Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-6579-JP4W-XM59

Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2024-12-30 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: qca: fix NULL-deref on non-serdev suspend

Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL.

Add the missing sanity check to prevent a NULL-pointer dereference when wakeup() is called for a non-serdev controller during suspend.

Just return true for now to restore the original behaviour and address the crash with pre-6.2 kernels, which do not have commit e9b3e5b8c657 ("Bluetooth: hci_qca: only assign wakeup with serial port support") that causes the crash to happen already at setup() time.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35851"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T15:15:21Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: fix NULL-deref on non-serdev suspend\n\nQualcomm ROME controllers can be registered from the Bluetooth line\ndiscipline and in this case the HCI UART serdev pointer is NULL.\n\nAdd the missing sanity check to prevent a NULL-pointer dereference when\nwakeup() is called for a non-serdev controller during suspend.\n\nJust return true for now to restore the original behaviour and address\nthe crash with pre-6.2 kernels, which do not have commit e9b3e5b8c657\n(\"Bluetooth: hci_qca: only assign wakeup with serial port support\") that\ncauses the crash to happen already at setup() time.",
  "id": "GHSA-6579-jp4w-xm59",
  "modified": "2024-12-30T18:30:40Z",
  "published": "2024-05-17T15:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35851"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/52f9041deaca3fc5c40ef3b9cb943993ec7d2489"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6b47cdeb786c38e4174319218db3fa6d7b4bba88"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/73e87c0a49fda31d7b589edccf4c72e924411371"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b64092d2f108f0cd1d7fd7e176f5fb2a67a2f189"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e60502b907be350c518819297b565007a94c706d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-657P-CP5V-HVXV

Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2024-12-30 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mm: zswap: fix shrinker NULL crash with cgroup_disable=memory

Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs [1] and the Red Hat bugzilla [2].

The problem is that when memcg is disabled with the boot time flag, the zswap shrinker might get called with sc->memcg == NULL. This is okay in many places, like the lruvec operations. But it crashes in memcg_page_state() - which is only used due to the non-node accounting of cgroup's the zswap memory to begin with.

Nhat spotted that the memcg can be NULL in the memcg-disabled case, and I was then able to reproduce the crash locally as well.

[1] https://github.com/libguestfs/libguestfs/issues/139 [2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35846"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T15:15:21Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: fix shrinker NULL crash with cgroup_disable=memory\n\nChristian reports a NULL deref in zswap that he bisected down to the zswap\nshrinker.  The issue also cropped up in the bug trackers of libguestfs [1]\nand the Red Hat bugzilla [2].\n\nThe problem is that when memcg is disabled with the boot time flag, the\nzswap shrinker might get called with sc-\u003ememcg == NULL.  This is okay in\nmany places, like the lruvec operations.  But it crashes in\nmemcg_page_state() - which is only used due to the non-node accounting of\ncgroup\u0027s the zswap memory to begin with.\n\nNhat spotted that the memcg can be NULL in the memcg-disabled case, and I\nwas then able to reproduce the crash locally as well.\n\n[1] https://github.com/libguestfs/libguestfs/issues/139\n[2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252",
  "id": "GHSA-657p-cp5v-hvxv",
  "modified": "2024-12-30T18:30:40Z",
  "published": "2024-05-17T15:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35846"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/682886ec69d22363819a83ddddd5d66cb5c791e1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b0fdabc908a7f81d12382c87ca9e46a9c2e14042"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-659G-9V9Q-GQ45

Vulnerability from github – Published: 2026-02-02 03:31 – Updated: 2026-02-02 03:31
VLAI
Details

A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1739"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-404",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-02T02:16:10Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue.",
  "id": "GHSA-659g-9v9q-gq45",
  "modified": "2026-02-02T03:31:18Z",
  "published": "2026-02-02T03:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1739"
    },
    {
      "type": "WEB",
      "url": "https://github.com/free5gc/free5gc/issues/803"
    },
    {
      "type": "WEB",
      "url": "https://github.com/free5gc/free5gc/issues/803#issue-3815770007"
    },
    {
      "type": "WEB",
      "url": "https://github.com/free5gc/pcf/pull/62"
    },
    {
      "type": "WEB",
      "url": "https://github.com/free5gc/pcf/commit/df535f5524314620715e842baf9723efbeb481a7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/free5gc/pcf"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.343638"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.343638"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.741194"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-65F4-Q4WV-FRPQ

Vulnerability from github – Published: 2022-06-03 00:00 – Updated: 2022-06-10 00:00
VLAI
Details

An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33254"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-02T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function.",
  "id": "GHSA-65f4-q4wv-frpq",
  "modified": "2022-06-10T00:00:59Z",
  "published": "2022-06-03T00:00:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33254"
    },
    {
      "type": "WEB",
      "url": "https://awxylitol.github.io/2021/05/09/embedthis-appweb-npd-bug.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-65HJ-3FRP-CWQP

Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-01-08 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp

This commit addresses a null pointer dereference issue in hwss_setup_dpp(). The issue could occur when pipe_ctx->plane_state is null. The fix adds a check to ensure pipe_ctx->plane_state is not null before accessing. This prevents a null pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53200"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-27T14:15:27Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in hwss_setup_dpp\n\nThis commit addresses a null pointer dereference issue in\nhwss_setup_dpp(). The issue could occur when pipe_ctx-\u003eplane_state is\nnull. The fix adds a check to ensure `pipe_ctx-\u003eplane_state` is not null\nbefore accessing. This prevents a null pointer dereference.",
  "id": "GHSA-65hj-3frp-cwqp",
  "modified": "2025-01-08T21:32:24Z",
  "published": "2024-12-27T15:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53200"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/020002c76147ecfdafe95c44abd3240e216b6316"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0dd3d1de7a5957804ccd58c1b252f9e34710e3f6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2bc96c95070571c6c824e0d4c7783bee25a37876"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/95792a18da0795300e15075ac05d1915e9066999"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-65MR-FW35-QF44

Vulnerability from github – Published: 2024-03-15 00:30 – Updated: 2025-01-23 21:31
VLAI
Details

An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26475"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-14T22:15:22Z",
    "severity": "MODERATE"
  },
  "details": "An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.",
  "id": "GHSA-65mr-fw35-qf44",
  "modified": "2025-01-23T21:31:49Z",
  "published": "2024-03-15T00:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26475"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TronciuVlad/CVE-2024-26475"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-65RH-7MCJ-934P

Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2025-03-31 15:30
VLAI
Details

A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0394"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-26T21:18:00Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.",
  "id": "GHSA-65rh-7mcj-934p",
  "modified": "2025-03-31T15:30:36Z",
  "published": "2023-01-26T21:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0394"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb3e9864cdbe35ff6378966660edbcbac955fe17"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230302-0005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-65WF-C9WX-F4V7

Vulnerability from github – Published: 2025-04-14 15:31 – Updated: 2026-06-26 00:32
VLAI
Details

A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-32910"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-14T15:15:25Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.",
  "id": "GHSA-65wf-c9wx-f4v7",
  "modified": "2026-06-26T00:32:00Z",
  "published": "2025-04-14T15:31:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32910"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:8292"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-32910"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359354"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/432"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-65XR-G9J5-JV8G

Vulnerability from github – Published: 2023-08-25 21:30 – Updated: 2023-12-11 21:30
VLAI
Details

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38712"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-25T21:15:08Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.",
  "id": "GHSA-65xr-g9j5-jv8g",
  "modified": "2023-12-11T21:30:20Z",
  "published": "2023-08-25T21:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38712"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libreswan/libreswan/tags"
    },
    {
      "type": "WEB",
      "url": "https://libreswan.org/security/CVE-2023-38712"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-662W-QGXW-3596

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03
VLAI
Details

A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-18395"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-28T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs.",
  "id": "GHSA-662w-qgxw-3596",
  "modified": "2022-05-24T19:03:35Z",
  "published": "2022-05-24T19:03:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18395"
    },
    {
      "type": "WEB",
      "url": "http://lists.gnu.org/archive/html/bug-gama/2019-04/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.