Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-G6P9-CJGH-R556

Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-07-29 00:00
VLAI
Details

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in do_directive() in modules/preprocs/nasm/nasm-pp.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33455"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-26T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in do_directive() in modules/preprocs/nasm/nasm-pp.c.",
  "id": "GHSA-g6p9-cjgh-r556",
  "modified": "2022-07-29T00:00:34Z",
  "published": "2022-07-27T00:00:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33455"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yasm/yasm/issues/169"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G743-X9VQ-5FPV

Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-04-23 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

accel/amdxdna: Fix crash when destroying a suspended hardware context

If userspace issues an ioctl to destroy a hardware context that has already been automatically suspended, the driver may crash because the mailbox channel pointer is NULL for the suspended context.

Fix this by checking the mailbox channel pointer in aie2_destroy_context() before accessing it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23341"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T11:16:32Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Fix crash when destroying a suspended hardware context\n\nIf userspace issues an ioctl to destroy a hardware context that has\nalready been automatically suspended, the driver may crash because the\nmailbox channel pointer is NULL for the suspended context.\n\nFix this by checking the mailbox channel pointer in aie2_destroy_context()\nbefore accessing it.",
  "id": "GHSA-g743-x9vq-5fpv",
  "modified": "2026-04-23T21:31:17Z",
  "published": "2026-03-25T12:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23341"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8363c02863332992a1822688da41f881d88d1631"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a6317704edab95d66a62fc1861d9546284ab678e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G74W-W63G-R5X9

Vulnerability from github – Published: 2025-07-07 03:30 – Updated: 2025-07-07 03:30
VLAI
Details

Null pointer dereference vulnerability in the application exit cause module Impact: Successful exploitation of this vulnerability may affect function stability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53170"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-07T03:15:27Z",
    "severity": "MODERATE"
  },
  "details": "Null pointer dereference vulnerability in the application exit cause module\nImpact: Successful exploitation of this vulnerability may affect function stability.",
  "id": "GHSA-g74w-w63g-r5x9",
  "modified": "2025-07-07T03:30:23Z",
  "published": "2025-07-07T03:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53170"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2025/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G75P-4V96-PXFF

Vulnerability from github – Published: 2022-05-17 00:19 – Updated: 2022-05-17 00:19
VLAI
Details

An issue was discovered in Xen 4.5.x through 4.9.x. The function __gnttab_cache_flush handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as DOMID_XEN, DOMID_IO and DOMID_COW are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14318"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-12T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner\u0027s grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct.",
  "id": "GHSA-g75p-4v96-pxff",
  "modified": "2022-05-17T00:19:55Z",
  "published": "2022-05-17T00:19:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14318"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX227185"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-4050"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100817"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039349"
    },
    {
      "type": "WEB",
      "url": "http://xenbits.xen.org/xsa/advisory-232.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G77V-VVXX-RCJ7

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-05-07 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/hns: Fix NULL pointer problem in free_mr_init()

Lock grab occurs in a concurrent scenario, resulting in stepping on a NULL pointer. It should be init mutex_init() first before use the lock.

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Call trace: __mutex_lock.constprop.0+0xd0/0x5c0 __mutex_lock_slowpath+0x1c/0x2c mutex_lock+0x44/0x50 free_mr_send_cmd_to_hw+0x7c/0x1c0 [hns_roce_hw_v2] hns_roce_v2_dereg_mr+0x30/0x40 [hns_roce_hw_v2] hns_roce_dereg_mr+0x4c/0x130 [hns_roce_hw_v2] ib_dereg_mr_user+0x54/0x124 uverbs_free_mr+0x24/0x30 destroy_hw_idr_uobject+0x38/0x74 uverbs_destroy_uobject+0x48/0x1c4 uobj_destroy+0x74/0xcc ib_uverbs_cmd_verbs+0x368/0xbb0 ib_uverbs_ioctl+0xec/0x1a4 __arm64_sys_ioctl+0xb4/0x100 invoke_syscall+0x50/0x120 el0_svc_common.constprop.0+0x58/0x190 do_el0_svc+0x30/0x90 el0_svc+0x2c/0xb4 el0t_64_sync_handler+0x1a4/0x1b0 el0t_64_sync+0x19c/0x1a0

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49930"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T15:16:18Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer problem in free_mr_init()\n\nLock grab occurs in a concurrent scenario, resulting in stepping on a NULL\npointer.  It should be init mutex_init() first before use the lock.\n\n  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n  Call trace:\n   __mutex_lock.constprop.0+0xd0/0x5c0\n   __mutex_lock_slowpath+0x1c/0x2c\n   mutex_lock+0x44/0x50\n   free_mr_send_cmd_to_hw+0x7c/0x1c0 [hns_roce_hw_v2]\n   hns_roce_v2_dereg_mr+0x30/0x40 [hns_roce_hw_v2]\n   hns_roce_dereg_mr+0x4c/0x130 [hns_roce_hw_v2]\n   ib_dereg_mr_user+0x54/0x124\n   uverbs_free_mr+0x24/0x30\n   destroy_hw_idr_uobject+0x38/0x74\n   uverbs_destroy_uobject+0x48/0x1c4\n   uobj_destroy+0x74/0xcc\n   ib_uverbs_cmd_verbs+0x368/0xbb0\n   ib_uverbs_ioctl+0xec/0x1a4\n   __arm64_sys_ioctl+0xb4/0x100\n   invoke_syscall+0x50/0x120\n   el0_svc_common.constprop.0+0x58/0x190\n   do_el0_svc+0x30/0x90\n   el0_svc+0x2c/0xb4\n   el0t_64_sync_handler+0x1a4/0x1b0\n   el0t_64_sync+0x19c/0x1a0",
  "id": "GHSA-g77v-vvxx-rcj7",
  "modified": "2025-05-07T15:31:28Z",
  "published": "2025-05-01T15:31:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49930"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0e23e85d86b78e734dd6654f1b69fbaeb5534c81"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/12bcaf87d8b66d8cd812479c8a6349dcb245375c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G7F5-H8HG-Q4VG

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48
VLAI
Details

NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of service, or escalation of privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1075"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-21T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of service, or escalation of privileges.",
  "id": "GHSA-g7f5-h8hg-q4vg",
  "modified": "2022-05-24T17:48:16Z",
  "published": "2022-05-24T17:48:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1075"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-G7FP-8RPJ-5FJ2

Vulnerability from github – Published: 2022-01-26 00:00 – Updated: 2022-02-02 00:02
VLAI
Details

On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23022"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-25T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-g7fp-8rpj-5fj2",
  "modified": "2022-02-02T00:02:00Z",
  "published": "2022-01-26T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23022"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K96924184"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-G7G4-7563-37XC

Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2025-11-03 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: mtk-vcodec: potential null pointer deference in SCP

The return value of devm_kzalloc() needs to be checked to avoid NULL pointer deference. This is similar to CVE-2022-3113.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-40973"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-12T13:15:18Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mtk-vcodec: potential null pointer deference in SCP\n\nThe return value of devm_kzalloc() needs to be checked to avoid\nNULL pointer deference. This is similar to CVE-2022-3113.",
  "id": "GHSA-g7g4-7563-37xc",
  "modified": "2025-11-03T21:31:10Z",
  "published": "2024-07-12T15:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40973"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3a693c7e243b932faee5c1fb728efa73f0abc39b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/53dbe08504442dc7ba4865c09b3bbf5fe849681b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eeb62bb4ca22db17f7dfe8fb8472e0442df3d92f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f066882293b5ad359e44c4ed24ab1811ffb0b354"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G7GF-F662-24XM

Vulnerability from github – Published: 2025-02-05 18:34 – Updated: 2025-02-05 18:34
VLAI
Details

When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20045"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-05T18:15:29Z",
    "severity": "HIGH"
  },
  "details": "When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-g7gf-f662-24xm",
  "modified": "2025-02-05T18:34:46Z",
  "published": "2025-02-05T18:34:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20045"
    },
    {
      "type": "WEB",
      "url": "https://my.f5.com/manage/s/article/K000138932"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-G7GP-62JW-J6C8

Vulnerability from github – Published: 2021-11-19 00:00 – Updated: 2021-11-19 00:00
VLAI
Details

Adobe After Effects version 18.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40756"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-18T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe After Effects version 18.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-g7gp-62jw-j6c8",
  "modified": "2021-11-19T00:00:31Z",
  "published": "2021-11-19T00:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40756"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/after_effects/apsb21-79.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.