Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-38605

Summary
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At-19 Jun, 2024 | 13:48
Updated At-04 May, 2025 | 09:15
Rejected At-
Credits

ALSA: core: Fix NULL module pointer assignment at card init

In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b ("ALSA: core: Warn on empty module") introduced a WARN_ON() for a NULL module pointer passed at snd_card object creation, and it also wraps the code around it with '#ifdef MODULE'. This works in most cases, but the devils are always in details. "MODULE" is defined when the target code (i.e. the sound core) is built as a module; but this doesn't mean that the caller is also built-in or not. Namely, when only the sound core is built-in (CONFIG_SND=y) while the driver is a module (CONFIG_SND_USB_AUDIO=m), the passed module pointer is ignored even if it's non-NULL, and card->module remains as NULL. This would result in the missing module reference up/down at the device open/close, leading to a race with the code execution after the module removal. For addressing the bug, move the assignment of card->module again out of ifdef. The WARN_ON() is still wrapped with ifdef because the module can be really NULL when all sound drivers are built-in. Note that we keep 'ifdef MODULE' for WARN_ON(), otherwise it would lead to a false-positive NULL module check. Admittedly it won't catch perfectly, i.e. no check is performed when CONFIG_SND=y. But, it's no real problem as it's only for debugging, and the condition is pretty rare.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Linux
Assigner Org ID:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:19 Jun, 2024 | 13:48
Updated At:04 May, 2025 | 09:15
Rejected At:
▼CVE Numbering Authority (CNA)
ALSA: core: Fix NULL module pointer assignment at card init

In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b ("ALSA: core: Warn on empty module") introduced a WARN_ON() for a NULL module pointer passed at snd_card object creation, and it also wraps the code around it with '#ifdef MODULE'. This works in most cases, but the devils are always in details. "MODULE" is defined when the target code (i.e. the sound core) is built as a module; but this doesn't mean that the caller is also built-in or not. Namely, when only the sound core is built-in (CONFIG_SND=y) while the driver is a module (CONFIG_SND_USB_AUDIO=m), the passed module pointer is ignored even if it's non-NULL, and card->module remains as NULL. This would result in the missing module reference up/down at the device open/close, leading to a race with the code execution after the module removal. For addressing the bug, move the assignment of card->module again out of ifdef. The WARN_ON() is still wrapped with ifdef because the module can be really NULL when all sound drivers are built-in. Note that we keep 'ifdef MODULE' for WARN_ON(), otherwise it would lead to a false-positive NULL module check. Admittedly it won't catch perfectly, i.e. no check is performed when CONFIG_SND=y. But, it's no real problem as it's only for debugging, and the condition is pretty rare.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • sound/core/init.c
Default Status
unaffected
Versions
Affected
  • From 81033c6b584b44514cbb16fffc26ca29a0fa6270 before d7ff29a429b56f04783152ad7bbd7233b740e434 (git)
  • From 81033c6b584b44514cbb16fffc26ca29a0fa6270 before e7e0ca200772bdb2fdc6d43d32d341e87a36f811 (git)
  • From 81033c6b584b44514cbb16fffc26ca29a0fa6270 before e007476725730c1a68387b54b7629486d8a8301e (git)
  • From 81033c6b584b44514cbb16fffc26ca29a0fa6270 before e644036a3e2b2c9b3eee3c61b5d31c2ca8b5ba92 (git)
  • From 81033c6b584b44514cbb16fffc26ca29a0fa6270 before c935e72139e6d523defd60fe875c01eb1f9ea5c5 (git)
  • From 81033c6b584b44514cbb16fffc26ca29a0fa6270 before 6b8374ee2cabcf034faa34e69a855dc496a9ec12 (git)
  • From 81033c6b584b44514cbb16fffc26ca29a0fa6270 before 39381fe7394e5eafac76e7e9367e7351138a29c1 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • sound/core/init.c
Default Status
affected
Versions
Affected
  • 5.9
Unaffected
  • From 0 before 5.9 (semver)
  • From 5.10.219 through 5.10.* (semver)
  • From 5.15.161 through 5.15.* (semver)
  • From 6.1.93 through 6.1.* (semver)
  • From 6.6.33 through 6.6.* (semver)
  • From 6.8.12 through 6.8.* (semver)
  • From 6.9.3 through 6.9.* (semver)
  • From 6.10 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://git.kernel.org/stable/c/d7ff29a429b56f04783152ad7bbd7233b740e434
N/A
https://git.kernel.org/stable/c/e7e0ca200772bdb2fdc6d43d32d341e87a36f811
N/A
https://git.kernel.org/stable/c/e007476725730c1a68387b54b7629486d8a8301e
N/A
https://git.kernel.org/stable/c/e644036a3e2b2c9b3eee3c61b5d31c2ca8b5ba92
N/A
https://git.kernel.org/stable/c/c935e72139e6d523defd60fe875c01eb1f9ea5c5
N/A
https://git.kernel.org/stable/c/6b8374ee2cabcf034faa34e69a855dc496a9ec12
N/A
https://git.kernel.org/stable/c/39381fe7394e5eafac76e7e9367e7351138a29c1
N/A
Hyperlink: https://git.kernel.org/stable/c/d7ff29a429b56f04783152ad7bbd7233b740e434
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/e7e0ca200772bdb2fdc6d43d32d341e87a36f811
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/e007476725730c1a68387b54b7629486d8a8301e
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/e644036a3e2b2c9b3eee3c61b5d31c2ca8b5ba92
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/c935e72139e6d523defd60fe875c01eb1f9ea5c5
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/6b8374ee2cabcf034faa34e69a855dc496a9ec12
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/39381fe7394e5eafac76e7e9367e7351138a29c1
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
Linux Kernel Organization, Inclinux
Product
linux_kernel
CPEs
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 81033c6b584b before d7ff29a429b5 (custom)
Vendor
Linux Kernel Organization, Inclinux
Product
linux_kernel
CPEs
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 81033c6b584b before e7e0ca200772 (custom)
Vendor
Linux Kernel Organization, Inclinux
Product
linux_kernel
CPEs
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 81033c6b584b before e00747672573 (custom)
Vendor
Linux Kernel Organization, Inclinux
Product
linux_kernel
CPEs
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 81033c6b584b before e644036a3e2b (custom)
Vendor
Linux Kernel Organization, Inclinux
Product
linux_kernel
CPEs
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 81033c6b584b before c935e72139e6 (custom)
Vendor
Linux Kernel Organization, Inclinux
Product
linux_kernel
CPEs
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 81033c6b584b before 6b8374ee2cab (custom)
Vendor
Linux Kernel Organization, Inclinux
Product
linux_kernel
CPEs
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 81033c6b584b before 39381fe7394e (custom)
Vendor
Linux Kernel Organization, Inclinux
Product
linux_kernel
CPEs
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 5.9
Vendor
Linux Kernel Organization, Inclinux
Product
linux_kernel
CPEs
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Unaffected
  • From 0 before 5.9 (custom)
Vendor
Linux Kernel Organization, Inclinux
Product
linux_kernel
CPEs
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Unaffected
  • From 5.10.219 through 5.11 (custom)
Vendor
Linux Kernel Organization, Inclinux
Product
linux_kernel
CPEs
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Unaffected
  • From 5.15.161 through 5.16 (custom)
Vendor
Linux Kernel Organization, Inclinux
Product
linux_kernel
CPEs
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Unaffected
  • From 6.1.93 through 6.2 (custom)
Vendor
Linux Kernel Organization, Inclinux
Product
linux_kernel
CPEs
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Unaffected
  • From 6.6.33 through 6.7 (custom)
Vendor
Linux Kernel Organization, Inclinux
Product
linux_kernel
CPEs
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Unaffected
  • From 6.8.12 through 6.9 (custom)
Vendor
Linux Kernel Organization, Inclinux
Product
linux_kernel
CPEs
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Unaffected
  • From 6.9.3 through 6.7 (custom)
Vendor
Linux Kernel Organization, Inclinux
Product
linux_kernel
CPEs
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Unaffected
  • 6.10-rc1
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476 NULL Pointer Dereference
Type: CWE
CWE ID: CWE-476
Description: CWE-476 NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://git.kernel.org/stable/c/d7ff29a429b56f04783152ad7bbd7233b740e434
x_transferred
https://git.kernel.org/stable/c/e7e0ca200772bdb2fdc6d43d32d341e87a36f811
x_transferred
https://git.kernel.org/stable/c/e007476725730c1a68387b54b7629486d8a8301e
x_transferred
https://git.kernel.org/stable/c/e644036a3e2b2c9b3eee3c61b5d31c2ca8b5ba92
x_transferred
https://git.kernel.org/stable/c/c935e72139e6d523defd60fe875c01eb1f9ea5c5
x_transferred
https://git.kernel.org/stable/c/6b8374ee2cabcf034faa34e69a855dc496a9ec12
x_transferred
https://git.kernel.org/stable/c/39381fe7394e5eafac76e7e9367e7351138a29c1
x_transferred
Hyperlink: https://git.kernel.org/stable/c/d7ff29a429b56f04783152ad7bbd7233b740e434
Resource:
x_transferred
Hyperlink: https://git.kernel.org/stable/c/e7e0ca200772bdb2fdc6d43d32d341e87a36f811
Resource:
x_transferred
Hyperlink: https://git.kernel.org/stable/c/e007476725730c1a68387b54b7629486d8a8301e
Resource:
x_transferred
Hyperlink: https://git.kernel.org/stable/c/e644036a3e2b2c9b3eee3c61b5d31c2ca8b5ba92
Resource:
x_transferred
Hyperlink: https://git.kernel.org/stable/c/c935e72139e6d523defd60fe875c01eb1f9ea5c5
Resource:
x_transferred
Hyperlink: https://git.kernel.org/stable/c/6b8374ee2cabcf034faa34e69a855dc496a9ec12
Resource:
x_transferred
Hyperlink: https://git.kernel.org/stable/c/39381fe7394e5eafac76e7e9367e7351138a29c1
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:19 Jun, 2024 | 14:15
Updated At:01 Apr, 2025 | 18:26

In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b ("ALSA: core: Warn on empty module") introduced a WARN_ON() for a NULL module pointer passed at snd_card object creation, and it also wraps the code around it with '#ifdef MODULE'. This works in most cases, but the devils are always in details. "MODULE" is defined when the target code (i.e. the sound core) is built as a module; but this doesn't mean that the caller is also built-in or not. Namely, when only the sound core is built-in (CONFIG_SND=y) while the driver is a module (CONFIG_SND_USB_AUDIO=m), the passed module pointer is ignored even if it's non-NULL, and card->module remains as NULL. This would result in the missing module reference up/down at the device open/close, leading to a race with the code execution after the module removal. For addressing the bug, move the assignment of card->module again out of ifdef. The WARN_ON() is still wrapped with ifdef because the module can be really NULL when all sound drivers are built-in. Note that we keep 'ifdef MODULE' for WARN_ON(), otherwise it would lead to a false-positive NULL module check. Admittedly it won't catch perfectly, i.e. no check is performed when CONFIG_SND=y. But, it's no real problem as it's only for debugging, and the condition is pretty rare.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches

Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.9(inclusive) to 5.10.219(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.11(inclusive) to 5.15.161(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.16(inclusive) to 6.1.93(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.2(inclusive) to 6.6.33(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.7(inclusive) to 6.8.12(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.9(inclusive) to 6.9.3(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-476
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://git.kernel.org/stable/c/39381fe7394e5eafac76e7e9367e7351138a29c1416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/6b8374ee2cabcf034faa34e69a855dc496a9ec12416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/c935e72139e6d523defd60fe875c01eb1f9ea5c5416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/d7ff29a429b56f04783152ad7bbd7233b740e434416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/e007476725730c1a68387b54b7629486d8a8301e416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/e644036a3e2b2c9b3eee3c61b5d31c2ca8b5ba92416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/e7e0ca200772bdb2fdc6d43d32d341e87a36f811416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/39381fe7394e5eafac76e7e9367e7351138a29c1af854a3a-2127-422b-91ae-364da2661108
Patch
https://git.kernel.org/stable/c/6b8374ee2cabcf034faa34e69a855dc496a9ec12af854a3a-2127-422b-91ae-364da2661108
Patch
https://git.kernel.org/stable/c/c935e72139e6d523defd60fe875c01eb1f9ea5c5af854a3a-2127-422b-91ae-364da2661108
Patch
https://git.kernel.org/stable/c/d7ff29a429b56f04783152ad7bbd7233b740e434af854a3a-2127-422b-91ae-364da2661108
Patch
https://git.kernel.org/stable/c/e007476725730c1a68387b54b7629486d8a8301eaf854a3a-2127-422b-91ae-364da2661108
Patch
https://git.kernel.org/stable/c/e644036a3e2b2c9b3eee3c61b5d31c2ca8b5ba92af854a3a-2127-422b-91ae-364da2661108
Patch
https://git.kernel.org/stable/c/e7e0ca200772bdb2fdc6d43d32d341e87a36f811af854a3a-2127-422b-91ae-364da2661108
Patch
Hyperlink: https://git.kernel.org/stable/c/39381fe7394e5eafac76e7e9367e7351138a29c1
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/6b8374ee2cabcf034faa34e69a855dc496a9ec12
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/c935e72139e6d523defd60fe875c01eb1f9ea5c5
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/d7ff29a429b56f04783152ad7bbd7233b740e434
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/e007476725730c1a68387b54b7629486d8a8301e
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/e644036a3e2b2c9b3eee3c61b5d31c2ca8b5ba92
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/e7e0ca200772bdb2fdc6d43d32d341e87a36f811
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/39381fe7394e5eafac76e7e9367e7351138a29c1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/6b8374ee2cabcf034faa34e69a855dc496a9ec12
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/c935e72139e6d523defd60fe875c01eb1f9ea5c5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/d7ff29a429b56f04783152ad7bbd7233b740e434
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/e007476725730c1a68387b54b7629486d8a8301e
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/e644036a3e2b2c9b3eee3c61b5d31c2ca8b5ba92
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/e7e0ca200772bdb2fdc6d43d32d341e87a36f811
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch

Change History

0
Information is not available yet

Similar CVEs

1346Records found

CVE-2023-28508
Matching Score-8
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-8
Assigner-Rapid7, Inc.
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.28%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 20:16
Updated-18 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap corruption in UniRPC service

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based overflow vulnerability, where certain input can corrupt the heap and crash the forked process.

Action-Not Available
Vendor-rocketsoftwareRocket SoftwareLinux Kernel Organization, Inc
Product-universeunidatalinux_kernelUniDataUniVerse
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-15901
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.77%
||
7 Day CHG~0.00%
Published-18 Oct, 2019 | 15:44
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext(3) call with flags to change the UID, primary GID, and secondary GIDs was replaced (on certain platforms: Linux and possibly NetBSD) with a single setuid(2) call. This resulted in neither changing the group id nor initializing secondary group ids.

Action-Not Available
Vendor-doas_projectn/aLinux Kernel Organization, Inc
Product-doaslinux_kerneln/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-27874
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.14% / 34.24%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 14:33
Updated-26 Feb, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex XML external entity injection

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-aspera_faspexlinux_kernelAspera Faspex
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2023-31036
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.19%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 17:11
Updated-17 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kerneltriton_inference_serverTriton Inference Server
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-2073
Matching Score-8
Assigner-ChromeOS Project
ShareView Details
Matching Score-8
Assigner-ChromeOS Project
CVSS Score-8.8||HIGH
EPSS-0.03% / 7.84%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 23:06
Updated-11 Jul, 2025 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelchrome_osChromeOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-47659
Matching Score-8
Assigner-kernel.org
ShareView Details
Matching Score-8
Assigner-kernel.org
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.74%
||
7 Day CHG~0.00%
Published-09 Oct, 2024 | 14:02
Updated-04 May, 2025 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
smack: tcp: ipv4, fix incorrect labeling

In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1) returned packets are incorrectly labeled ('foo' instead of 'bar') 2) 'bar' can write to 'foo' without being authorized to write. Here is a scenario how to see this: * Take two machines, let's call them C and S, with active Smack in the default state (no settings, no rules, no labeled hosts, only builtin labels) * At S, add Smack rule 'foo bar w' (labels 'foo' and 'bar' are instantiated at S at this moment) * At S, at label 'bar', launch a program that listens for incoming tcp/ipv4 connections * From C, at label 'foo', connect to the listener at S. (label 'foo' is instantiated at C at this moment) Connection succeedes and works. * Send some data in both directions. * Collect network traffic of this connection. All packets in both directions are labeled with the CIPSO of the label 'foo'. Hence, label 'bar' writes to 'foo' without being authorized, and even without ever being known at C. If anybody cares: exactly the same happens with DCCP. This behavior 1st manifested in release 2.6.29.4 (see Fixes below) and it looks unintentional. At least, no explanation was provided. I changed returned packes label into the 'bar', to bring it into line with the Smack documentation claims.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CVE-2021-47323
Matching Score-8
Assigner-kernel.org
ShareView Details
Matching Score-8
Assigner-kernel.org
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.87%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 14:35
Updated-04 May, 2025 | 07:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()

In the Linux kernel, the following vulnerability has been resolved: watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-Linuxlinux_kernel
CWE ID-CWE-416
Use After Free
CVE-2021-47347
Matching Score-8
Assigner-kernel.org
ShareView Details
Matching Score-8
Assigner-kernel.org
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.83%
||
7 Day CHG-0.03%
Published-21 May, 2024 | 14:35
Updated-04 May, 2025 | 07:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wl1251: Fix possible buffer overflow in wl1251_cmd_scan

In the Linux kernel, the following vulnerability has been resolved: wl1251: Fix possible buffer overflow in wl1251_cmd_scan Function wl1251_cmd_scan calls memcpy without checking the length. Harden by checking the length is within the maximum allowed size.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-Linux
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-35884
Matching Score-8
Assigner-kernel.org
ShareView Details
Matching Score-8
Assigner-kernel.org
CVSS Score-8.8||HIGH
EPSS-0.06% / 17.77%
||
7 Day CHG~0.00%
Published-19 May, 2024 | 08:34
Updated-04 May, 2025 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
udp: do not accept non-tunnel GSO skbs landing in a tunnel

In the Linux kernel, the following vulnerability has been resolved: udp: do not accept non-tunnel GSO skbs landing in a tunnel When rx-udp-gro-forwarding is enabled UDP packets might be GROed when being forwarded. If such packets might land in a tunnel this can cause various issues and udp_gro_receive makes sure this isn't the case by looking for a matching socket. This is performed in udp4/6_gro_lookup_skb but only in the current netns. This is an issue with tunneled packets when the endpoint is in another netns. In such cases the packets will be GROed at the UDP level, which leads to various issues later on. The same thing can happen with rx-gro-list. We saw this with geneve packets being GROed at the UDP level. In such case gso_size is set; later the packet goes through the geneve rx path, the geneve header is pulled, the offset are adjusted and frag_list skbs are not adjusted with regard to geneve. When those skbs hit skb_fragment, it will misbehave. Different outcomes are possible depending on what the GROed skbs look like; from corrupted packets to kernel crashes. One example is a BUG_ON[1] triggered in skb_segment while processing the frag_list. Because gso_size is wrong (geneve header was pulled) skb_segment thinks there is "geneve header size" of data in frag_list, although it's in fact the next packet. The BUG_ON itself has nothing to do with the issue. This is only one of the potential issues. Looking up for a matching socket in udp_gro_receive is fragile: the lookup could be extended to all netns (not speaking about performances) but nothing prevents those packets from being modified in between and we could still not find a matching socket. It's OK to keep the current logic there as it should cover most cases but we also need to make sure we handle tunnel packets being GROed too early. This is done by extending the checks in udp_unexpected_gso: GSO packets lacking the SKB_GSO_UDP_TUNNEL/_CSUM bits and landing in a tunnel must be segmented. [1] kernel BUG at net/core/skbuff.c:4408! RIP: 0010:skb_segment+0xd2a/0xf70 __udp_gso_segment+0xaa/0x560

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-Linux
CVE-2024-2975
Matching Score-8
Assigner-Octopus Deploy
ShareView Details
Matching Score-8
Assigner-Octopus Deploy
CVSS Score-8.8||HIGH
EPSS-0.30% / 52.75%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 01:02
Updated-02 Jul, 2025 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition was identified through which privilege escalation was possible in certain configurations.

Action-Not Available
Vendor-Linux Kernel Organization, IncOctopus Deploy Pty. Ltd.Microsoft Corporation
Product-windowsoctopus_serverlinux_kernelOctopus Serveroctopus_server
CWE ID-CWE-1223
Race Condition for Write-Once Attributes
CVE-2021-29907
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.29%
||
7 Day CHG~0.00%
Published-31 Aug, 2021 | 16:05
Updated-16 Sep, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowslinux_kernelopenpages_with_watsonOpenPages with Watson
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-47324
Matching Score-8
Assigner-kernel.org
ShareView Details
Matching Score-8
Assigner-kernel.org
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.52%
||
7 Day CHG-0.03%
Published-21 May, 2024 | 14:35
Updated-04 May, 2025 | 07:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
watchdog: Fix possible use-after-free in wdt_startup()

In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free in wdt_startup() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-Linuxlinux_kernel
CWE ID-CWE-416
Use After Free
CVE-2022-38387
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.22% / 45.00%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 18:16
Updated-01 May, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-cloud_pak_for_securitylinux_kernelCloud Pak for Security
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-43847
Matching Score-8
Assigner-kernel.org
ShareView Details
Matching Score-8
Assigner-kernel.org
CVSS Score-8.8||HIGH
EPSS-0.28% / 51.12%
||
7 Day CHG~0.00%
Published-17 Aug, 2024 | 09:22
Updated-04 May, 2025 | 09:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wifi: ath12k: fix invalid memory access while processing fragmented packets

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid memory access while processing fragmented packets The monitor ring and the reo reinject ring share the same ring mask index. When the driver receives an interrupt for the reo reinject ring, the monitor ring is also processed, leading to invalid memory access. Since monitor support is not yet enabled in ath12k, the ring mask for the monitor ring should be removed. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CVE-2020-3973
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-8.8||HIGH
EPSS-0.54% / 66.56%
||
7 Day CHG~0.00%
Published-08 Jul, 2020 | 13:46
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)
Product-linux_kernelvelocloud_orchestratorVMware SD-WAN by VeloCloud
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-4272
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-5.11% / 89.43%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-16 Sep, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted request specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-ForceID: 175898.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadarQradar
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-1545
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.21% / 43.26%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 23:02
Updated-04 Sep, 2024 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fault Injection of RSA encryption in WolfCrypt

Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.

Action-Not Available
Vendor-wolfsslWolfSSLwolfsslLinux Kernel Organization, IncMicrosoft Corporation
Product-windowswolfssllinux_kernelwolfCryptwolfcrypt
CWE ID-CWE-252
Unchecked Return Value
CWE ID-CWE-1256
Improper Restriction of Software Interfaces to Hardware Features
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-35854
Matching Score-8
Assigner-kernel.org
ShareView Details
Matching Score-8
Assigner-kernel.org
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.69%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 14:47
Updated-04 May, 2025 | 09:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end of the work if the number of credits is non-negative as the assumption is that this is indicative of migration being complete. This assumption is incorrect as a non-negative number of credits can also be the result of a failed migration. The destruction of a region that still has filters referencing it can result in a use-after-free [1]. Fix by not destroying the region if migration failed. [1] BUG: KASAN: slab-use-after-free in mlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230 Read of size 8 at addr ffff8881735319e8 by task kworker/0:31/3858 CPU: 0 PID: 3858 Comm: kworker/0:31 Tainted: G W 6.9.0-rc2-custom-00782-gf2275c2157d8 #5 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work Call Trace: <TASK> dump_stack_lvl+0xc6/0x120 print_report+0xce/0x670 kasan_report+0xd7/0x110 mlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230 mlxsw_sp_acl_ctcam_entry_del+0x2e/0x70 mlxsw_sp_acl_atcam_entry_del+0x81/0x210 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x3cd/0xb50 mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 174: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 __kmalloc+0x19c/0x360 mlxsw_sp_acl_tcam_region_create+0xdf/0x9c0 mlxsw_sp_acl_tcam_vregion_rehash_work+0x954/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30 Freed by task 7: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 poison_slab_object+0x102/0x170 __kasan_slab_free+0x14/0x30 kfree+0xc1/0x290 mlxsw_sp_acl_tcam_region_destroy+0x272/0x310 mlxsw_sp_acl_tcam_vregion_rehash_work+0x731/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30

Action-Not Available
Vendor-Linux Kernel Organization, IncDebian GNU/Linux
Product-linux_kerneldebian_linuxLinuxlinux_kernel
CWE ID-CWE-416
Use After Free
CVE-2024-39464
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.26%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 14:25
Updated-04 May, 2025 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
media: v4l: async: Fix notifier list entry init

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2_async_notifier has several list_head members, but only waiting_list and done_list are initialized. notifier_entry was kept 'zeroed' leading to an uninitialized list_head. This results in a NULL-pointer dereference if csi2_async_register() fails, e.g. node for remote endpoint is disabled, and returns -ENOTCONN. The following calls to v4l2_async_nf_unregister() results in a NULL pointer dereference. Add the missing list head initializer.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2011-1076
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.07% / 22.78%
||
7 Day CHG~0.00%
Published-05 Oct, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allows remote DNS servers to cause a denial of service (NULL pointer dereference and OOPS) by not providing a valid response to a DNS query, as demonstrated by an erroneous grand.centrall.org query, which triggers improper handling of error data within a DNS resolver key.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2011-1598
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 14.15%
||
7 Day CHG~0.00%
Published-09 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The bcm_release function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2011-0709
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.32% / 84.16%
||
7 Day CHG~0.00%
Published-18 Feb, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2011-1478
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.91% / 74.88%
||
7 Day CHG~0.00%
Published-23 Oct, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-39506
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.80%
||
7 Day CHG-0.03%
Published-12 Jul, 2024 | 12:20
Updated-04 May, 2025 | 09:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet

In the Linux kernel, the following vulnerability has been resolved: liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet In lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value, but then it is unconditionally passed to skb_add_rx_frag() which looks strange and could lead to null pointer dereference. lio_vf_rep_copy_packet() call trace looks like: octeon_droq_process_packets octeon_droq_fast_process_packets octeon_droq_dispatch_pkt octeon_create_recv_info ...search in the dispatch_list... ->disp_fn(rdisp->rinfo, ...) lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...) In this path there is no code which sets pg_info->page to NULL. So this check looks unneeded and doesn't solve potential problem. But I guess the author had reason to add a check and I have no such card and can't do real test. In addition, the code in the function liquidio_push_packet() in liquidio/lio_core.c does exactly the same. Based on this, I consider the most acceptable compromise solution to adjust this issue by moving skb_add_rx_frag() into conditional scope. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2011-1093
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.22% / 78.27%
||
7 Day CHG~0.00%
Published-18 Jul, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopenterprise_linux_ausenterprise_linux_eusn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-39504
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.28%
||
7 Day CHG-0.01%
Published-12 Jul, 2024 | 12:20
Updated-04 May, 2025 | 09:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
netfilter: nft_inner: validate mandatory meta and payload

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: validate mandatory meta and payload Check for mandatory netlink attributes in payload and meta expression when used embedded from the inner expression, otherwise NULL pointer dereference is possible from userspace.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-42122
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.72%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 07:46
Updated-11 Jul, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
drm/amd/display: Add NULL pointer check for kzalloc

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL pointer check for kzalloc [Why & How] Check return pointer of kzalloc before using it.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-42101
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 20.21%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 07:45
Updated-04 May, 2025 | 09:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes In nouveau_connector_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-38584
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.39%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 13:37
Updated-04 May, 2025 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe()

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe() In the prueth_probe() function, if one of the calls to emac_phy_connect() fails due to of_phy_connect() returning NULL, then the subsequent call to phy_attached_info() will dereference a NULL pointer. Check the return code of emac_phy_connect and fail cleanly if there is an error.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-42089
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.34%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 16:26
Updated-04 May, 2025 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASoC: fsl-asoc-card: set priv->pdev before using it

In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl-asoc-card: set priv->pdev before using it priv->pdev pointer was set after being used in fsl_asoc_card_audmux_init(). Move this assignment at the start of the probe function, so sub-functions can correctly use pdev through priv. fsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the dev struct, used with dev_err macros. As priv is zero-initialised, there would be a NULL pointer dereference. Note that if priv->dev is dereferenced before assignment but never used, for example if there is no error to be printed, the driver won't crash probably due to compiler optimisations.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-38573
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-7.5||HIGH
EPSS-0.04% / 11.11%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 13:35
Updated-04 May, 2025 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cppc_cpufreq: Fix possible null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: cppc_cpufreq: Fix possible null pointer dereference cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from different places with various parameters. So cpufreq_cpu_get() can return null as 'policy' in some circumstances. Fix this bug by adding null return check. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinuxacrnlinux_kernel
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-38548
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.68%
||
7 Day CHG-0.00%
Published-19 Jun, 2024 | 13:35
Updated-04 May, 2025 | 09:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is assigned to mhdp_state->current_mode, and there is a dereference of it in drm_mode_set_name(), which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Fix this bug add a check of mhdp_state->current_mode.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-38559
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.57%
||
7 Day CHG-0.00%
Published-19 Jun, 2024 | 13:35
Updated-04 May, 2025 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
scsi: qedf: Ensure the copied buf is NUL terminated

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using kstrtouint. Fix this issue by using memdup_user_nul instead of memdup_user.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-38550
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 2.33%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 13:35
Updated-04 May, 2025 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASoC: kirkwood: Fix potential NULL dereference

In the Linux kernel, the following vulnerability has been resolved: ASoC: kirkwood: Fix potential NULL dereference In kirkwood_dma_hw_params() mv_mbus_dram_info() returns NULL if CONFIG_PLAT_ORION macro is not defined. Fix this bug by adding NULL check. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-42286
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.80%
||
7 Day CHG~0.00%
Published-17 Aug, 2024 | 09:08
Updated-04 May, 2025 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
scsi: qla2xxx: validate nvme_local_port correctly

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: validate nvme_local_port correctly The driver load failed with error message, qla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef and with a kernel crash, BUG: unable to handle kernel NULL pointer dereference at 0000000000000070 Workqueue: events_unbound qla_register_fcport_fn [qla2xxx] RIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc] RSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000 RDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000 RBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030 R10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4 R13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8 FS: 0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0 Call Trace: qla_nvme_register_remote+0xeb/0x1f0 [qla2xxx] ? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx] qla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx] qla_register_fcport_fn+0x54/0xc0 [qla2xxx] Exit the qla_nvme_register_remote() function when qla_nvme_register_hba() fails and correctly validate nvme_local_port.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-42277
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.25%
||
7 Day CHG~0.00%
Published-17 Aug, 2024 | 09:08
Updated-04 May, 2025 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en

In the Linux kernel, the following vulnerability has been resolved: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en In sprd_iommu_cleanup() before calling function sprd_iommu_hw_en() dom->sdev is equal to NULL, which leads to null dereference. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-42255
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 8.61%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 08:49
Updated-04 May, 2025 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
tpm: Use auth only after NULL check in tpm_buf_check_hmac_response()

In the Linux kernel, the following vulnerability has been resolved: tpm: Use auth only after NULL check in tpm_buf_check_hmac_response() Dereference auth after NULL check in tpm_buf_check_hmac_response(). Otherwise, unless tpm2_sessions_init() was called, a call can cause NULL dereference, when TCG_TPM2_HMAC is enabled. [jarkko: adjusted the commit message.]

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-38575
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.73%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 13:37
Updated-04 May, 2025 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wifi: brcmfmac: pcie: handle randbuf allocation failure

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: pcie: handle randbuf allocation failure The kzalloc() in brcmf_pcie_download_fw_nvram() will return null if the physical memory has run out. As a result, if we use get_random_bytes() to generate random bytes in the randbuf, the null pointer dereference bug will happen. In order to prevent allocation failure, this patch adds a separate function using buffer on kernel stack to generate random bytes in the randbuf, which could prevent the kernel stack from overflow.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-38546
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.68%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 13:35
Updated-04 May, 2025 | 09:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
drm: vc4: Fix possible null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: drm: vc4: Fix possible null pointer dereference In vc4_hdmi_audio_init() of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-36901
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.83%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 15:29
Updated-04 May, 2025 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ipv6: prevent NULL dereference in ip6_output()

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_output(). Most places in IPv6 stack deal with a NULL idev just fine, but not here. syzbot reported: general protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7] CPU: 0 PID: 9775 Comm: syz-executor.4 Not tainted 6.9.0-rc5-syzkaller-00157-g6a30653b604a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:ip6_output+0x231/0x3f0 net/ipv6/ip6_output.c:237 Code: 3c 1e 00 49 89 df 74 08 4c 89 ef e8 19 58 db f7 48 8b 44 24 20 49 89 45 00 49 89 c5 48 8d 9d e0 05 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 4c 8b 74 24 28 0f 85 61 01 00 00 8b 1b 31 ff RSP: 0018:ffffc9000927f0d8 EFLAGS: 00010202 RAX: 00000000000000bc RBX: 00000000000005e0 RCX: 0000000000040000 RDX: ffffc900131f9000 RSI: 0000000000004f47 RDI: 0000000000004f48 RBP: 0000000000000000 R08: ffffffff8a1f0b9a R09: 1ffffffff1f51fad R10: dffffc0000000000 R11: fffffbfff1f51fae R12: ffff8880293ec8c0 R13: ffff88805d7fc000 R14: 1ffff1100527d91a R15: dffffc0000000000 FS: 00007f135c6856c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000080 CR3: 0000000064096000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> NF_HOOK include/linux/netfilter.h:314 [inline] ip6_xmit+0xefe/0x17f0 net/ipv6/ip6_output.c:358 sctp_v6_xmit+0x9f2/0x13f0 net/sctp/ipv6.c:248 sctp_packet_transmit+0x26ad/0x2ca0 net/sctp/output.c:653 sctp_packet_singleton+0x22c/0x320 net/sctp/outqueue.c:783 sctp_outq_flush_ctrl net/sctp/outqueue.c:914 [inline] sctp_outq_flush+0x6d5/0x3e20 net/sctp/outqueue.c:1212 sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline] sctp_do_sm+0x59cc/0x60c0 net/sctp/sm_sideeffect.c:1169 sctp_primitive_ASSOCIATE+0x95/0xc0 net/sctp/primitive.c:73 __sctp_connect+0x9cd/0xe30 net/sctp/socket.c:1234 sctp_connect net/sctp/socket.c:4819 [inline] sctp_inet_connect+0x149/0x1f0 net/sctp/socket.c:4834 __sys_connect_file net/socket.c:2048 [inline] __sys_connect+0x2df/0x310 net/socket.c:2065 __do_sys_connect net/socket.c:2075 [inline] __se_sys_connect net/socket.c:2072 [inline] __x64_sys_connect+0x7a/0x90 net/socket.c:2072 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-36897
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.65%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 15:29
Updated-17 Jul, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
drm/amd/display: Atom Integrated System Info v2_2 for DCN35

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Atom Integrated System Info v2_2 for DCN35 New request from KMD/VBIOS in order to support new UMA carveout model. This fixes a null dereference from accessing Ctx->dc_bios->integrated_info while it was NULL. DAL parses through the BIOS and extracts the necessary integrated_info but was missing a case for the new BIOS version 2.3.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinuxlinux_kernel
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-42149
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.77%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 07:46
Updated-04 May, 2025 | 09:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fs: don't misleadingly warn during thaw operations

In the Linux kernel, the following vulnerability has been resolved: fs: don't misleadingly warn during thaw operations The block device may have been frozen before it was claimed by a filesystem. Concurrently another process might try to mount that frozen block device and has temporarily claimed the block device for that purpose causing a concurrent fs_bdev_thaw() to end up here. The mounter is already about to abort mounting because they still saw an elevanted bdev->bd_fsfreeze_count so get_bdev_super() will return NULL in that case. For example, P1 calls dm_suspend() which calls into bdev_freeze() before the block device has been claimed by the filesystem. This brings bdev->bd_fsfreeze_count to 1 and no call into fs_bdev_freeze() is required. Now P2 tries to mount that frozen block device. It claims it and checks bdev->bd_fsfreeze_count. As it's elevated it aborts mounting. In the meantime P3 called dm_resume(). P3 sees that the block device is already claimed by a filesystem and calls into fs_bdev_thaw(). P3 takes a passive reference and realizes that the filesystem isn't ready yet. P3 puts itself to sleep to wait for the filesystem to become ready. P2 now puts the last active reference to the filesystem and marks it as dying. P3 gets woken, sees that the filesystem is dying and get_bdev_super() fails.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-36489
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.89%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 10:18
Updated-04 May, 2025 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
tls: fix missing memory barrier in tls_init

In the Linux kernel, the following vulnerability has been resolved: tls: fix missing memory barrier in tls_init In tls_init(), a write memory barrier is missing, and store-store reordering may cause NULL dereference in tls_{setsockopt,getsockopt}. CPU0 CPU1 ----- ----- // In tls_init() // In tls_ctx_create() ctx = kzalloc() ctx->sk_proto = READ_ONCE(sk->sk_prot) -(1) // In update_sk_prot() WRITE_ONCE(sk->sk_prot, tls_prots) -(2) // In sock_common_setsockopt() READ_ONCE(sk->sk_prot)->setsockopt() // In tls_{setsockopt,getsockopt}() ctx->sk_proto->setsockopt() -(3) In the above scenario, when (1) and (2) are reordered, (3) can observe the NULL value of ctx->sk_proto, causing NULL dereference. To fix it, we rely on rcu_assign_pointer() which implies the release barrier semantic. By moving rcu_assign_pointer() after ctx->sk_proto is initialized, we can ensure that ctx->sk_proto are visible when changing sk->sk_prot.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-42307
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.45%
||
7 Day CHG~0.00%
Published-17 Aug, 2024 | 09:09
Updated-04 May, 2025 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path Dan Carpenter reported a Smack static checker warning: fs/smb/client/cifsfs.c:1981 init_cifs() error: we previously assumed 'serverclose_wq' could be null (see line 1895) The patch which introduced the serverclose workqueue used the wrong oredering in error paths in init_cifs() for freeing it on errors.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-36893
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.66%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 15:28
Updated-04 May, 2025 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
usb: typec: tcpm: Check for port partner validity before consuming it

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Check for port partner validity before consuming it typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: Unable to handle kernel NULL pointer dereference at virtual address xx pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08 .. Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before derefencing it in all the call sites.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2010-4263
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.9||HIGH
EPSS-5.08% / 89.40%
||
7 Day CHG~0.00%
Published-18 Jan, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)
Product-linux_kernelesxiesxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-36891
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.93%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 15:28
Updated-04 May, 2025 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
maple_tree: fix mas_empty_area_rev() null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix mas_empty_area_rev() null pointer dereference Currently the code calls mas_start() followed by mas_data_end() if the maple state is MA_START, but mas_start() may return with the maple state node == NULL. This will lead to a null pointer dereference when checking information in the NULL node, which is done in mas_data_end(). Avoid setting the offset if there is no node by waiting until after the maple state is checked for an empty or single entry state. A user could trigger the events to cause a kernel oops by unmapping all vmas to produce an empty maple tree, then mapping a vma that would cause the scenario described above.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2010-4342
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-1.69% / 81.47%
||
7 Day CHG~0.00%
Published-30 Dec, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP.

Action-Not Available
Vendor-n/aSUSELinux Kernel Organization, Inc
Product-linux_kernellinux_enterprise_servern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-36476
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.76%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 13:10
Updated-04 May, 2025 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RDMA/rtrs: Ensure 'ib_sge list' is accessible

In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ib_sge list' is accessible Move the declaration of the 'ib_sge list' variable outside the 'always_invalidate' block to ensure it remains accessible for use throughout the function. Previously, 'ib_sge list' was declared within the 'always_invalidate' block, limiting its accessibility, then caused a 'BUG: kernel NULL pointer dereference'[1]. ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2d0 ? search_module_extables+0x19/0x60 ? search_bpf_extables+0x5f/0x80 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? memcpy_orig+0xd5/0x140 rxe_mr_copy+0x1c3/0x200 [rdma_rxe] ? rxe_pool_get_index+0x4b/0x80 [rdma_rxe] copy_data+0xa5/0x230 [rdma_rxe] rxe_requester+0xd9b/0xf70 [rdma_rxe] ? finish_task_switch.isra.0+0x99/0x2e0 rxe_sender+0x13/0x40 [rdma_rxe] do_task+0x68/0x1e0 [rdma_rxe] process_one_work+0x177/0x330 worker_thread+0x252/0x390 ? __pfx_worker_thread+0x10/0x10 This change ensures the variable is available for subsequent operations that require it. [1] https://lore.kernel.org/linux-rdma/6a1f3e8f-deb0-49f9-bc69-a9b03ecfcda7@fujitsu.com/

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-37021
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.35%
||
7 Day CHG~0.00%
Published-24 Jun, 2024 | 13:56
Updated-04 May, 2025 | 09:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fpga: manager: add owner module and take its refcount

In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcount. This approach is problematic since it can lead to a null pointer dereference while attempting to get the manager if the parent device does not have a driver. To address this problem, add a module owner pointer to the fpga_manager struct and use it to take the module's refcount. Modify the functions for registering the manager to take an additional owner module parameter and rename them to avoid conflicts. Use the old function names for helper macros that automatically set the module that registers the manager as the owner. This ensures compatibility with existing low-level control modules and reduces the chances of registering a manager without setting the owner. Also, update the documentation to keep it consistent with the new interface for registering an fpga manager. Other changes: opportunistically move put_device() from __fpga_mgr_get() to fpga_mgr_get() and of_fpga_mgr_get() to improve code clarity since the manager device is taken in these functions.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 26
  • 27
  • Next
Details not found