CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6298 vulnerabilities reference this CWE, most recent first.
GHSA-5WXH-HJ25-35HH
Vulnerability from github – Published: 2022-07-13 00:01 – Updated: 2022-07-20 00:00The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.
{
"affected": [],
"aliases": [
"CVE-2022-34736"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-12T14:15:00Z",
"severity": "HIGH"
},
"details": "The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.",
"id": "GHSA-5wxh-hj25-35hh",
"modified": "2022-07-20T00:00:24Z",
"published": "2022-07-13T00:01:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34736"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2022/7"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202207-0000001342389149"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5WXQ-6P7V-M87W
Vulnerability from github – Published: 2024-11-05 18:32 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd: Guard against bad data for ATIF ACPI method
If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller.
? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1))
? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434)
? page_fault_oops (arch/x86/mm/fault.c:544 (discriminator 2) arch/x86/mm/fault.c:705 (discriminator 2))
? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminator 1) arch/x86/mm/fault.c:1232 (discriminator 1))
? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642)
? exc_page_fault (arch/x86/mm/fault.c:1542)
? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623)
? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminator 2)) amdgpu
? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminator 1)) amdgpu
It has been encountered on at least one system, so guard for it.
(cherry picked from commit c9b7c809b89f24e9372a4e7f02d64c950b07fdee)
{
"affected": [],
"aliases": [
"CVE-2024-50117"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-05T18:15:14Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Guard against bad data for ATIF ACPI method\n\nIf a BIOS provides bad data in response to an ATIF method call\nthis causes a NULL pointer dereference in the caller.\n\n```\n? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1))\n? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434)\n? page_fault_oops (arch/x86/mm/fault.c:544 (discriminator 2) arch/x86/mm/fault.c:705 (discriminator 2))\n? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminator 1) arch/x86/mm/fault.c:1232 (discriminator 1))\n? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642)\n? exc_page_fault (arch/x86/mm/fault.c:1542)\n? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623)\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminator 2)) amdgpu\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminator 1)) amdgpu\n```\n\nIt has been encountered on at least one system, so guard for it.\n\n(cherry picked from commit c9b7c809b89f24e9372a4e7f02d64c950b07fdee)",
"id": "GHSA-5wxq-6p7v-m87w",
"modified": "2025-11-04T00:31:55Z",
"published": "2024-11-05T18:32:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50117"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1d7175f9c57b1abf9ecfbdfd53ea760761f52ffe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/234682910971732cd4da96fd95946e296e486b38"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/43b4fa6e0e238c6e2662f4fb61d9f51c2785fb1d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/58556dcbd5606a5daccaee73b2130bc16b48e025"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6032287747f874b52dc8b9d7490e2799736e035f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/975ede2a7bec52b5da1428829b3439667c8a234b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bf58f03931fdcf7b3c45cb76ac13244477a60f44"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cd67af3c1762de4c2483ae4dbdd98f9ea8fa56e3"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5X4C-VWV3-GHP2
Vulnerability from github – Published: 2026-05-19 06:30 – Updated: 2026-05-19 06:30in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
{
"affected": [],
"aliases": [
"CVE-2026-25110"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-19T04:16:28Z",
"severity": "LOW"
},
"details": "in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.",
"id": "GHSA-5x4c-vwv3-ghp2",
"modified": "2026-05-19T06:30:29Z",
"published": "2026-05-19T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25110"
},
{
"type": "WEB",
"url": "https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-04.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-5X55-XCJP-HQWX
Vulnerability from github – Published: 2021-12-21 00:00 – Updated: 2021-12-21 00:00Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-43749"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-20T21:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-5x55-xcjp-hqwx",
"modified": "2021-12-21T00:00:26Z",
"published": "2021-12-21T00:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43749"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5X5R-X3M2-4893
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
{
"affected": [],
"aliases": [
"CVE-2021-31259"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-19T19:15:00Z",
"severity": "MODERATE"
},
"details": "The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.",
"id": "GHSA-5x5r-x3m2-4893",
"modified": "2022-05-24T17:47:51Z",
"published": "2022-05-24T17:47:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31259"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1735"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/3b84ffcbacf144ce35650df958432f472b6483f8"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5X62-XMMP-3F69
Vulnerability from github – Published: 2024-05-19 12:30 – Updated: 2026-05-12 12:31In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
If hci_cmd_sync_complete() is triggered and skb is NULL, then hdev->req_skb is NULL, which will cause this issue.
{
"affected": [],
"aliases": [
"CVE-2024-35933"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-19T11:15:49Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btintel: Fix null ptr deref in btintel_read_version\n\nIf hci_cmd_sync_complete() is triggered and skb is NULL, then\nhdev-\u003ereq_skb is NULL, which will cause this issue.",
"id": "GHSA-5x62-xmmp-3f69",
"modified": "2026-05-12T12:31:50Z",
"published": "2024-05-19T12:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35933"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/006936ecb4edfc3102464044f75858c714e34d28"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/22d3053ef05f0b5045e45bd91e7473846261d65e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/68a69bb2ecafaacdb998a87783068fb51736f43b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/86e9b47e8a75c74b1bd83a479979b425c5dc8bd9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b19fe5eea619d54eea59bb8a37c0f8d00ef0e912"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b79e040910101b020931ba0c9a6b77e81ab7f645"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ec2049fb2b8be3e108fe2ef1f1040f91e72c9990"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ffdca0a62abaf8c41d8d9ea132000fd808de329b"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5X73-G3F4-QR77
Vulnerability from github – Published: 2022-05-17 00:12 – Updated: 2022-05-17 00:12K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request.
{
"affected": [],
"aliases": [
"CVE-2017-17700"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-15T20:29:00Z",
"severity": "CRITICAL"
},
"details": "K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request.",
"id": "GHSA-5x73-g3f4-qr77",
"modified": "2022-05-17T00:12:24Z",
"published": "2022-05-17T00:12:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17700"
},
{
"type": "WEB",
"url": "https://github.com/mmmxny/K7-Antivirus/tree/master/cve1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5X75-H4P9-MF5P
Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2022-05-24 16:50An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).
{
"affected": [],
"aliases": [
"CVE-2019-13161"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-12T20:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).",
"id": "GHSA-5x75-h4p9-mf5p",
"modified": "2022-05-24T16:50:12Z",
"published": "2022-05-24T16:50:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13161"
},
{
"type": "WEB",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28465"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"type": "WEB",
"url": "http://downloads.digium.com/pub/security/AST-2019-003.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5X7H-3M5J-HRPM
Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2023-04-19 18:31Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables
{
"affected": [],
"aliases": [
"CVE-2021-35068"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-11T11:15:00Z",
"severity": "CRITICAL"
},
"details": "Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"id": "GHSA-5x7h-3m5j-hrpm",
"modified": "2023-04-19T18:31:04Z",
"published": "2022-02-12T00:00:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35068"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2022-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5XCW-9Q32-27QC
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
media: imx-jpeg: Set video drvdata before register video device
The video drvdata should be set before the video device is registered, otherwise video_drvdata() may return NULL in the open() file ops, and led to oops.
{
"affected": [],
"aliases": [
"CVE-2024-56578"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T15:15:16Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.",
"id": "GHSA-5xcw-9q32-27qc",
"modified": "2025-11-03T21:31:51Z",
"published": "2024-12-27T15:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56578"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5ade59d28eade49194eb09765afdeb0ba717c39a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/68efeff2f7fccdfedc55f92e92be32997127d16e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b88556e82dc18cb708744d062770853a2d5095b2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d2b7ecc26bd5406d5ba927be1748aa99c568696c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f68bb1210fbea252552d97242757f69a219e942b"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.