CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
GHSA-6579-JP4W-XM59
Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2024-12-30 18:30In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: qca: fix NULL-deref on non-serdev suspend
Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL.
Add the missing sanity check to prevent a NULL-pointer dereference when wakeup() is called for a non-serdev controller during suspend.
Just return true for now to restore the original behaviour and address the crash with pre-6.2 kernels, which do not have commit e9b3e5b8c657 ("Bluetooth: hci_qca: only assign wakeup with serial port support") that causes the crash to happen already at setup() time.
{
"affected": [],
"aliases": [
"CVE-2024-35851"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T15:15:21Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: fix NULL-deref on non-serdev suspend\n\nQualcomm ROME controllers can be registered from the Bluetooth line\ndiscipline and in this case the HCI UART serdev pointer is NULL.\n\nAdd the missing sanity check to prevent a NULL-pointer dereference when\nwakeup() is called for a non-serdev controller during suspend.\n\nJust return true for now to restore the original behaviour and address\nthe crash with pre-6.2 kernels, which do not have commit e9b3e5b8c657\n(\"Bluetooth: hci_qca: only assign wakeup with serial port support\") that\ncauses the crash to happen already at setup() time.",
"id": "GHSA-6579-jp4w-xm59",
"modified": "2024-12-30T18:30:40Z",
"published": "2024-05-17T15:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35851"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/52f9041deaca3fc5c40ef3b9cb943993ec7d2489"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6b47cdeb786c38e4174319218db3fa6d7b4bba88"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/73e87c0a49fda31d7b589edccf4c72e924411371"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b64092d2f108f0cd1d7fd7e176f5fb2a67a2f189"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e60502b907be350c518819297b565007a94c706d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-657P-CP5V-HVXV
Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2024-12-30 18:30In the Linux kernel, the following vulnerability has been resolved:
mm: zswap: fix shrinker NULL crash with cgroup_disable=memory
Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs [1] and the Red Hat bugzilla [2].
The problem is that when memcg is disabled with the boot time flag, the zswap shrinker might get called with sc->memcg == NULL. This is okay in many places, like the lruvec operations. But it crashes in memcg_page_state() - which is only used due to the non-node accounting of cgroup's the zswap memory to begin with.
Nhat spotted that the memcg can be NULL in the memcg-disabled case, and I was then able to reproduce the crash locally as well.
[1] https://github.com/libguestfs/libguestfs/issues/139 [2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252
{
"affected": [],
"aliases": [
"CVE-2024-35846"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T15:15:21Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: fix shrinker NULL crash with cgroup_disable=memory\n\nChristian reports a NULL deref in zswap that he bisected down to the zswap\nshrinker. The issue also cropped up in the bug trackers of libguestfs [1]\nand the Red Hat bugzilla [2].\n\nThe problem is that when memcg is disabled with the boot time flag, the\nzswap shrinker might get called with sc-\u003ememcg == NULL. This is okay in\nmany places, like the lruvec operations. But it crashes in\nmemcg_page_state() - which is only used due to the non-node accounting of\ncgroup\u0027s the zswap memory to begin with.\n\nNhat spotted that the memcg can be NULL in the memcg-disabled case, and I\nwas then able to reproduce the crash locally as well.\n\n[1] https://github.com/libguestfs/libguestfs/issues/139\n[2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252",
"id": "GHSA-657p-cp5v-hvxv",
"modified": "2024-12-30T18:30:40Z",
"published": "2024-05-17T15:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35846"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/682886ec69d22363819a83ddddd5d66cb5c791e1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b0fdabc908a7f81d12382c87ca9e46a9c2e14042"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-659G-9V9Q-GQ45
Vulnerability from github – Published: 2026-02-02 03:31 – Updated: 2026-02-02 03:31A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue.
{
"affected": [],
"aliases": [
"CVE-2026-1739"
],
"database_specific": {
"cwe_ids": [
"CWE-404",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-02T02:16:10Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue.",
"id": "GHSA-659g-9v9q-gq45",
"modified": "2026-02-02T03:31:18Z",
"published": "2026-02-02T03:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1739"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/free5gc/issues/803"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/free5gc/issues/803#issue-3815770007"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/pcf/pull/62"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/pcf/commit/df535f5524314620715e842baf9723efbeb481a7"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/pcf"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.343638"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.343638"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.741194"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-65F4-Q4WV-FRPQ
Vulnerability from github – Published: 2022-06-03 00:00 – Updated: 2022-06-10 00:00An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function.
{
"affected": [],
"aliases": [
"CVE-2021-33254"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-02T14:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function.",
"id": "GHSA-65f4-q4wv-frpq",
"modified": "2022-06-10T00:00:59Z",
"published": "2022-06-03T00:00:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33254"
},
{
"type": "WEB",
"url": "https://awxylitol.github.io/2021/05/09/embedthis-appweb-npd-bug.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-65HJ-3FRP-CWQP
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-01-08 21:32In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp
This commit addresses a null pointer dereference issue in
hwss_setup_dpp(). The issue could occur when pipe_ctx->plane_state is
null. The fix adds a check to ensure pipe_ctx->plane_state is not null
before accessing. This prevents a null pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2024-53200"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T14:15:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in hwss_setup_dpp\n\nThis commit addresses a null pointer dereference issue in\nhwss_setup_dpp(). The issue could occur when pipe_ctx-\u003eplane_state is\nnull. The fix adds a check to ensure `pipe_ctx-\u003eplane_state` is not null\nbefore accessing. This prevents a null pointer dereference.",
"id": "GHSA-65hj-3frp-cwqp",
"modified": "2025-01-08T21:32:24Z",
"published": "2024-12-27T15:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53200"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/020002c76147ecfdafe95c44abd3240e216b6316"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0dd3d1de7a5957804ccd58c1b252f9e34710e3f6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2bc96c95070571c6c824e0d4c7783bee25a37876"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/95792a18da0795300e15075ac05d1915e9066999"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-65MR-FW35-QF44
Vulnerability from github – Published: 2024-03-15 00:30 – Updated: 2025-01-23 21:31An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.
{
"affected": [],
"aliases": [
"CVE-2024-26475"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-14T22:15:22Z",
"severity": "MODERATE"
},
"details": "An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.",
"id": "GHSA-65mr-fw35-qf44",
"modified": "2025-01-23T21:31:49Z",
"published": "2024-03-15T00:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26475"
},
{
"type": "WEB",
"url": "https://github.com/TronciuVlad/CVE-2024-26475"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-65RH-7MCJ-934P
Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2025-03-31 15:30A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.
{
"affected": [],
"aliases": [
"CVE-2023-0394"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-26T21:18:00Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.",
"id": "GHSA-65rh-7mcj-934p",
"modified": "2025-03-31T15:30:36Z",
"published": "2023-01-26T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0394"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb3e9864cdbe35ff6378966660edbcbac955fe17"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230302-0005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-65WF-C9WX-F4V7
Vulnerability from github – Published: 2025-04-14 15:31 – Updated: 2026-06-26 00:32A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.
{
"affected": [],
"aliases": [
"CVE-2025-32910"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-14T15:15:25Z",
"severity": "MODERATE"
},
"details": "A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.",
"id": "GHSA-65wf-c9wx-f4v7",
"modified": "2026-06-26T00:32:00Z",
"published": "2025-04-14T15:31:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32910"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:8292"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-32910"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359354"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/432"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-65XR-G9J5-JV8G
Vulnerability from github – Published: 2023-08-25 21:30 – Updated: 2023-12-11 21:30An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.
{
"affected": [],
"aliases": [
"CVE-2023-38712"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-25T21:15:08Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.",
"id": "GHSA-65xr-g9j5-jv8g",
"modified": "2023-12-11T21:30:20Z",
"published": "2023-08-25T21:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38712"
},
{
"type": "WEB",
"url": "https://github.com/libreswan/libreswan/tags"
},
{
"type": "WEB",
"url": "https://libreswan.org/security/CVE-2023-38712"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-662W-QGXW-3596
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs.
{
"affected": [],
"aliases": [
"CVE-2020-18395"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-28T21:15:00Z",
"severity": "HIGH"
},
"details": "A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs.",
"id": "GHSA-662w-qgxw-3596",
"modified": "2022-05-24T19:03:35Z",
"published": "2022-05-24T19:03:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18395"
},
{
"type": "WEB",
"url": "http://lists.gnu.org/archive/html/bug-gama/2019-04/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.