CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-GG62-P4PX-CW9R
Vulnerability from github – Published: 2024-08-17 12:30 – Updated: 2025-09-29 15:30In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages
On big endian architectures, it is possible to run into a memory out of bounds pointer dereference when FCP targets are zoned.
In lpfc_prep_embed_io, the memcpy(ptr, fcp_cmnd, sgl->sge_len) is referencing a little endian formatted sgl->sge_len value. So, the memcpy can cause big endian systems to crash.
Redefine the *sgl ptr as a struct sli4_sge_le to make it clear that we are referring to a little endian formatted data structure. And, update the routine with proper le32_to_cpu macro usages.
{
"affected": [],
"aliases": [
"CVE-2024-43816"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-17T10:15:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages\n\nOn big endian architectures, it is possible to run into a memory out of\nbounds pointer dereference when FCP targets are zoned.\n\nIn lpfc_prep_embed_io, the memcpy(ptr, fcp_cmnd, sgl-\u003esge_len) is\nreferencing a little endian formatted sgl-\u003esge_len value. So, the memcpy\ncan cause big endian systems to crash.\n\nRedefine the *sgl ptr as a struct sli4_sge_le to make it clear that we are\nreferring to a little endian formatted data structure. And, update the\nroutine with proper le32_to_cpu macro usages.",
"id": "GHSA-gg62-p4px-cw9r",
"modified": "2025-09-29T15:30:30Z",
"published": "2024-08-17T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43816"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8bc7c617642db6d8d20ee671fb6c4513017e7a7e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9fd003f344d502f65252963169df3dd237054e49"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GG7J-J8VG-XR4R
Vulnerability from github – Published: 2025-03-17 18:31 – Updated: 2025-03-17 18:31In the Linux kernel, the following vulnerability has been resolved:
mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe()
It will cause null-ptr-deref when using 'res', if platform_get_resource() returns NULL, so move using 'res' after devm_ioremap_resource() that will check it to avoid null-ptr-deref.
{
"affected": [],
"aliases": [
"CVE-2022-49487"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe()\n\nIt will cause null-ptr-deref when using \u0027res\u0027, if platform_get_resource()\nreturns NULL, so move using \u0027res\u0027 after devm_ioremap_resource() that\nwill check it to avoid null-ptr-deref.",
"id": "GHSA-gg7j-j8vg-xr4r",
"modified": "2025-03-17T18:31:51Z",
"published": "2025-03-17T18:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49487"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/daa5166450b447415aeeaac0199e445bae7bd0f2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ddf66aefd685fd46500b9917333e1b1e118276dc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e5b1e419cdb6dd8709eb05ed34039a3ded8e6003"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f8e262eb7575a4a2412f30f7a1b293875aceba80"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GG85-HMCJ-CX9P
Vulnerability from github – Published: 2022-05-13 01:05 – Updated: 2022-05-13 01:05In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.
{
"affected": [],
"aliases": [
"CVE-2017-7655"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-27T20:29:00Z",
"severity": "HIGH"
},
"details": "In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.",
"id": "GHSA-gg85-hmcj-cx9p",
"modified": "2022-05-13T01:05:23Z",
"published": "2022-05-13T01:05:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7655"
},
{
"type": "WEB",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GGGW-8CQ2-45CP
Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-06-01 18:31In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: renesas_usb3: validate endpoint index in standard request handlers
The GET_STATUS and SET/CLEAR_FEATURE handlers extract the endpoint number from the host-supplied wIndex without any sort of validation. Fix this up by validating the number of endpoints actually match up with the number the device has before attempting to dereference a pointer based on this math.
This is just like what was done in commit ee0d382feb44 ("usb: gadget: aspeed_udc: validate endpoint index for ast udc") for the aspeed driver.
{
"affected": [],
"aliases": [
"CVE-2026-31615"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-24T15:16:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: renesas_usb3: validate endpoint index in standard request handlers\n\nThe GET_STATUS and SET/CLEAR_FEATURE handlers extract the endpoint\nnumber from the host-supplied wIndex without any sort of validation.\nFix this up by validating the number of endpoints actually match up with\nthe number the device has before attempting to dereference a pointer\nbased on this math.\n\nThis is just like what was done in commit ee0d382feb44 (\"usb: gadget:\naspeed_udc: validate endpoint index for ast udc\") for the aspeed driver.",
"id": "GHSA-gggw-8cq2-45cp",
"modified": "2026-06-01T18:31:27Z",
"published": "2026-04-24T15:32:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31615"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1b2bfedccc4fb8c9572e1ea464f905424c91de2a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/360aa6e71870a175a6d86af905be2ca171639eb3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/37f430b2240655e6b0199a92aa1057e4d621be51"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/44216e3dd4455b798899b50eedb0ec3831dff8e0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7caaf76207f50c77abfd788380e19b2c23a94415"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/adb8014599fdf0818d3d93f1f74e06cd0bdec08d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c4e5ae6db2328d2d9ed55d3005a36c13faab0752"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e3d42598f2995cdc07b7779874e7c5f8a1b773db"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f880aac8a57ebd92abfa685d45424b2998ac1059"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GGPP-FXG5-WP87
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
{
"affected": [],
"aliases": [
"CVE-2021-20196"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-26T22:15:00Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"id": "GHSA-ggpp-fxg5-wp87",
"modified": "2022-05-24T19:03:33Z",
"published": "2022-05-24T19:03:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20196"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:0325"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:0397"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:1759"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2021-20196"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/qemu/+bug/1912780"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919210"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210708-0004"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2021/01/28/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GGQP-G798-MJM6
Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-07-29 00:00An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmac_params() in modules/preprocs/nasm/nasm-pp.c.
{
"affected": [],
"aliases": [
"CVE-2021-33457"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-26T13:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmac_params() in modules/preprocs/nasm/nasm-pp.c.",
"id": "GHSA-ggqp-g798-mjm6",
"modified": "2022-07-29T00:00:34Z",
"published": "2022-07-27T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33457"
},
{
"type": "WEB",
"url": "https://github.com/yasm/yasm/issues/171"
},
{
"type": "WEB",
"url": "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GGQV-56GC-8C9C
Vulnerability from github – Published: 2025-05-06 09:31 – Updated: 2025-05-06 09:31in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2025-27241"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-06T09:15:25Z",
"severity": "LOW"
},
"details": "in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.",
"id": "GHSA-ggqv-56gc-8c9c",
"modified": "2025-05-06T09:31:34Z",
"published": "2025-05-06T09:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27241"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-05.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-GGR3-2PMH-FQ3P
Vulnerability from github – Published: 2026-06-26 21:32 – Updated: 2026-07-06 21:30In the Linux kernel, the following vulnerability has been resolved:
drm/amd/ras: Fix NULL deref in ras_core_ras_interrupt_detected()
Fixes a NULL pointer dereference when ras_core is NULL and ras_core->dev is accessed in the error path.
Reported by: Dan Carpenter dan.carpenter@linaro.org
{
"affected": [],
"aliases": [
"CVE-2026-53316"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-26T20:17:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/ras: Fix NULL deref in ras_core_ras_interrupt_detected()\n\nFixes a NULL pointer dereference when ras_core is NULL and ras_core-\u003edev\nis accessed in the error path.\n\nReported by: Dan Carpenter \u003cdan.carpenter@linaro.org\u003e",
"id": "GHSA-ggr3-2pmh-fq3p",
"modified": "2026-07-06T21:30:26Z",
"published": "2026-06-26T21:32:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53316"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6b606216e03fa2b53cc179d8383b683a140fe6e1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f2f2ed3d359509c311cc6626226e4578d7eb77d8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GGR3-2W79-8RHJ
Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2025-02-02 12:30In the Linux kernel, the following vulnerability has been resolved:
cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value
cpufreq_cpu_get may return NULL. To avoid NULL-dereference check it and return in case of error.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
{
"affected": [],
"aliases": [
"CVE-2024-50009"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T19:15:04Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: add check for cpufreq_cpu_get\u0027s return value\n\ncpufreq_cpu_get may return NULL. To avoid NULL-dereference check it\nand return in case of error.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"id": "GHSA-ggr3-2w79-8rhj",
"modified": "2025-02-02T12:30:23Z",
"published": "2024-10-21T21:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50009"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5493f9714e4cdaf0ee7cec15899a231400cb1a9f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5f250d44b8191d612355dd97b89b37bbc1b5d2cb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cd9f7bf6cad8b2d3876105ce3c9fc63460a046f6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GH27-X7G8-9FV7
Vulnerability from github – Published: 2024-10-21 15:32 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning
Fix a smatch static checker warning on vdec_h264_req_multi_if.c. Which leads to a kernel crash when fb is NULL.
{
"affected": [],
"aliases": [
"CVE-2024-47754"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T13:15:05Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning\n\nFix a smatch static checker warning on vdec_h264_req_multi_if.c.\nWhich leads to a kernel crash when fb is NULL.",
"id": "GHSA-gh27-x7g8-9fv7",
"modified": "2025-11-03T21:31:22Z",
"published": "2024-10-21T15:32:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47754"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/301f7778263116388c20521a1a641067647ab31c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/47b3b97930913ca74a595cc12bdbb650259afc6e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/588bcce9e64cc5138858ab562268eb3943c5b06c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9be85491619f1953b8a29590ca630be571941ffa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d48890ef8765001caff732ac6ec80a3b2e470215"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.