CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-6FR7-H9MH-45F3
Vulnerability from github – Published: 2024-12-02 15:31 – Updated: 2024-12-11 21:31In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle
The 'vmw_user_object_buffer' function may return NULL with incorrect inputs. To avoid possible null pointer dereference, add a check whether the 'bo' is NULL in the vmw_framebuffer_surface_create_handle.
{
"affected": [],
"aliases": [
"CVE-2024-53115"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-02T14:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle\n\nThe \u0027vmw_user_object_buffer\u0027 function may return NULL with incorrect\ninputs. To avoid possible null pointer dereference, add a check whether\nthe \u0027bo\u0027 is NULL in the vmw_framebuffer_surface_create_handle.",
"id": "GHSA-6fr7-h9mh-45f3",
"modified": "2024-12-11T21:31:57Z",
"published": "2024-12-02T15:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53115"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/36f64da080555175b58d85f99f5f90435e274e56"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/93d1f41a82de382845af460bf03bcb17dcbf08c5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6FWX-49X4-WQ33
Vulnerability from github – Published: 2022-05-14 01:33 – Updated: 2022-05-14 01:33V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point.
{
"affected": [],
"aliases": [
"CVE-2019-5914"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-13T18:29:00Z",
"severity": "MODERATE"
},
"details": "V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point.",
"id": "GHSA-6fwx-49x4-wq33",
"modified": "2022-05-14T01:33:54Z",
"published": "2022-05-14T01:33:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5914"
},
{
"type": "WEB",
"url": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html"
},
{
"type": "WEB",
"url": "http://jvn.jp/en/jp/JVN40439414/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6G3H-XC5W-JQ88
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:42An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c.
{
"affected": [],
"aliases": [
"CVE-2019-12217"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-20T17:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c.",
"id": "GHSA-6g3h-xc5w-jq88",
"modified": "2024-04-04T00:42:45Z",
"published": "2022-05-24T16:46:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12217"
},
{
"type": "WEB",
"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4626"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4238-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6G5M-9QXP-XMV7
Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-15 21:31Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
{
"affected": [],
"aliases": [
"CVE-2026-20771"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-12T17:16:18Z",
"severity": "MODERATE"
},
"details": "Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.",
"id": "GHSA-6g5m-9qxp-xmv7",
"modified": "2026-05-15T21:31:31Z",
"published": "2026-05-12T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20771"
},
{
"type": "WEB",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-6G68-J794-47G7
Vulnerability from github – Published: 2024-05-01 06:31 – Updated: 2024-06-03 18:55In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/pm: Fix NULL pointer dereference when get power limit
Because powerplay_table initialization is skipped under sriov case, We check and set default lower and upper OD value if powerplay_table is NULL.
{
"affected": [],
"aliases": [
"CVE-2024-26949"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T06:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix NULL pointer dereference when get power limit\n\nBecause powerplay_table initialization is skipped under\nsriov case, We check and set default lower and upper OD\nvalue if powerplay_table is NULL.",
"id": "GHSA-6g68-j794-47g7",
"modified": "2024-06-03T18:55:51Z",
"published": "2024-05-01T06:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26949"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/08ae9ef829b8055c2fdc8cfee37510c1f4721a07"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/99c2f1563b1400cc8331fc79d19ada1bb95bb388"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b8eaa8ef1f1157a9f330e36e66bdd7a693309948"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6G6F-CC29-Q2WG
Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-15 18:30In the Linux kernel, the following vulnerability has been resolved:
iio: imu: adis: Fix NULL pointer dereference in adis_init
The adis_init() function dereferences adis->ops to check if the individual function pointers (write, read, reset) are NULL, but does not first check if adis->ops itself is NULL.
Drivers like adis16480, adis16490, adis16545 and others do not set custom ops and rely on adis_init() assigning the defaults. Since struct adis is zero-initialized by devm_iio_device_alloc(), adis->ops is NULL when adis_init() is called, causing a NULL pointer dereference:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
pc : adis_init+0xc0/0x118
Call trace:
adis_init+0xc0/0x118
adis16480_probe+0xe0/0x670
Fix this by checking if adis->ops is NULL before dereferencing it, falling through to assign the default ops in that case.
{
"affected": [],
"aliases": [
"CVE-2026-43356"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T15:16:46Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: imu: adis: Fix NULL pointer dereference in adis_init\n\nThe adis_init() function dereferences adis-\u003eops to check if the\nindividual function pointers (write, read, reset) are NULL, but does\nnot first check if adis-\u003eops itself is NULL.\n\nDrivers like adis16480, adis16490, adis16545 and others do not set\ncustom ops and rely on adis_init() assigning the defaults. Since struct\nadis is zero-initialized by devm_iio_device_alloc(), adis-\u003eops is NULL\nwhen adis_init() is called, causing a NULL pointer dereference:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n pc : adis_init+0xc0/0x118\n Call trace:\n adis_init+0xc0/0x118\n adis16480_probe+0xe0/0x670\n\nFix this by checking if adis-\u003eops is NULL before dereferencing it,\nfalling through to assign the default ops in that case.",
"id": "GHSA-6g6f-cc29-q2wg",
"modified": "2026-05-15T18:30:30Z",
"published": "2026-05-08T15:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43356"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1a48f94c63a078e7b6a2e59a637fc0858dc6510c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9990cd4f8827bd1ae3fb6eb7407630d8d463c430"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ba19dd366528b961430f5195c2e382420703074f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6G6V-3RWX-W42J
Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2024-09-30 15:30In the Linux kernel, the following vulnerability has been resolved:
spi: intel: Add check devm_kasprintf() returned value
intel_spi_populate_chip() use devm_kasprintf() to set pdata->name. This can return a NULL pointer on failure but this returned value is not checked.
{
"affected": [],
"aliases": [
"CVE-2024-46769"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T08:15:04Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: intel: Add check devm_kasprintf() returned value\n\nintel_spi_populate_chip() use devm_kasprintf() to set pdata-\u003ename.\nThis can return a NULL pointer on failure but this returned value\nis not checked.",
"id": "GHSA-6g6v-3rwx-w42j",
"modified": "2024-09-30T15:30:44Z",
"published": "2024-09-18T09:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46769"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2920294686ec23211637998f3ec386dfd3d784a6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6e68abdc5d674f9f4185bf1e1956368d05df4838"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6G78-2PWJ-3GVJ
Vulnerability from github – Published: 2022-05-14 03:52 – Updated: 2022-05-14 03:52The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.
{
"affected": [],
"aliases": [
"CVE-2017-7225"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-22T16:59:00Z",
"severity": "HIGH"
},
"details": "The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.",
"id": "GHSA-6g78-2pwj-3gvj",
"modified": "2022-05-14T03:52:22Z",
"published": "2022-05-14T03:52:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7225"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201801-01"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20891"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97275"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6G7J-P2CM-W265
Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2024-10-24 06:30In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check for 'afb' in amdgpu_dm_update_cursor (v2)
This commit adds a null check for the 'afb' variable in the amdgpu_dm_update_cursor function. Previously, 'afb' was assumed to be null at line 8388, but was used later in the code without a null check. This could potentially lead to a null pointer dereference.
Changes since v1: - Moved the null check for 'afb' to the line where 'afb' is used. (Alex)
Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:8433 amdgpu_dm_update_cursor() error: we previously assumed 'afb' could be null (see line 8388)
{
"affected": [],
"aliases": [
"CVE-2024-49908"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:13Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for \u0027afb\u0027 in amdgpu_dm_update_cursor (v2)\n\nThis commit adds a null check for the \u0027afb\u0027 variable in the\namdgpu_dm_update_cursor function. Previously, \u0027afb\u0027 was assumed to be\nnull at line 8388, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nChanges since v1:\n- Moved the null check for \u0027afb\u0027 to the line where \u0027afb\u0027 is used. (Alex)\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:8433 amdgpu_dm_update_cursor()\n\terror: we previously assumed \u0027afb\u0027 could be null (see line 8388)",
"id": "GHSA-6g7j-p2cm-w265",
"modified": "2024-10-24T06:30:29Z",
"published": "2024-10-21T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49908"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0fe20258b4989b9112b5e9470df33a0939403fd4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a742168b6a39ead257da53bcbe472384d6e14a1b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6G92-8CGQ-877W
Vulnerability from github – Published: 2022-10-01 00:00 – Updated: 2022-10-04 00:00An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.
{
"affected": [],
"aliases": [
"CVE-2022-41843"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-30T05:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.",
"id": "GHSA-6g92-8cgq-877w",
"modified": "2022-10-04T00:00:19Z",
"published": "2022-10-01T00:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41843"
},
{
"type": "WEB",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42344"
},
{
"type": "WEB",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42325\u0026sid=7b08ba9a518a99ce3c5ff40e53fc6421"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.