CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-9FM4-J993-VWRJ
Vulnerability from github – Published: 2024-11-09 12:30 – Updated: 2024-11-14 18:30In the Linux kernel, the following vulnerability has been resolved:
phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend
Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation") removed most users of the platform device driver data from the qcom-qmp-usb driver, but mistakenly also removed the initialisation despite the data still being used in the runtime PM callbacks. This bug was later reproduced when the driver was copied to create the qmp-usbc driver.
Restore the driver data initialisation at probe to avoid a NULL-pointer dereference on runtime suspend.
Apparently no one uses runtime PM, which currently needs to be enabled manually through sysfs, with these drivers.
{
"affected": [],
"aliases": [
"CVE-2024-50238"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-09T11:15:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom: qmp-usbc: fix NULL-deref on runtime suspend\n\nCommit 413db06c05e7 (\"phy: qcom-qmp-usb: clean up probe initialisation\")\nremoved most users of the platform device driver data from the\nqcom-qmp-usb driver, but mistakenly also removed the initialisation\ndespite the data still being used in the runtime PM callbacks. This bug\nwas later reproduced when the driver was copied to create the qmp-usbc\ndriver.\n\nRestore the driver data initialisation at probe to avoid a NULL-pointer\ndereference on runtime suspend.\n\nApparently no one uses runtime PM, which currently needs to be enabled\nmanually through sysfs, with these drivers.",
"id": "GHSA-9fm4-j993-vwrj",
"modified": "2024-11-14T18:30:32Z",
"published": "2024-11-09T12:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50238"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/34c21f94fa1e147a19b54b6adf0c93a623b70dd8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c7086dc0539b1b2b61c8c735186698bca4858246"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9FPW-7F22-7CM4
Vulnerability from github – Published: 2022-05-24 19:21 – Updated: 2022-05-24 19:21Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-40773"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-22T16:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-9fpw-7f22-7cm4",
"modified": "2022-05-24T19:21:11Z",
"published": "2022-05-24T19:21:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40773"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/prelude/apsb21-96.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9FRR-F75V-8934
Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2024-04-04 02:20Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4dump.
{
"affected": [],
"aliases": [
"CVE-2019-17452"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-10T17:15:00Z",
"severity": "MODERATE"
},
"details": "Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4dump.",
"id": "GHSA-9frr-f75v-8934",
"modified": "2024-04-04T02:20:25Z",
"published": "2022-05-24T16:58:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17452"
},
{
"type": "WEB",
"url": "https://github.com/axiomatic-systems/Bento4/issues/434"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9FV5-GJQQ-RC4H
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to complete denial of service.
{
"affected": [],
"aliases": [
"CVE-2021-1112"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-11T22:15:00Z",
"severity": "MODERATE"
},
"details": "NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to complete denial of service.",
"id": "GHSA-9fv5-gjqq-rc4h",
"modified": "2022-05-24T19:11:02Z",
"published": "2022-05-24T19:11:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1112"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5216"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9FX5-WC5Q-367P
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
{
"affected": [],
"aliases": [
"CVE-2018-13458"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-12T18:29:00Z",
"severity": "MODERATE"
},
"details": "qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.",
"id": "GHSA-9fx5-wc5q-367p",
"modified": "2022-05-13T01:27:25Z",
"published": "2022-05-13T01:27:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13458"
},
{
"type": "WEB",
"url": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e"
},
{
"type": "WEB",
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"type": "WEB",
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/45082"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9FX9-J289-P7F2
Vulnerability from github – Published: 2024-02-27 09:31 – Updated: 2024-04-10 15:30In the Linux kernel, the following vulnerability has been resolved:
ixgbe: Fix NULL pointer dereference in ethtool loopback test
The ixgbe driver currently generates a NULL pointer dereference when performing the ethtool loopback test. This is due to the fact that there isn't a q_vector associated with the test ring when it is setup as interrupts are not normally added to the test rings.
To address this I have added code that will check for a q_vector before returning a napi_id value. If a q_vector is not present it will return a value of 0.
{
"affected": [],
"aliases": [
"CVE-2021-46916"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-27T07:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: Fix NULL pointer dereference in ethtool loopback test\n\nThe ixgbe driver currently generates a NULL pointer dereference when\nperforming the ethtool loopback test. This is due to the fact that there\nisn\u0027t a q_vector associated with the test ring when it is setup as\ninterrupts are not normally added to the test rings.\n\nTo address this I have added code that will check for a q_vector before\nreturning a napi_id value. If a q_vector is not present it will return a\nvalue of 0.",
"id": "GHSA-9fx9-j289-p7f2",
"modified": "2024-04-10T15:30:31Z",
"published": "2024-02-27T09:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46916"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9G28-83M6-MVG3
Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-16 15:33A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parse_option() (src/if-options.c:1886), the code performs a member access on a NULL pointer of type 'struct dhcp_opt' when an unexpected/invalid option token or parsing state causes the lookup to yield NULL. The instrumented fuzzing build reports 'runtime error: member access within null pointer of type struct dhcp_opt' and aborts.
{
"affected": [],
"aliases": [
"CVE-2025-70102"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-15T20:16:24Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parse_option() (src/if-options.c:1886), the code performs a member access on a NULL pointer of type \u0027struct dhcp_opt\u0027 when an unexpected/invalid option token or parsing state causes the lookup to yield NULL. The instrumented fuzzing build reports \u0027runtime error: member access within null pointer of type struct dhcp_opt\u0027 and aborts.",
"id": "GHSA-9g28-83m6-mvg3",
"modified": "2026-06-16T15:33:44Z",
"published": "2026-06-15T21:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70102"
},
{
"type": "WEB",
"url": "https://infosec.exchange/@sigdevel/116733594508542047"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-9G3F-FGM8-4CGM
Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-11 18:30In the Linux kernel, the following vulnerability has been resolved:
md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
There are two check of 'mreplace' in raid10_sync_request(). In the first check, 'need_replace' will be set and 'mreplace' will be used later if no-Faulty 'mreplace' exists, In the second check, 'mreplace' will be set to NULL if it is Faulty, but 'need_replace' will not be changed accordingly. null-ptr-deref occurs if Faulty is set between two check.
Fix it by merging two checks into one. And replace 'need_replace' with 'mreplace' because their values are always the same.
{
"affected": [],
"aliases": [
"CVE-2023-53380"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T14:15:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: fix null-ptr-deref of mreplace in raid10_sync_request\n\nThere are two check of \u0027mreplace\u0027 in raid10_sync_request(). In the first\ncheck, \u0027need_replace\u0027 will be set and \u0027mreplace\u0027 will be used later if\nno-Faulty \u0027mreplace\u0027 exists, In the second check, \u0027mreplace\u0027 will be\nset to NULL if it is Faulty, but \u0027need_replace\u0027 will not be changed\naccordingly. null-ptr-deref occurs if Faulty is set between two check.\n\nFix it by merging two checks into one. And replace \u0027need_replace\u0027 with\n\u0027mreplace\u0027 because their values are always the same.",
"id": "GHSA-9g3f-fgm8-4cgm",
"modified": "2025-12-11T18:30:33Z",
"published": "2025-09-18T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53380"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/144c7fd008e0072b0b565f1157eec618de54ca8a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/222cc459d59857ee28a5366dc225ab42b22f9272"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2990e2ece18dd4cca71b3109c80517ad94adb065"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/34817a2441747b48e444cb0e05d84e14bc9443da"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/45fa023b3334a7ae6f6c4eb977295804222dfa28"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b5015b97adda6a24dd3e713c63e521ecbeff25c6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f4368a462b1f9a8ecc2fdb09a28c3d4cad302a4f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9G3X-CH5W-33CH
Vulnerability from github – Published: 2026-03-24 06:31 – Updated: 2026-03-24 06:31NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0.
{
"affected": [],
"aliases": [
"CVE-2026-4751"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-24T06:16:23Z",
"severity": "MODERATE"
},
"details": "NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0.",
"id": "GHSA-9g3x-ch5w-33ch",
"modified": "2026-03-24T06:31:14Z",
"published": "2026-03-24T06:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4751"
},
{
"type": "WEB",
"url": "https://github.com/tmate-io/tmate/pull/328"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-9G47-F5J6-VPFX
Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2024-04-04 02:05In the wifi hotspot service, there is a possible denial of service due to a null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110476382
{
"affected": [],
"aliases": [
"CVE-2019-9279"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-27T19:15:00Z",
"severity": "HIGH"
},
"details": "In the wifi hotspot service, there is a possible denial of service due to a null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110476382",
"id": "GHSA-9g47-f5j6-vpfx",
"modified": "2024-04-04T02:05:02Z",
"published": "2022-05-24T16:57:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9279"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.