CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-4RVW-GF8W-HJ4X
Vulnerability from github – Published: 2022-05-14 01:19 – Updated: 2022-05-14 01:19Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.
{
"affected": [],
"aliases": [
"CVE-2018-15858"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-25T21:29:00Z",
"severity": "MODERATE"
},
"details": "Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.",
"id": "GHSA-4rvw-gf8w-hj4x",
"modified": "2022-05-14T01:19:06Z",
"published": "2022-05-14T01:19:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15858"
},
{
"type": "WEB",
"url": "https://github.com/xkbcommon/libxkbcommon/commit/badb428e63387140720f22486b3acbd3d738859f"
},
{
"type": "WEB",
"url": "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201810-05"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3786-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3786-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4V2G-FXCQ-4J44
Vulnerability from github – Published: 2024-03-26 18:32 – Updated: 2024-11-04 18:31In the Linux kernel, the following vulnerability has been resolved:
iio: adc: ad7091r: Allow users to configure device events
AD7091R-5 devices are supported by the ad7091r-5 driver together with the ad7091r-base driver. Those drivers declared iio events for notifying user space when ADC readings fall bellow the thresholds of low limit registers or above the values set in high limit registers. However, to configure iio events and their thresholds, a set of callback functions must be implemented and those were not present until now. The consequence of trying to configure ad7091r-5 events without the proper callback functions was a null pointer dereference in the kernel because the pointers to the callback functions were not set.
Implement event configuration callbacks allowing users to read/write event thresholds and enable/disable event generation.
Since the event spec structs are generic to AD7091R devices, also move those from the ad7091r-5 driver the base driver so they can be reused when support for ad7091r-2/-4/-8 be added.
{
"affected": [],
"aliases": [
"CVE-2023-52627"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-26T18:15:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7091r: Allow users to configure device events\n\nAD7091R-5 devices are supported by the ad7091r-5 driver together with\nthe ad7091r-base driver. Those drivers declared iio events for notifying\nuser space when ADC readings fall bellow the thresholds of low limit\nregisters or above the values set in high limit registers.\nHowever, to configure iio events and their thresholds, a set of callback\nfunctions must be implemented and those were not present until now.\nThe consequence of trying to configure ad7091r-5 events without the\nproper callback functions was a null pointer dereference in the kernel\nbecause the pointers to the callback functions were not set.\n\nImplement event configuration callbacks allowing users to read/write\nevent thresholds and enable/disable event generation.\n\nSince the event spec structs are generic to AD7091R devices, also move\nthose from the ad7091r-5 driver the base driver so they can be reused\nwhen support for ad7091r-2/-4/-8 be added.",
"id": "GHSA-4v2g-fxcq-4j44",
"modified": "2024-11-04T18:31:17Z",
"published": "2024-03-26T18:32:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52627"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/137568aa540a9f587c48ff7d4c51cdba08cfe9a4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1eba6f7ffa295a0eec098c107043074be7cc4ec5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/49f322ce1f265935f15e5512da69a399f27a5091"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/55aca2ce91a63740278502066beaddbd841af9c6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/89c4e63324e208a23098f7fb15c00487cecbfed2"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4V5P-WG3C-R4X4
Vulnerability from github – Published: 2022-05-14 01:01 – Updated: 2022-05-14 01:01The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c.
{
"affected": [],
"aliases": [
"CVE-2018-19939"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-07T09:29:00Z",
"severity": "HIGH"
},
"details": "The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c.",
"id": "GHSA-4v5p-wg3c-r4x4",
"modified": "2022-05-14T01:01:19Z",
"published": "2022-05-14T01:01:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19939"
},
{
"type": "WEB",
"url": "https://github.com/MiCode/Xiaomi_Kernel_OpenSource/issues/972"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4V5V-52WM-9X72
Vulnerability from github – Published: 2025-09-11 18:35 – Updated: 2025-11-26 18:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: add null check
[WHY] Prevents null pointer dereferences to enhance function robustness
[HOW] Adds early null check and return false if invalid.
{
"affected": [],
"aliases": [
"CVE-2025-39762"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-11T17:15:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: add null check\n\n[WHY]\nPrevents null pointer dereferences to enhance function robustness\n\n[HOW]\nAdds early null check and return false if invalid.",
"id": "GHSA-4v5v-52wm-9x72",
"modified": "2025-11-26T18:31:02Z",
"published": "2025-09-11T18:35:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39762"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/10d97cc1a14ef1f611e156b0b27e8b226e103cc2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/13895744e2c639324cf3cb18f2ba4e3f400dd0dd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/158b9201c17fc93ed4253c2f03b77fd2671669a1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4V63-9RGJ-4J4X
Vulnerability from github – Published: 2025-03-11 18:32 – Updated: 2025-03-11 18:32InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-27176"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-11T18:15:35Z",
"severity": "MODERATE"
},
"details": "InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-4v63-9rgj-4j4x",
"modified": "2025-03-11T18:32:21Z",
"published": "2025-03-11T18:32:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27176"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/indesign/apsb25-19.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4V8V-PR95-RHX7
Vulnerability from github – Published: 2022-11-29 00:30 – Updated: 2025-04-14 18:31A NULL pointer dereference issue was discovered in the Linux kernel in the MPTCP protocol when traversing the subflow list at disconnect time. A local user could use this flaw to potentially crash the system causing a denial of service.
{
"affected": [],
"aliases": [
"CVE-2022-4128"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-28T22:15:00Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference issue was discovered in the Linux kernel in the MPTCP protocol when traversing the subflow list at disconnect time. A local user could use this flaw to potentially crash the system causing a denial of service.",
"id": "GHSA-4v8v-pr95-rhx7",
"modified": "2025-04-14T18:31:41Z",
"published": "2022-11-29T00:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4128"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/5c835bb142d4"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/netdev/20220708233610.410786-2-mathew.j.martineau%40linux.intel.com"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/netdev/20220708233610.410786-2-mathew.j.martineau@linux.intel.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4VFF-8C4J-M2J6
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-10 21:30In the Linux kernel, the following vulnerability has been resolved:
btrfs: zoned: initialize device's zone info for seeding
When performing seeding on a zoned filesystem it is necessary to initialize each zoned device's btrfs_zoned_device_info structure, otherwise mounting the filesystem will cause a NULL pointer dereference.
This was uncovered by fstests' testcase btrfs/163.
{
"affected": [],
"aliases": [
"CVE-2022-49831"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T15:16:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: initialize device\u0027s zone info for seeding\n\nWhen performing seeding on a zoned filesystem it is necessary to\ninitialize each zoned device\u0027s btrfs_zoned_device_info structure,\notherwise mounting the filesystem will cause a NULL pointer dereference.\n\nThis was uncovered by fstests\u0027 testcase btrfs/163.",
"id": "GHSA-4vff-8c4j-m2j6",
"modified": "2025-11-10T21:30:28Z",
"published": "2025-05-01T15:31:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49831"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/544f38a738343d7e75f104e5e9d1ade58d8b71bd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/91c38504e589dadbcde47b1cacdfc5b684154d44"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a8d1b1647bf8244a5f270538e9e636e2657fffa3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4VGM-5R69-WVP8
Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2022-05-13 01:11The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.
{
"affected": [],
"aliases": [
"CVE-2013-1416"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-04-19T11:44:00Z",
"severity": "MODERATE"
},
"details": "The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.",
"id": "GHSA-4vgm-5r69-wvp8",
"modified": "2022-05-13T01:11:49Z",
"published": "2022-05-13T01:11:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1416"
},
{
"type": "WEB",
"url": "https://github.com/krb5/krb5/commit/8ee70ec63931d1e38567905387ab9b1d45734d81"
},
{
"type": "WEB",
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7600"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102058.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102074.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00011.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00041.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00102.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0748.html"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:157"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:158"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4VH4-4HC3-J47R
Vulnerability from github – Published: 2022-05-14 03:11 – Updated: 2022-05-14 03:11libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c.
{
"affected": [],
"aliases": [
"CVE-2018-12460"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-15T15:29:00Z",
"severity": "MODERATE"
},
"details": "libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c.",
"id": "GHSA-4vh4-4hc3-j47r",
"modified": "2022-05-14T03:11:12Z",
"published": "2022-05-14T03:11:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://github.com/FFmpeg/FFmpeg/commit/b3332a182f8ba33a34542e4a0370f38b914ccf7d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4VHM-95HF-QF25
Vulnerability from github – Published: 2024-10-21 18:31 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
In mlx5e_tir_builder_alloc() kvzalloc() may return NULL which is dereferenced on the next line in a reference to the modify field.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
{
"affected": [],
"aliases": [
"CVE-2024-50000"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:20Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()\n\nIn mlx5e_tir_builder_alloc() kvzalloc() may return NULL\nwhich is dereferenced on the next line in a reference\nto the modify field.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"id": "GHSA-4vhm-95hf-qf25",
"modified": "2025-11-04T00:31:44Z",
"published": "2024-10-21T18:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50000"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0168ab6fbd9e50d20b97486168b604b2ab28a2ca"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1bcc86cc721bea68980098f51f102aa2c2b9d932"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4655456a64a0f936098c8432bac64e7176bd2aff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4d80dde26d7bab1320210279483ac854dcb274b2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b48ee5bb25c02ca2b81e0d16bf8af17ab6ed3f8b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f25389e779500cf4a59ef9804534237841bce536"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.