CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-4XPQ-QFH7-R9H2
Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2024-04-04 07:07The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS.
{
"affected": [],
"aliases": [
"CVE-2022-36648"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-22T19:16:23Z",
"severity": "CRITICAL"
},
"details": "The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS.",
"id": "GHSA-4xpq-qfh7-r9h2",
"modified": "2024-04-04T07:07:08Z",
"published": "2023-08-22T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36648"
},
{
"type": "WEB",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231006-0004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4XQ8-M4F5-H82H
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-24 18:30In the Linux kernel, the following vulnerability has been resolved:
usb: fix various gadgets null ptr deref on 10gbps cabling.
This avoids a null pointer dereference in f_{ecm,eem,hid,loopback,printer,rndis,serial,sourcesink,subset,tcm} by simply reusing the 5gbps config for 10gbps.
{
"affected": [],
"aliases": [
"CVE-2021-47270"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:15Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: fix various gadgets null ptr deref on 10gbps cabling.\n\nThis avoids a null pointer dereference in\nf_{ecm,eem,hid,loopback,printer,rndis,serial,sourcesink,subset,tcm}\nby simply reusing the 5gbps config for 10gbps.",
"id": "GHSA-4xq8-m4f5-h82h",
"modified": "2024-12-24T18:30:48Z",
"published": "2024-05-21T15:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47270"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/10770d2ac0094b053c8897d96d7b2737cd72f7c5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b289a0f3033f465b4fd51ba995251a7867a2aa2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8cd5f45c1b769e3e9e0f4325dd08b6c3749dc7ee"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/90c4d05780d47e14a50e11a7f17373104cd47d25"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b4903f7fdc484628d0b8022daf86e2439d3ab4db"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/beb1e67a5ca8d69703c776db9000527f44c0c93c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f17aae7c4009160f0630a91842a281773976a5bc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-522R-8R5C-938W
Vulnerability from github – Published: 2022-05-17 02:57 – Updated: 2022-05-17 02:57All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an attempt to access an invalid object pointer may lead to denial of service or potential escalation of privileges.
{
"affected": [],
"aliases": [
"CVE-2017-0315"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-15T23:59:00Z",
"severity": "HIGH"
},
"details": "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an attempt to access an invalid object pointer may lead to denial of service or potential escalation of privileges.",
"id": "GHSA-522r-8r5c-938w",
"modified": "2022-05-17T02:57:57Z",
"published": "2022-05-17T02:57:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0315"
},
{
"type": "WEB",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-523C-3CG7-7HHV
Vulnerability from github – Published: 2025-10-07 18:31 – Updated: 2026-02-04 00:30In the Linux kernel, the following vulnerability has been resolved:
ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
smatch error: sound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error: we previously assumed 'rac97' could be null (see line 2072)
remove redundant assignment, return error if rac97 is NULL.
{
"affected": [],
"aliases": [
"CVE-2023-53648"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-07T16:15:48Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer\n\nsmatch error:\nsound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error:\nwe previously assumed \u0027rac97\u0027 could be null (see line 2072)\n\nremove redundant assignment, return error if rac97 is NULL.",
"id": "GHSA-523c-3cg7-7hhv",
"modified": "2026-02-04T00:30:27Z",
"published": "2025-10-07T18:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53648"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/09baf460dfba79ee6a0c72e68ccdbbba84d894df"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/228da1fa124470606ac19783e551f9d51a1e01b0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/300e26e3e64880de5013eac8831cf44387ef752c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5f13d67027fa782096e6aee0db5dce61c4aeb613"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/79597c8bf64ca99eab385115743131d260339da5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/809af7bb4219bdeef0dbb8b2ed700d6516d13fe9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d28b83252e150155b8b8c65b612c555e93c8b45f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e4cccff1e7ab6ea30995b6fbbb007d02647e025c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f923a582217b198b557756809ffe42ac0fad6adb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-525M-66C5-WJMH
Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via a crafted application that makes a TSC_GET_CARD_STATUS ioctl call.
{
"affected": [],
"aliases": [
"CVE-2015-0573"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-08-07T21:59:00Z",
"severity": "CRITICAL"
},
"details": "drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via a crafted application that makes a TSC_GET_CARD_STATUS ioctl call.",
"id": "GHSA-525m-66c5-wjmh",
"modified": "2022-05-13T01:24:35Z",
"published": "2022-05-13T01:24:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0573"
},
{
"type": "WEB",
"url": "https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=e20f20aaed6b6d2fd1667bad9be9ef35103a51df"
},
{
"type": "WEB",
"url": "https://www.codeaurora.org/issues-tsc-tspp2-and-buspm-drivers-cve-2015-0573-cve-2016-2441-cve-2016-2442"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-529G-PPV4-566R
Vulnerability from github – Published: 2026-07-01 15:35 – Updated: 2026-07-01 15:35RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.
{
"affected": [],
"aliases": [
"CVE-2026-14324"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-01T15:17:06Z",
"severity": "MODERATE"
},
"details": "RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.",
"id": "GHSA-529g-ppv4-566r",
"modified": "2026-07-01T15:35:20Z",
"published": "2026-07-01T15:35:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14324"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-14324"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2495903"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-52FX-69C2-5GH6
Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2025-04-20 03:37The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.
{
"affected": [],
"aliases": [
"CVE-2017-8843"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-08T14:29:00Z",
"severity": "MODERATE"
},
"details": "The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.",
"id": "GHSA-52fx-69c2-5gh6",
"modified": "2025-04-20T03:37:20Z",
"published": "2022-05-13T01:26:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8843"
},
{
"type": "WEB",
"url": "https://github.com/ckolivas/lrzip/issues/69"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-join_pthread-stream-c"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202005-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-52H6-VCV4-GR3C
Vulnerability from github – Published: 2022-05-14 01:28 – Updated: 2022-05-14 01:28In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.
{
"affected": [],
"aliases": [
"CVE-2018-7548"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-27T22:29:00Z",
"severity": "CRITICAL"
},
"details": "In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.",
"id": "GHSA-52h6-vcv4-gr3c",
"modified": "2022-05-14T01:28:46Z",
"published": "2022-05-14T01:28:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7548"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201805-10"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3593-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-52H9-53CV-VM4J
Vulnerability from github – Published: 2024-04-26 15:30 – Updated: 2025-01-27 15:30In the Linux kernel, the following vulnerability has been resolved:
aio: fix mremap after fork null-deref
Commit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced a null-deref if mremap is called on an old aio mapping after fork as mm->ioctx_table will be set to NULL.
[jmoyer@redhat.com: fix 80 column issue]
{
"affected": [],
"aliases": [
"CVE-2023-52646"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-26T13:15:46Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\naio: fix mremap after fork null-deref\n\nCommit e4a0d3e720e7 (\"aio: Make it possible to remap aio ring\") introduced\na null-deref if mremap is called on an old aio mapping after fork as\nmm-\u003eioctx_table will be set to NULL.\n\n[jmoyer@redhat.com: fix 80 column issue]",
"id": "GHSA-52h9-53cv-vm4j",
"modified": "2025-01-27T15:30:56Z",
"published": "2024-04-26T15:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52646"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/178993157e8c50aef7f35d7d6d3b44bb428199e1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4326d0080f7e84fba775da41d158f46cf9d3f1c2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/808f1e4b5723ae4eda724d2ad6f6638905eefd95"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/81e9d6f8647650a7bead74c5f926e29970e834d1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/af126acf01a12bdb04986fd26fc2eb3b40249e0d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c261f798f7baa8080cf0214081d43d5f86bb073f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d8dca1bfe9adcae38b35add64977818c0c13dd22"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-52J6-G7FJ-MFJM
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-14 21:30In the Linux kernel, the following vulnerability has been resolved:
tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf()
A null pointer dereference can happen when attempting to access the "gsm->receive()" function in gsmld_receive_buf(). Currently, the code assumes that gsm->recieve is only called after MUX activation. Since the gsmld_receive_buf() function can be accessed without the need to initialize the MUX, the gsm->receive() function will not be set and a NULL pointer dereference will occur.
Fix this by avoiding the call to "gsm->receive()" in case the function is not initialized by adding a sanity check.
Call Trace: gsmld_receive_buf+0x1c2/0x2f0 drivers/tty/n_gsm.c:2861 tiocsti drivers/tty/tty_io.c:2293 [inline] tty_ioctl+0xa75/0x15d0 drivers/tty/tty_io.c:2692 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd
{
"affected": [],
"aliases": [
"CVE-2022-49940"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:20Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: add sanity check for gsm-\u003ereceive in gsm_receive_buf()\n\nA null pointer dereference can happen when attempting to access the\n\"gsm-\u003ereceive()\" function in gsmld_receive_buf(). Currently, the code\nassumes that gsm-\u003erecieve is only called after MUX activation.\nSince the gsmld_receive_buf() function can be accessed without the need to\ninitialize the MUX, the gsm-\u003ereceive() function will not be set and a\nNULL pointer dereference will occur.\n\nFix this by avoiding the call to \"gsm-\u003ereceive()\" in case the function is\nnot initialized by adding a sanity check.\n\nCall Trace:\n \u003cTASK\u003e\n gsmld_receive_buf+0x1c2/0x2f0 drivers/tty/n_gsm.c:2861\n tiocsti drivers/tty/tty_io.c:2293 [inline]\n tty_ioctl+0xa75/0x15d0 drivers/tty/tty_io.c:2692\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"id": "GHSA-52j6-g7fj-mfjm",
"modified": "2025-11-14T21:30:27Z",
"published": "2025-06-18T12:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49940"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/309aea4b6b813f6678c3a547cfd7fe3a76ffa976"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5a82cf64f8ad63caf6bf115642ce44ddbc64311e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5aa37f9510345a812c0998bcbbc4d88d1dcc4d8b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f16c6d2e58a4c2b972efcf9eb12390ee0ba3befb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.