19d46e7bfd23a031844336afd80"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c3cbeafb4e0001d9146df50b470885e02664f3c7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fd617ea3b79d2116d53f76cdb5a3601c0ba6e42f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F3PX-8F8H-RCXH
Vulnerability from github – Published: 2024-08-17 09:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
In cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd.
{
"affected": [],
"aliases": [
"CVE-2024-42310"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-17T09:15:11Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes\n\nIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate(). Add a check to avoid npd.",
"id": "GHSA-f3px-8f8h-rcxh",
"modified": "2025-11-04T00:31:13Z",
"published": "2024-08-17T09:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42310"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/08f45102c81ad8bc9f85f7a25e9f64e128edb87d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2d209b2f862f6b8bff549ede541590a8d119da23"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/977ee4fe895e1729cd36cc26916bbb10084713d6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a658ae2173ab74667c009e2550455e6de5b33ddc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b6ac46a00188cde50ffba233e6efb366354a1de5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e74eb5e8089427c8c49e0dd5067e5f39ce3a4d56"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f392c36cebf4c1d6997a4cc2c0f205254acef42a"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.