null pointer dereference

Linux disclosed CVE-2026-45834 on May 26, 2026, for a Bluetooth L2CAP flaw in the kernel where l2cap_sock_state_change_cb() could dereference a NULL socket pointer, with fixes referenced across stable kernel commits and no NVD CVSS score assigned yet. The bug is small in code terms and large in...

CVE-2026-45835 is a Linux kernel Bluetooth vulnerability published by NVD on May 26, 2026, after kernel.org reported a fixed NULL pointer dereference in L2CAP’s l2cap_sock_new_connection_cb() callback, with stable kernel patches already linked but no NVD severity score assigned yet. That dry...

A newly tracked Linux kernel flaw in the Marvell mvpp2 Ethernet driver shows how a tiny missing condition can still bring down a system, and this one is now cataloged as CVE-2026-23438. The bug is a NULL pointer dereference in the buffer-switching path, triggered when the driver updates...

CVE-2026-31458 is a small-looking Linux kernel flaw with very practical consequences: a privileged user can trigger a NULL pointer dereference in DAMON’s sysfs control path by shrinking the context list to zero and then issuing certain state updates while the daemon is running. The bug is now...

CVE-2026-31422 is a classic example of how a small assumption in the Linux networking stack can turn into a kernel crash. The flaw lives in net/sched/cls_flow, where flow_change() can dereference block->q to derive a default baseclass even when the filter is attached to a shared block that...

Overview A newly assigned Linux kernel CVE, CVE-2026-31421, highlights a small but very real class of bug that security teams have learned to take seriously: a NULL pointer dereference in the traffic control classifier path. The flaw sits in net/sched/cls_fw, the classic firewall-style...

The recent RDMA/siw kernel fix for a potential NULL pointer dereference is a small patch with outsized relevance for anyone running software iWARP in Linux-based infrastructure. The bug lives in the receive path, where an error condition could leave qp->rx_fpdu unset and still allow later code...

A null-pointer dereference in the HDF5 C library — specifically in the cache flush routine H5C__flush_single_entry inside src/H5Centry.c — has been cataloged as CVE-2025-6858 and confirmed against HDF5 release 1.14.6, creating a reproducible crash primitive that can be triggered locally and has...

A null-pointer dereference in HDF5’s metadata cache code — tracked as CVE‑2025‑2926 — can cause application crashes when processing specially crafted HDF5 files and has been confirmed and patched upstream; operators and developers who build, ship, or accept HDF5 content must treat this as a...

A critical null-pointer flaw in the Linux kernel’s VMware graphics driver, tracked as CVE‑2025‑40110, has been fixed upstream; the defect — an unchecked null‑ptr access in the vmwgfx cursor snooper — can cause kernel oopses and local denial‑of‑service and should be treated as a timely patching...

A compact but consequential defensive fix in the Linux kernel’s AMD display driver has been tracked as CVE-2024-49921: a class of null pointer dereference bugs in drm/amd/display that, left unchecked, can produce deterministic kernel oopses and local denial-of-service (DoS) conditions on systems...

The Linux kernel’s AMD display subsystem received a targeted safety fix for CVE‑2024‑49920: a set of null‑pointer checks added to the DRM/AMD display code to prevent repeated dereferences of possibly NULL objects — a class of bugs that can trigger kernel crashes and sustained denial‑of‑service...

The Linux kernel vulnerability tracked as CVE-2024-42151 fixes a subtle but dangerous mismatch between how the eBPF verifier reasons about a test-case function parameter and how the test itself actually invokes that function — a situation that can let the verifier elide a NULL check and allow a...

A subtle NULL-pointer bug in the Linux ACPI code — tracked as CVE-2024-56782 — has been patched upstream but remains a live operational concern for many deployments because it can trigger kernel crashes and sustained denial-of-service conditions when certain local device paths are exercised...

A small, surgical kernel fix published as CVE-2025-40053 eliminates a null-pointer dereference in the D-Link Ethernet driver by properly handling a failed skb allocation; the change is tiny in code but important for system stability, particularly on hosts that process untrusted or high-volume...

The newly disclosed vulnerability in NIHON KOHDEN’s Central Monitor CNS-6201 (CVE-2025-59668) is a straightforward but dangerous example of how a simple memory-handling bug in an end‑of‑life medical device can translate into an operational safety problem for hospitals and clinical networks. A...

A recently assigned CVE identifier, CVE-2025-40013, tracks a kernel-level fix for a null pointer dereference in the Qualcomm ASoC audioreach driver; the patch adds a missing NULL check in the topology-parsing path to prevent dereferencing a NULL or error pointer returned by...

Rockwell Automation’s ControlLogix 5580 family has a newly republished advisory that raises the alarm for industrial operators: a remotely exploitable NULL pointer dereference in firmware version 35.013 can force a major nonrecoverable fault (MNRF) on affected controllers, producing a...

Microsoft’s Security Response Guide flags a null-pointer dereference in the Windows Ancillary Function Driver for WinSock (AFD.sys) that, when reached by a local, authorized user, can be weaponized into an elevation‑of‑privilege to SYSTEM — a high‑impact kernel vulnerability that demands...

Microsoft’s advisory confirms that a null pointer dereference in the Windows Ancillary Function Driver for WinSock (AFD.sys) can be triggered by a locally authorized attacker to elevate privileges to SYSTEM, creating a high-impact local elevation-of-privilege (EoP) risk for affected Windows...