Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6298 vulnerabilities reference this CWE, most recent first.

GHSA-F7WQ-CJ78-R6C9

Vulnerability from github – Published: 2026-05-27 21:31 – Updated: 2026-05-27 21:31
VLAI
Details

When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBin_LoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not present in the installation. As a result, a function pointer to WOSBin_LoadHttpModule (which would have been in the export table in WOSHttpStatusModule.dll) is set to NULL, resulting in calling a function at address 0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8359"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T20:16:42Z",
    "severity": "HIGH"
  },
  "details": "When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBin_LoadHttpModule function in the dll would be called to set up a \"module\" object for that module. However, WOSHttpStatusModule.dll is not present in the installation. As a result, a function pointer to WOSBin_LoadHttpModule (which would have been in the export table in WOSHttpStatusModule.dll) is set to NULL, resulting in calling a function at address 0.",
  "id": "GHSA-f7wq-cj78-r6c9",
  "modified": "2026-05-27T21:31:26Z",
  "published": "2026-05-27T21:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8359"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/TRA-2026-45"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F7XJ-99J9-66Q2

Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-16 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()

Fix a NULL pointer crash that occurs when we are freeing the socket at the same time we access it via sysfs.

The problem is that:

  1. iscsi_sw_tcp_conn_get_param() and iscsi_sw_tcp_host_get_param() take the frwd_lock and do sock_hold() then drop the frwd_lock. sock_hold() does a get on the "struct sock".

  2. iscsi_sw_tcp_release_conn() does sockfd_put() which does the last put on the "struct socket" and that does __sock_release() which sets the sock->ops to NULL.

  3. iscsi_sw_tcp_conn_get_param() and iscsi_sw_tcp_host_get_param() then call kernel_getpeername() which accesses the NULL sock->ops.

Above we do a get on the "struct sock", but we needed a get on the "struct socket". Originally, we just held the frwd_lock the entire time but in commit bcf3a2953d36 ("scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername()") we switched to refcount based because the network layer changed and started taking a mutex in that path, so we could no longer hold the frwd_lock.

Instead of trying to maintain multiple refcounts, this just has us use a mutex for accessing the socket in the interface code paths.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T12:15:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()\n\nFix a NULL pointer crash that occurs when we are freeing the socket at the\nsame time we access it via sysfs.\n\nThe problem is that:\n\n 1. iscsi_sw_tcp_conn_get_param() and iscsi_sw_tcp_host_get_param() take\n    the frwd_lock and do sock_hold() then drop the frwd_lock. sock_hold()\n    does a get on the \"struct sock\".\n\n 2. iscsi_sw_tcp_release_conn() does sockfd_put() which does the last put\n    on the \"struct socket\" and that does __sock_release() which sets the\n    sock-\u003eops to NULL.\n\n 3. iscsi_sw_tcp_conn_get_param() and iscsi_sw_tcp_host_get_param() then\n    call kernel_getpeername() which accesses the NULL sock-\u003eops.\n\nAbove we do a get on the \"struct sock\", but we needed a get on the \"struct\nsocket\". Originally, we just held the frwd_lock the entire time but in\ncommit bcf3a2953d36 (\"scsi: iscsi: iscsi_tcp: Avoid holding spinlock while\ncalling getpeername()\") we switched to refcount based because the network\nlayer changed and started taking a mutex in that path, so we could no\nlonger hold the frwd_lock.\n\nInstead of trying to maintain multiple refcounts, this just has us use a\nmutex for accessing the socket in the interface code paths.",
  "id": "GHSA-f7xj-99j9-66q2",
  "modified": "2026-01-16T21:30:28Z",
  "published": "2025-10-01T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50459"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0a0b861fce2657ba08ec356a74346b37ca4b2008"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/57569c37f0add1b6489e1a1563c71519daf732cf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/884a788f065578bb640382279a83d1df433b13e6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/897dbbc57d71e8a34ec1af8e573a142de457da38"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a26b0658751bb0a3b28386fca715333b104d32a2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F83P-7QXR-CXPG

Vulnerability from github – Published: 2025-03-17 18:31 – Updated: 2025-03-17 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()

It will cause null-ptr-deref in resource_size(), if platform_get_resource() returns NULL, move calling resource_size() after devm_ioremap_resource() that will check 'res' to avoid null-ptr-deref.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49491"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:25Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/rockchip: vop: fix possible null-ptr-deref in vop_bind()\n\nIt will cause null-ptr-deref in resource_size(), if platform_get_resource()\nreturns NULL, move calling resource_size() after devm_ioremap_resource() that\nwill check \u0027res\u0027 to avoid null-ptr-deref.",
  "id": "GHSA-f83p-7qxr-cxpg",
  "modified": "2025-03-17T18:31:51Z",
  "published": "2025-03-17T18:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49491"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3451852312303d54a003c73bd0ae39cebb960bd5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/452922955df215a417c80d09dab72bbc667a1861"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6ff986e057bf28e2f7690dad410768b2270f9453"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/769c53bb6116d0eaec0f1fe4ec4b27a74465cad1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a9b4599665e437de8a1152799c34841b799a2e1c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b54926bd558d97c888c3d2d87886f3c159d3254a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ecfa52654d0c9c333c1fe1611f47105f6bce9591"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f8c242908ad15bbd604d3bcb54961b7d454c43f8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fcd6a886443730c39170b8383411e52118aec0a3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F8CP-6XG3-M3RG

Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13
VLAI
Details

QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9503"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-16T22:29:00Z",
    "severity": "MODERATE"
  },
  "details": "QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.",
  "id": "GHSA-f8cp-6xg3-m3rg",
  "modified": "2022-05-13T01:13:42Z",
  "published": "2022-05-13T01:13:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9503"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459477"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/06/08/1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99010"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F8F6-M278-2WGP

Vulnerability from github – Published: 2022-05-17 00:47 – Updated: 2025-04-20 03:45
VLAI
Details

A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14641"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-21T17:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.",
  "id": "GHSA-f8f6-m278-2wgp",
  "modified": "2025-04-20T03:45:41Z",
  "published": "2022-05-17T00:47:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14641"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/184"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/commit/41cad602709436628f07b4c4f64e9ff7a611f687"
    },
    {
      "type": "WEB",
      "url": "https://blogs.gentoo.org/ago/2017/09/14/bento4-null-pointer-dereference-in-ap4_dataatomap4_dataatom-ap4metadata-cpp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F8G6-PM49-2RCV

Vulnerability from github – Published: 2026-01-14 15:33 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf

A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_address(in_token->pages[0]) for the initial memcpy, which can dereference NULL even when the copy length is 0. Guard the first memcpy so it only runs when length > 0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-71120"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-14T15:16:01Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf\n\nA zero length gss_token results in pages == 0 and in_token-\u003epages[0]\nis NULL. The code unconditionally evaluates\npage_address(in_token-\u003epages[0]) for the initial memcpy, which can\ndereference NULL even when the copy length is 0. Guard the first\nmemcpy so it only runs when length \u003e 0.",
  "id": "GHSA-f8g6-pm49-2rcv",
  "modified": "2026-07-14T15:31:32Z",
  "published": "2026-01-14T15:33:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71120"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1c8bb965e9b0559ff0f5690615a527c30f651dd8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4dedb6a11243a5c9eb9dbb97bca3c98bd725e83d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7452d53f293379e2c38cfa8ad0694aa46fc4788b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a2c6f25ab98b423f99ccd94874d655b8bcb01a19"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a8f1e445ce3545c90d69c9e8ff8f7821825fe810"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d4b69a6186b215d2dc1ebcab965ed88e8d41768d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f9e53f69ac3bc4ef568b08d3542edac02e83fefd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F8H2-HW8X-2JH9

Vulnerability from github – Published: 2026-07-08 18:31 – Updated: 2026-07-08 21:30
VLAI
Details

A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service. The issue occurs when sqlite3changeset_apply_v3() applies a corrupt changeset and reaches sqlite3_value_type() with a NULL sqlite3_value pointer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-50812"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-08T18:16:32Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service. The issue occurs when sqlite3changeset_apply_v3() applies a corrupt changeset and reaches sqlite3_value_type() with a NULL sqlite3_value pointer.",
  "id": "GHSA-f8h2-hw8x-2jh9",
  "modified": "2026-07-08T21:30:27Z",
  "published": "2026-07-08T18:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50812"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sqlite/sqlite/commit/b869ed6b067d623cb1383549f2a18aa35508385d"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/junius-sec/bb556f333957c5226dede314db0e9e91"
    },
    {
      "type": "WEB",
      "url": "https://sqlite.org/src/info/e807d4e3798efd53"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F8J8-3MMQ-3XXF

Vulnerability from github – Published: 2022-05-14 01:06 – Updated: 2022-05-14 01:06
VLAI
Details

An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-0490"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-05T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting.",
  "id": "GHSA-f8j8-3mmq-3xxf",
  "modified": "2022-05-14T01:06:13Z",
  "published": "2022-05-14T01:06:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0490"
    },
    {
      "type": "WEB",
      "url": "https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915"
    },
    {
      "type": "WEB",
      "url": "https://trac.torproject.org/projects/tor/ticket/25074"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4183"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F8JP-2QGX-V4HF

Vulnerability from github – Published: 2023-10-03 06:30 – Updated: 2024-04-04 08:02
VLAI
Details

Transient DOS in Modem while allocating DSM items.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-24847"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-03T06:15:22Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS in Modem while allocating DSM items.",
  "id": "GHSA-f8jp-2qgx-v4hf",
  "modified": "2024-04-04T08:02:39Z",
  "published": "2023-10-03T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24847"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F8M5-X3MV-32WR

Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2024-12-30 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: hantro: Check whether reset op is defined before use

The i.MX8MM/N/P does not define the .reset op since reset of the VPU is done by genpd. Check whether the .reset op is defined before calling it to avoid NULL pointer dereference.

Note that the Fixes tag is set to the commit which removed the reset op from i.MX8M Hantro G2 implementation, this is because before this commit all the implementations did define the .reset op.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52850"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T16:15:22Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: hantro: Check whether reset op is defined before use\n\nThe i.MX8MM/N/P does not define the .reset op since reset of the VPU is\ndone by genpd. Check whether the .reset op is defined before calling it\nto avoid NULL pointer dereference.\n\nNote that the Fixes tag is set to the commit which removed the reset op\nfrom i.MX8M Hantro G2 implementation, this is because before this commit\nall the implementations did define the .reset op.",
  "id": "GHSA-f8m5-x3mv-32wr",
  "modified": "2024-12-30T21:30:46Z",
  "published": "2024-05-21T18:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52850"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/24c06295f28335ced3aad53dd4b0a0bae7b9b100"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/64f55cebb4339ae771e9e7f3f42bee2489e2fa00"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/66b4c5f980d741f3a47e4b65eeaf2797f2d59294"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/88d4b23a629ebd34f682f770cb6c2116c851f7b8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.