Vulnerabilities > NULL Pointer Dereference

DATE CVE VULNERABILITY TITLE RISK
2024-09-27 CVE-2024-46857 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix bridge mode operations when there are no VFs Currently, trying to set the bridge mode attribute when numvfs=0 leads to a crash: bridge link set dev eth2 hwmode vepa [ 168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030 [...] [ 168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core] [...] [ 168.976037] Call Trace: [ 168.976188] <TASK> [ 168.978620] _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core] [ 168.979074] mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core] [ 168.979471] rtnl_bridge_setlink+0xe9/0x1f0 [ 168.979714] rtnetlink_rcv_msg+0x159/0x400 [ 168.980451] netlink_rcv_skb+0x54/0x100 [ 168.980675] netlink_unicast+0x241/0x360 [ 168.980918] netlink_sendmsg+0x1f6/0x430 [ 168.981162] ____sys_sendmsg+0x3bb/0x3f0 [ 168.982155] ___sys_sendmsg+0x88/0xd0 [ 168.985036] __sys_sendmsg+0x59/0xa0 [ 168.985477] do_syscall_64+0x79/0x150 [ 168.987273] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 168.987773] RIP: 0033:0x7f8f7950f917 (esw->fdb_table.legacy.vepa_fdb is null) The bridge mode is only relevant when there are multiple functions per port.
local
low complexity
linux CWE-476
5.5
5.5
2024-09-27 CVE-2024-46860 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change When disabling wifi mt7921_ipv6_addr_change() is called as a notifier. At this point mvif->phy is already NULL so we cannot use it here.
local
low complexity
linux CWE-476
5.5
5.5
2024-09-25 CVE-2024-20436 NULL Pointer Dereference vulnerability in Cisco IOS XE
A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a null pointer dereference when accessing specific URLs.
network
low complexity
cisco CWE-476
7.5
7.5
2024-09-20 CVE-2024-45809 NULL Pointer Dereference vulnerability in Envoyproxy Envoy
Envoy is a cloud-native high-performance edge/middle/service proxy.
network
low complexity
envoyproxy CWE-476
7.5
7.5
2024-09-18 CVE-2024-23915 NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).
network
low complexity
opennetworking CWE-476
7.5
7.5
2024-09-18 CVE-2024-23916 NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).
network
low complexity
opennetworking CWE-476
7.5
7.5
2024-09-18 CVE-2024-31164 NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).
network
low complexity
opennetworking CWE-476
7.5
7.5
2024-09-18 CVE-2024-31165 NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).
network
low complexity
opennetworking CWE-476
7.5
7.5
2024-09-18 CVE-2024-31167 NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).
network
low complexity
opennetworking CWE-476
7.5
7.5
2024-09-18 CVE-2024-31175 NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).
network
low complexity
opennetworking CWE-476
7.5
7.5