null pointer dereference

The recent RDMA/siw kernel fix for a potential NULL pointer dereference is a small patch with outsized relevance for anyone running software iWARP in Linux-based infrastructure. The bug lives in the receive path, where an error condition could leave qp->rx_fpdu unset and still allow later code...

A null-pointer dereference in the HDF5 C library — specifically in the cache flush routine H5C__flush_single_entry inside src/H5Centry.c — has been cataloged as CVE-2025-6858 and confirmed against HDF5 release 1.14.6, creating a reproducible crash primitive that can be triggered locally and has...

A null-pointer dereference in HDF5’s metadata cache code — tracked as CVE‑2025‑2926 — can cause application crashes when processing specially crafted HDF5 files and has been confirmed and patched upstream; operators and developers who build, ship, or accept HDF5 content must treat this as a...

A critical null-pointer flaw in the Linux kernel’s VMware graphics driver, tracked as CVE‑2025‑40110, has been fixed upstream; the defect — an unchecked null‑ptr access in the vmwgfx cursor snooper — can cause kernel oopses and local denial‑of‑service and should be treated as a timely patching...

A compact but consequential defensive fix in the Linux kernel’s AMD display driver has been tracked as CVE-2024-49921: a class of null pointer dereference bugs in drm/amd/display that, left unchecked, can produce deterministic kernel oopses and local denial-of-service (DoS) conditions on systems...

The Linux kernel’s AMD display subsystem received a targeted safety fix for CVE‑2024‑49920: a set of null‑pointer checks added to the DRM/AMD display code to prevent repeated dereferences of possibly NULL objects — a class of bugs that can trigger kernel crashes and sustained denial‑of‑service...

The Linux kernel vulnerability tracked as CVE-2024-42151 fixes a subtle but dangerous mismatch between how the eBPF verifier reasons about a test-case function parameter and how the test itself actually invokes that function — a situation that can let the verifier elide a NULL check and allow a...

A subtle NULL-pointer bug in the Linux ACPI code — tracked as CVE-2024-56782 — has been patched upstream but remains a live operational concern for many deployments because it can trigger kernel crashes and sustained denial-of-service conditions when certain local device paths are exercised...

A small, surgical kernel fix published as CVE-2025-40053 eliminates a null-pointer dereference in the D-Link Ethernet driver by properly handling a failed skb allocation; the change is tiny in code but important for system stability, particularly on hosts that process untrusted or high-volume...

The newly disclosed vulnerability in NIHON KOHDEN’s Central Monitor CNS-6201 (CVE-2025-59668) is a straightforward but dangerous example of how a simple memory-handling bug in an end‑of‑life medical device can translate into an operational safety problem for hospitals and clinical networks. A...

A recently assigned CVE identifier, CVE-2025-40013, tracks a kernel-level fix for a null pointer dereference in the Qualcomm ASoC audioreach driver; the patch adds a missing NULL check in the topology-parsing path to prevent dereferencing a NULL or error pointer returned by...

Rockwell Automation’s ControlLogix 5580 family has a newly republished advisory that raises the alarm for industrial operators: a remotely exploitable NULL pointer dereference in firmware version 35.013 can force a major nonrecoverable fault (MNRF) on affected controllers, producing a...

Microsoft’s Security Response Guide flags a null-pointer dereference in the Windows Ancillary Function Driver for WinSock (AFD.sys) that, when reached by a local, authorized user, can be weaponized into an elevation‑of‑privilege to SYSTEM — a high‑impact kernel vulnerability that demands...

Microsoft’s advisory confirms that a null pointer dereference in the Windows Ancillary Function Driver for WinSock (AFD.sys) can be triggered by a locally authorized attacker to elevate privileges to SYSTEM, creating a high-impact local elevation-of-privilege (EoP) risk for affected Windows...

A zero-day vulnerability lurking within the deepest layers of the Windows operating system is the sort of nightmare scenario that keeps IT professionals and security researchers up at night. The recent patch for CVE-2025-49686—a critical flaw identified by Marat Gayanov of Positive Technologies’...

A critical security vulnerability, identified as CVE-2025-49678, has been discovered within the Windows NTFS (New Technology File System). This flaw allows authorized attackers to elevate their privileges locally through a null pointer dereference. Microsoft has acknowledged the issue and...

A critical security vulnerability, identified as CVE-2025-49694, has been discovered in Microsoft's Brokering File System, posing significant risks to Windows users. This flaw allows authenticated attackers to escalate their privileges locally, potentially leading to full system compromise...

A newly disclosed vulnerability, known as CVE-2025-33057, has recently focused the attention of security professionals and Windows administrators worldwide. This Windows Local Security Authority (LSA) Denial of Service (DoS) flaw is a stark reminder of the delicate balance between operational...

A critical vulnerability has emerged in the core of Windows' security architecture, marked as CVE-2025-29838, and it is already stirring deep concern across the IT community. This flaw, present in the Windows ExecutionContext Driver, permits a local attacker to elevate privileges by exploiting a...

On October 10, 2024, a significant advisory was released by CISA regarding vulnerabilities found in Siemens' Teamcenter Visualization and JT2Go software. This notice is particularly alarming for organizations that rely on these applications, as it outlines potential risks that could lead to...