Vulnerabilities > NULL Pointer Dereference
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-06 | CVE-2024-58066 | NULL Pointer Dereference vulnerability in Linux Kernel 6.13/6.13.1 In the Linux kernel, the following vulnerability has been resolved: clk: mmp: pxa1908-apbcp: Fix a NULL vs IS_ERR() check The devm_kzalloc() function doesn't return error pointers, it returns NULL on error. | 5.5 |
| 2025-03-06 | CVE-2024-58067 | NULL Pointer Dereference vulnerability in Linux Kernel 6.13/6.13.1 In the Linux kernel, the following vulnerability has been resolved: clk: mmp: pxa1908-mpmu: Fix a NULL vs IS_ERR() check The devm_kzalloc() function returns NULL on error, not error pointers. Update the check to match. | 5.5 |
| 2025-03-06 | CVE-2024-58068 | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized If a driver calls dev_pm_opp_find_bw_ceil/floor() the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were missing in the OPP consumer node, the kernel will crash with: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004 ... pc : _read_bw+0x8/0x10 lr : _opp_table_find_key+0x9c/0x174 ... Call trace: _read_bw+0x8/0x10 (P) _opp_table_find_key+0x9c/0x174 (L) _find_key+0x98/0x168 dev_pm_opp_find_bw_ceil+0x50/0x88 ... In order to fix the crash, create an assert function to check if the bandwidth table was created before trying to get a bandwidth with _read_bw(). | 5.5 |
| 2025-03-06 | CVE-2024-58073 | NULL Pointer Dereference vulnerability in Linux Kernel 6.13/6.13.1 In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check dpu_plane_atomic_print_state() for valid sspp Similar to the r_pipe sspp protect, add a check to protect the pipe state prints to avoid NULL ptr dereference for cases when the state is dumped without a corresponding atomic_check() where the pipe->sspp is assigned. Patchwork: https://patchwork.freedesktop.org/patch/628404/ | 5.5 |
| 2025-03-04 | CVE-2025-21084 | NULL Pointer Dereference vulnerability in Openatom Openharmony in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer dereference.. | 7.8 |
| 2025-03-04 | CVE-2025-21097 | NULL Pointer Dereference vulnerability in Openatom Openharmony in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference. | 5.5 |
| 2025-03-04 | CVE-2025-22837 | NULL Pointer Dereference vulnerability in Openatom Openharmony in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference. | 5.5 |
| 2025-03-03 | CVE-2024-53024 | NULL Pointer Dereference vulnerability in Qualcomm products Memory corruption in display driver while detaching a device. | 7.8 |
| 2025-02-27 | CVE-2024-57978 | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Fix potential error pointer dereference in detach_pm() The proble is on the first line: if (jpeg->pd_dev[i] && !pm_runtime_suspended(jpeg->pd_dev[i])) If jpeg->pd_dev[i] is an error pointer, then passing it to pm_runtime_suspended() will lead to an Oops. | 5.5 |
| 2025-02-27 | CVE-2024-57981 | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix NULL pointer dereference on certain command aborts If a command is queued to the final usable TRB of a ring segment, the enqueue pointer is advanced to the subsequent link TRB and no further. If the command is later aborted, when the abort completion is handled the dequeue pointer is advanced to the first TRB of the next segment. If no further commands are queued, xhci_handle_stopped_cmd_ring() sees the ring pointers unequal and assumes that there is a pending command, so it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL. Don't attempt timer setup if cur_cmd is NULL. | 5.5 |