Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-7G63-CHRJ-5RQ3

Vulnerability from github – Published: 2022-05-14 03:57 – Updated: 2022-05-14 03:57
VLAI
Details

crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-10147"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-18T21:59:00Z",
    "severity": "MODERATE"
  },
  "details": "crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5).",
  "id": "GHSA-7g63-chrj-5rq3",
  "modified": "2022-05-14T03:57:55Z",
  "published": "2022-05-14T03:57:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10147"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/48a992727d82cb7db076fa15d372178743b1f4cd"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1842"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2077"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2016-10147"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404200"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48a992727d82cb7db076fa15d372178743b1f4cd"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=linux-crypto-vger\u0026m=148063683310477\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.15"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/01/17/13"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95677"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7G6Q-P622-3MGR

Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2025-04-20 03:33
VLAI
Details

gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-6311"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-10T02:59:00Z",
    "severity": "HIGH"
  },
  "details": "gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.",
  "id": "GHSA-7g6q-p622-3mgr",
  "modified": "2025-04-20T03:33:57Z",
  "published": "2022-05-13T01:24:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6311"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=778204"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201709-08"
    },
    {
      "type": "WEB",
      "url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96779"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7G83-7R9M-4Q2J

Vulnerability from github – Published: 2025-03-03 12:30 – Updated: 2025-03-03 12:30
VLAI
Details

Memory corruption in display driver while detaching a device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53024"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-03T11:15:13Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption in display driver while detaching a device.",
  "id": "GHSA-7g83-7r9m-4q2j",
  "modified": "2025-03-03T12:30:32Z",
  "published": "2025-03-03T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53024"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7G9V-7VC7-PMRW

Vulnerability from github – Published: 2025-04-21 00:30 – Updated: 2025-04-21 00:30
VLAI
Details

libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-43966"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-21T00:15:33Z",
    "severity": "LOW"
  },
  "details": "libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.",
  "id": "GHSA-7g9v-7vc7-pmrw",
  "modified": "2025-04-21T00:30:20Z",
  "published": "2025-04-21T00:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43966"
    },
    {
      "type": "WEB",
      "url": "https://github.com/strukturag/libheif/commit/b38555387e4b5dcf036fe45b0c440aca19b7b69c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/strukturag/libheif/compare/v1.19.5...v1.19.6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7G9V-9M8F-C5P8

Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-17 00:01
VLAI
Details

The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34122"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-10T17:42:00Z",
    "severity": "MODERATE"
  },
  "details": "The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference.",
  "id": "GHSA-7g9v-9m8f-c5p8",
  "modified": "2022-03-17T00:01:59Z",
  "published": "2022-03-11T00:02:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34122"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rockcarry/ffjpeg/issues/36"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rockcarry/ffjpeg/pull/37"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7GH2-Q8M8-26R9

Vulnerability from github – Published: 2022-05-17 02:53 – Updated: 2025-04-20 03:34
VLAI
Details

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-10129"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-24T15:59:00Z",
    "severity": "HIGH"
  },
  "details": "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.",
  "id": "GHSA-7gh2-q8m8-26r9",
  "modified": "2025-04-20T03:34:45Z",
  "published": "2022-05-17T02:53:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10129"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037"
    },
    {
      "type": "WEB",
      "url": "https://libgit2.github.com/security"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/01/10/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/01/11/6"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95339"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7GHC-RMVR-4977

Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-11-12 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: do not run mt76_unregister_device() on unregistered hw

Trying to probe a mt7921e pci card without firmware results in a successful probe where ieee80211_register_hw hasn't been called. When removing the driver, ieee802111_unregister_hw is called unconditionally leading to a kernel NULL pointer dereference. Fix the issue running mt76_unregister_device routine just for registered hw.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53071"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-02T16:15:26Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: do not run mt76_unregister_device() on unregistered hw\n\nTrying to probe a mt7921e pci card without firmware results in a\nsuccessful probe where ieee80211_register_hw hasn\u0027t been called. When\nremoving the driver, ieee802111_unregister_hw is called unconditionally\nleading to a kernel NULL pointer dereference.\nFix the issue running mt76_unregister_device routine just for registered\nhw.",
  "id": "GHSA-7ghc-rmvr-4977",
  "modified": "2025-11-12T21:31:00Z",
  "published": "2025-05-02T18:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53071"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2d34f27714c97a9786a30b3bb54944d6d8ed612f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/41130c32f3a18fcc930316da17f3a5f3bc326aa1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dffe86df26aee01a5fc56a175b7a7f157961e370"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7GJW-7W2H-P28H

Vulnerability from github – Published: 2022-05-14 01:09 – Updated: 2022-05-14 01:09
VLAI
Details

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSetRootPageTable in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to code execution, denial of service or escalation of privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-5667"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-27T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSetRootPageTable in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to code execution, denial of service or escalation of privileges.",
  "id": "GHSA-7gjw-7w2h-p28h",
  "modified": "2022-05-14T01:09:19Z",
  "published": "2022-05-14T01:09:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5667"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4772"
    },
    {
      "type": "WEB",
      "url": "http://support.lenovo.com/us/en/solutions/LEN-26250"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7GP9-JX5J-42CF

Vulnerability from github – Published: 2025-05-14 15:31 – Updated: 2025-11-12 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()

In dw2102_i2c_transfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach dw2102_i2c_transfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash.

Similar commit: commit 950e252cb469 ("[media] dw2102: limit messages to buffer size")

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53146"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-14T13:15:47Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()\n\nIn dw2102_i2c_transfer, msg is controlled by user. When msg[i].buf\nis null and msg[i].len is zero, former checks on msg[i].buf would be\npassed. Malicious data finally reach dw2102_i2c_transfer. If accessing\nmsg[i].buf[0] without sanity check, null ptr deref would happen.\nWe add check on msg[i].len to prevent crash.\n\nSimilar commit:\ncommit 950e252cb469\n(\"[media] dw2102: limit messages to buffer size\")",
  "id": "GHSA-7gp9-jx5j-42cf",
  "modified": "2025-11-12T21:31:04Z",
  "published": "2025-05-14T15:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53146"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/08dfcbd03b2b7f918c4f87c6ff637054e510df74"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5ae544d94abc8ff77b1b9bf8774def3fa5689b5b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/77cbd42d29de9ffc93d5529bab8813cde53af14c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/903566208ae6bb9c0e7e54355ce75bf6cf72485d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/97fdbdb750342cbc204befde976872fedb406ee6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/beb9550494e7349f92b9eaa283256a5ad9b1c9be"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ecbe6d011b95c7da59f014f8d26cb7245ed1e11e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fb28afab113a82b89ffec48c8155ec05b4f8cb5e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7GRP-X8PQ-WH35

Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2025-01-31 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

i915/perf: Fix NULL deref bugs with drm_dbg() calls

When i915 perf interface is not available dereferencing it will lead to NULL dereferences.

As returning -ENOTSUPP is pretty clear return when perf interface is not available.

[tursulin: added stable tag] (cherry picked from commit 36f27350ff745bd228ab04d7845dfbffc177a889)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52788"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T16:15:17Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ni915/perf: Fix NULL deref bugs with drm_dbg() calls\n\nWhen i915 perf interface is not available dereferencing it will lead to\nNULL dereferences.\n\nAs returning -ENOTSUPP is pretty clear return when perf interface is not\navailable.\n\n[tursulin: added stable tag]\n(cherry picked from commit 36f27350ff745bd228ab04d7845dfbffc177a889)",
  "id": "GHSA-7grp-x8pq-wh35",
  "modified": "2025-01-31T15:30:42Z",
  "published": "2024-05-21T18:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52788"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/10f49cdfd5fb342a1a9641930dc040c570694e98"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1566e8be73fd5fa424e88d2a4cffdc34f970f0e1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/471aa951bf1206d3c10d0daa67005b8e4db4ff83"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/55db76caa782baa4a1bf02296e2773c38a524a3e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bf8e105030083e7b71591cdf437e464bcd8a0c09"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.