Total
4853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52770 | 1 Linux | 1 Linux Kernel | 2025-01-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
f2fs: split initial and dynamic conditions for extent_cache
Let's allocate the extent_cache tree without dynamic conditions to avoid a
missing condition causing a panic as below.
# create a file w/ a compressed flag
# disable the compression
# panic while updating extent_cache
F2FS-fs (dm-64): Swapfile: last extent is not aligned to section
F2FS-fs (dm-64): Swapfile (3) is not align to section: 1) creat(), 2) ioctl(F2FS_I ...
Show More |
|||||
| CVE-2023-52767 | 1 Linux | 1 Linux Kernel | 2025-01-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
tls: fix NULL deref on tls_sw_splice_eof() with empty record
syzkaller discovered that if tls_sw_splice_eof() is executed as part of
sendfile() when the plaintext/ciphertext sk_msg are empty, the send path
gets confused because the empty ciphertext buffer does not have enough
space for the encryption overhead. This causes tls_push_record() to go on
the `split = true` path (which is only supposed to be used when interacting
wit ...
Show More |
|||||
| CVE-2024-56318 | 2025-01-02 | N/A | 7.5 HIGH | ||
|
In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before 27ca6ec, there is a NULL pointer dereference in TCPBase::ProcessSingleMessage via TCP packets with zero messageSize, leading to denial of service.
|
|||||
| CVE-2024-23808 | 1 Openatom | 1 Openharmony | 2025-01-02 | N/A | 5.2 MEDIUM |
|
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference.
|
|||||
| CVE-2024-31078 | 1 Openatom | 1 Openharmony | 2025-01-02 | N/A | 3.3 LOW |
|
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference.
|
|||||
| CVE-2023-52833 | 1 Linux | 1 Linux Kernel | 2024-12-31 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btusb: Add date->evt_skb is NULL check
fix crash because of null pointers
[ 6104.969662] BUG: kernel NULL pointer dereference, address: 00000000000000c8
[ 6104.969667] #PF: supervisor read access in kernel mode
[ 6104.969668] #PF: error_code(0x0000) - not-present page
[ 6104.969670] PGD 0 P4D 0
[ 6104.969673] Oops: 0000 [#1] SMP NOPTI
[ 6104.969684] RIP: 0010:btusb_mtk_hci_wmt_sync+0x144/0x220 [btusb]
[ 6104.969688 ...
Show More |
|||||
| CVE-2022-48710 | 1 Linux | 1 Linux Kernel | 2024-12-31 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/radeon: fix a possible null pointer dereference
In radeon_fp_native_mode(), the return value of drm_mode_duplicate()
is assigned to mode, which will lead to a NULL pointer dereference
on failure of drm_mode_duplicate(). Add a check to avoid npd.
The failure status of drm_cvt_mode() on the other path is checked too.
|
|||||
| CVE-2022-48708 | 1 Linux | 1 Linux Kernel | 2024-12-31 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: single: fix potential NULL dereference
Added checking of pointer "function" in pcs_set_mux().
pinmux_generic_get_function() can return NULL and the pointer
"function" was dereferenced without checking against NULL.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
|
|||||
| CVE-2022-48707 | 1 Linux | 1 Linux Kernel | 2024-12-31 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
cxl/region: Fix null pointer dereference for resetting decoder
Not all decoders have a reset callback.
The CXL specification allows a host bridge with a single root port to
have no explicit HDM decoders. Currently the region driver assumes there
are none. As such the CXL core creates a special pass through decoder
instance without a commit/reset callback.
Prior to this patch, the ->reset() callback was called unconditionall ...
Show More |
|||||
| CVE-2021-47418 | 1 Linux | 1 Linux Kernel | 2024-12-31 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net_sched: fix NULL deref in fifo_set_limit()
syzbot reported another NULL deref in fifo_set_limit() [1]
I could repro the issue with :
unshare -n
tc qd add dev lo root handle 1:0 tbf limit 200000 burst 70000 rate 100Mbit
tc qd replace dev lo parent 1:0 pfifo_fast
tc qd change dev lo root handle 1:0 tbf limit 300000 burst 70000 rate 100Mbit
pfifo_fast does not have a change() operation.
Make fifo_set_limit() more robust abo ...
Show More |
|||||
| CVE-2023-52841 | 1 Linux | 1 Linux Kernel | 2024-12-31 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
media: vidtv: mux: Add check and kfree for kstrdup
Add check for the return value of kstrdup() and return the error
if it fails in order to avoid NULL pointer dereference.
Moreover, use kfree() in the later error handling in order to avoid
memory leak.
|
|||||
| CVE-2024-20661 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-12-31 | N/A | 7.5 HIGH |
|
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
|
|||||
| CVE-2021-47415 | 1 Linux | 1 Linux Kernel | 2024-12-31 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
iwlwifi: mvm: Fix possible NULL dereference
In __iwl_mvm_remove_time_event() check that 'te_data->vif' is NULL
before dereferencing it.
|
|||||
| CVE-2023-52849 | 1 Linux | 1 Linux Kernel | 2024-12-30 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
cxl/mem: Fix shutdown order
Ira reports that removing cxl_mock_mem causes a crash with the following
trace:
BUG: kernel NULL pointer dereference, address: 0000000000000044
[..]
RIP: 0010:cxl_region_decode_reset+0x7f/0x180 [cxl_core]
[..]
Call Trace:
<TASK>
cxl_region_detach+0xe8/0x210 [cxl_core]
cxl_decoder_kill_region+0x27/0x40 [cxl_core]
cxld_unregister+0x29/0x40 [cxl_core]
devres_release_all+0xb8/0x110
dev ...
Show More |
|||||
| CVE-2023-52850 | 1 Linux | 1 Linux Kernel | 2024-12-30 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
media: hantro: Check whether reset op is defined before use
The i.MX8MM/N/P does not define the .reset op since reset of the VPU is
done by genpd. Check whether the .reset op is defined before calling it
to avoid NULL pointer dereference.
Note that the Fixes tag is set to the commit which removed the reset op
from i.MX8M Hantro G2 implementation, this is because before this commit
all the implementations did define the .reset ...
Show More |
|||||
| CVE-2023-52826 | 1 Linux | 1 Linux Kernel | 2024-12-30 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference
In tpg110_get_modes(), the return value of drm_mode_duplicate() is
assigned to mode, which will lead to a NULL pointer dereference on
failure of drm_mode_duplicate(). Add a check to avoid npd.
|
|||||
| CVE-2021-47409 | 1 Linux | 1 Linux Kernel | 2024-12-30 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc2: check return value after calling platform_get_resource()
It will cause null-ptr-deref if platform_get_resource() returns NULL,
we need check the return value.
|
|||||
| CVE-2021-47413 | 1 Linux | 1 Linux Kernel | 2024-12-30 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle
When passing 'phys' in the devicetree to describe the USB PHY phandle
(which is the recommended way according to
Documentation/devicetree/bindings/usb/ci-hdrc-usb2.txt) the
following NULL pointer dereference is observed on i.MX7 and i.MX8MM:
[ 1.489344] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000098
[ 1.498170] Mem abort inf ...
Show More |
|||||
| CVE-2021-47233 | 1 Linux | 1 Linux Kernel | 2024-12-30 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
regulator: rt4801: Fix NULL pointer dereference if priv->enable_gpios is NULL
devm_gpiod_get_array_optional may return NULL if no GPIO was assigned.
|
|||||
| CVE-2024-35902 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-12-30 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net/rds: fix possible cp null dereference
cp might be null, calling cp->cp_conn would produce null dereference
[Simon Horman adds:]
Analysis:
* cp is a parameter of __rds_rdma_map and is not reassigned.
* The following call-sites pass a NULL cp argument to __rds_rdma_map()
- rds_get_mr()
- rds_get_mr_for_dest
* Prior to the code above, the following assumes that cp may be NULL
(which is indicative, but could itself ...
Show More |
|||||
| CVE-2024-35907 | 1 Linux | 1 Linux Kernel | 2024-12-30 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
mlxbf_gige: call request_irq() after NAPI initialized
The mlxbf_gige driver encounters a NULL pointer exception in
mlxbf_gige_open() when kdump is enabled. The sequence to reproduce
the exception is as follows:
a) enable kdump
b) trigger kdump via "echo c > /proc/sysrq-trigger"
c) kdump kernel executes
d) kdump kernel loads mlxbf_gige module
e) the mlxbf_gige module runs its open() as the
the "oob_net0" interface is brough ...
Show More |
|||||
| CVE-2024-35851 | 1 Linux | 1 Linux Kernel | 2024-12-30 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: qca: fix NULL-deref on non-serdev suspend
Qualcomm ROME controllers can be registered from the Bluetooth line
discipline and in this case the HCI UART serdev pointer is NULL.
Add the missing sanity check to prevent a NULL-pointer dereference when
wakeup() is called for a non-serdev controller during suspend.
Just return true for now to restore the original behaviour and address
the crash with pre-6.2 kernels, whic ...
Show More |
|||||
| CVE-2024-35850 | 1 Linux | 1 Linux Kernel | 2024-12-30 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: qca: fix NULL-deref on non-serdev setup
Qualcomm ROME controllers can be registered from the Bluetooth line
discipline and in this case the HCI UART serdev pointer is NULL.
Add the missing sanity check to prevent a NULL-pointer dereference when
setup() is called for a non-serdev controller.
|
|||||
| CVE-2024-35846 | 1 Linux | 1 Linux Kernel | 2024-12-30 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
mm: zswap: fix shrinker NULL crash with cgroup_disable=memory
Christian reports a NULL deref in zswap that he bisected down to the zswap
shrinker. The issue also cropped up in the bug trackers of libguestfs [1]
and the Red Hat bugzilla [2].
The problem is that when memcg is disabled with the boot time flag, the
zswap shrinker might get called with sc->memcg == NULL. This is okay in
many places, like the lruvec operations. ...
Show More |
|||||
| CVE-2024-35874 | 1 Linux | 1 Linux Kernel | 2024-12-30 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
aio: Fix null ptr deref in aio_complete() wakeup
list_del_init_careful() needs to be the last access to the wait queue
entry - it effectively unlocks access.
Previously, finish_wait() would see the empty list head and skip taking
the lock, and then we'd return - but the completion path would still
attempt to do the wakeup after the task_struct pointer had been
overwritten.
|
|||||
| CVE-2024-35891 | 1 Linux | 1 Linux Kernel | 2024-12-30 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net: phy: micrel: Fix potential null pointer dereference
In lan8814_get_sig_rx() and lan8814_get_sig_tx() ptp_parse_header() may
return NULL as ptp_header due to abnormal packet type or corrupted packet.
Fix this bug by adding ptp_header check.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
|
|||||
| CVE-2021-47279 | 1 Linux | 1 Linux Kernel | 2024-12-26 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
usb: misc: brcmstb-usb-pinmap: check return value after calling platform_get_resource()
It will cause null-ptr-deref if platform_get_resource() returns NULL,
we need check the return value.
|
|||||
| CVE-2021-47273 | 1 Linux | 1 Linux Kernel | 2024-12-26 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3-meson-g12a: fix usb2 PHY glue init when phy0 is disabled
When only PHY1 is used (for example on Odroid-HC4), the regmap init code
uses the usb2 ports when doesn't initialize the PHY1 regmap entry.
This fixes:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020
...
pc : regmap_update_bits_base+0x40/0xa0
lr : dwc3_meson_g12a_usb2_init_phy+0x4c/0xf8
...
Call trace:
regmap_update_bits_ba ...
Show More |
|||||
| CVE-2021-47266 | 1 Linux | 1 Linux Kernel | 2024-12-26 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
RDMA/ipoib: Fix warning caused by destroying non-initial netns
After the commit 5ce2dced8e95 ("RDMA/ipoib: Set rtnl_link_ops for ipoib
interfaces"), if the IPoIB device is moved to non-initial netns,
destroying that netns lets the device vanish instead of moving it back to
the initial netns, This is happening because default_device_exit() skips
the interfaces due to having rtnl_link_ops set.
Steps to reporoduce:
ip netns ad ...
Show More |
|||||
| CVE-2021-47362 | 1 Linux | 1 Linux Kernel | 2024-12-26 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: Update intermediate power state for SI
Update the current state as boot state during dpm initialization.
During the subsequent initialization, set_power_state gets called to
transition to the final power state. set_power_state refers to values
from the current state and without current state populated, it could
result in NULL pointer dereference.
For ex: on platforms where PCI speed change is supported through ACP ...
Show More |
|||||
| CVE-2021-47307 | 1 Linux | 1 Linux Kernel | 2024-12-26 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
cifs: prevent NULL deref in cifs_compose_mount_options()
The optional @ref parameter might contain an NULL node_name, so
prevent dereferencing it in cifs_compose_mount_options().
Addresses-Coverity: 1476408 ("Explicit null dereferenced")
|
|||||
| CVE-2021-47260 | 1 Linux | 1 Linux Kernel | 2024-12-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix a potential NULL dereference in nfs_get_client()
None of the callers are expecting NULL returns from nfs_get_client() so
this code will lead to an Oops. It's better to return an error
pointer. I expect that this is dead code so hopefully no one is
affected.
|
|||||
| CVE-2021-47264 | 1 Linux | 1 Linux Kernel | 2024-12-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ASoC: core: Fix Null-point-dereference in fmt_single_name()
Check the return value of devm_kstrdup() in case of
Null-point-dereference.
|
|||||
| CVE-2021-47269 | 1 Linux | 1 Linux Kernel | 2024-12-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: ep0: fix NULL pointer exception
There is no validation of the index from dwc3_wIndex_to_dep() and we might
be referring a non-existing ep and trigger a NULL pointer exception. In
certain configurations we might use fewer eps and the index might wrongly
indicate a larger ep index than existing.
By adding this validation from the patch we can actually report a wrong
index back to the caller.
In our usecase we are us ...
Show More |
|||||
| CVE-2021-47270 | 1 Linux | 1 Linux Kernel | 2024-12-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
usb: fix various gadgets null ptr deref on 10gbps cabling.
This avoids a null pointer dereference in
f_{ecm,eem,hid,loopback,printer,rndis,serial,sourcesink,subset,tcm}
by simply reusing the 5gbps config for 10gbps.
|
|||||
| CVE-2021-47316 | 1 Linux | 1 Linux Kernel | 2024-12-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix NULL dereference in nfs3svc_encode_getaclres
In error cases the dentry may be NULL.
Before 20798dfe249a, the encoder also checked dentry and
d_really_is_positive(dentry), but that looks like overkill to me--zero
status should be enough to guarantee a positive dentry.
This isn't the first time we've seen an error-case NULL dereference
hidden in the initialization of a local variable in an xdr encoder. But
I went ba ...
Show More |
|||||
| CVE-2021-47331 | 1 Linux | 1 Linux Kernel | 2024-12-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
usb: common: usb-conn-gpio: fix NULL pointer dereference of charger
When power on system with OTG cable, IDDIG's interrupt arises before
the charger registration, it will cause a NULL pointer dereference,
fix the issue by registering the power supply before requesting
IDDIG/VBUS irq.
|
|||||
| CVE-2021-47332 | 1 Linux | 1 Linux Kernel | 2024-12-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usx2y: Don't call free_pages_exact() with NULL address
Unlike some other functions, we can't pass NULL pointer to
free_pages_exact(). Add a proper NULL check for avoiding possible
Oops.
|
|||||
| CVE-2021-47337 | 1 Linux | 1 Linux Kernel | 2024-12-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
Commit 66a834d09293 ("scsi: core: Fix error handling of scsi_host_alloc()")
changed the allocation logic to call put_device() to perform host cleanup
with the assumption that IDA removal and stopping the kthread would
properly be performed in scsi_host_dev_release(). However, in the unlikely
case that the error handler thread fails to spawn, shost->ehandl ...
Show More |
|||||
| CVE-2021-47353 | 1 Linux | 1 Linux Kernel | 2024-12-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
udf: Fix NULL pointer dereference in udf_symlink function
In function udf_symlink, epos.bh is assigned with the value returned
by udf_tgetblk. The function udf_tgetblk is defined in udf/misc.c
and returns the value of sb_getblk function that could be NULL.
Then, epos.bh is used without any check, causing a possible
NULL pointer dereference when sb_getblk fails.
This fix adds a check to validate the value of epos.bh.
|
|||||