CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-H4RQ-6M62-GHJM
Vulnerability from github – Published: 2025-03-18 21:31 – Updated: 2025-11-03 21:32In the Linux kernel, the following vulnerability has been resolved:
i2c: dev: check return value when calling dev_set_name()
If dev_set_name() fails, the dev_name() is null, check the return value of dev_set_name() to avoid the null-ptr-deref.
{
"affected": [],
"aliases": [
"CVE-2022-49046"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:41Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: dev: check return value when calling dev_set_name()\n\nIf dev_set_name() fails, the dev_name() is null, check the return\nvalue of dev_set_name() to avoid the null-ptr-deref.",
"id": "GHSA-h4rq-6m62-ghjm",
"modified": "2025-11-03T21:32:52Z",
"published": "2025-03-18T21:31:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49046"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e539b17d4cbe5fb8b5152dd9a6e4a8828f97db2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2f345bb14ad4744950499ff222e2899209297afa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/993eb48fa199b5f476df8204e652eff63dd19361"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c74d77a2d07744147d734138acd6ce9dba715e5d"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H4RW-35J2-46PQ
Vulnerability from github – Published: 2024-08-17 12:30 – Updated: 2024-09-03 18:31In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix a possible null pointer dereference
In function lpfc_xcvr_data_show, the memory allocation with kmalloc might fail, thereby making rdp_context a null pointer. In the following context and functions that use this pointer, there are dereferencing operations, leading to null pointer dereference.
To fix this issue, a null pointer check should be added. If it is null, use scnprintf to notify the user and return len.
{
"affected": [],
"aliases": [
"CVE-2024-43821"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-17T10:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix a possible null pointer dereference\n\nIn function lpfc_xcvr_data_show, the memory allocation with kmalloc might\nfail, thereby making rdp_context a null pointer. In the following context\nand functions that use this pointer, there are dereferencing operations,\nleading to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null,\nuse scnprintf to notify the user and return len.",
"id": "GHSA-h4rw-35j2-46pq",
"modified": "2024-09-03T18:31:31Z",
"published": "2024-08-17T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43821"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/45b2a23e00d448a9e6d1f371ca3a4d4b073fe78c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/57600a7dd2b52c904f7c8d2cac0fd8c23868e680"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H4WP-MXWG-XQP6
Vulnerability from github – Published: 2022-04-12 00:00 – Updated: 2022-04-19 00:01Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
{
"affected": [],
"aliases": [
"CVE-2022-26097"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-11T20:15:00Z",
"severity": "CRITICAL"
},
"details": "Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.",
"id": "GHSA-h4wp-mxwg-xqp6",
"modified": "2022-04-19T00:01:17Z",
"published": "2022-04-12T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26097"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H526-7R62-GCJ9
Vulnerability from github – Published: 2026-03-04 21:32 – Updated: 2026-03-04 21:32A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition.
This vulnerability is due to improper validation of user-supplied input. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
{
"affected": [],
"aliases": [
"CVE-2026-20064"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-04T19:16:16Z",
"severity": "MODERATE"
},
"details": "A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition.\n\n This vulnerability is due to improper validation of user-supplied input. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.",
"id": "GHSA-h526-7r62-gcj9",
"modified": "2026-03-04T21:32:45Z",
"published": "2026-03-04T21:32:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20064"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmd-inj-mTzGZexf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H53C-6597-VMFW
Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-04-27 21:30In the Linux kernel, the following vulnerability has been resolved:
wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit
wg_netns_pre_exit() manually acquires rtnl_lock() inside the pernet .pre_exit callback. This causes a hung task when another thread holds rtnl_mutex - the cleanup_net workqueue (or the setup_net failure rollback path) blocks indefinitely in wg_netns_pre_exit() waiting to acquire the lock.
Convert to .exit_rtnl, introduced in commit 7a60d91c690b ("net: Add ->exit_rtnl() hook to struct pernet_operations."), where the framework already holds RTNL and batches all callbacks under a single rtnl_lock()/rtnl_unlock() pair, eliminating the contention window.
The rcu_assign_pointer(wg->creating_net, NULL) is safe to move from .pre_exit to .exit_rtnl (which runs after synchronize_rcu()) because all RCU readers of creating_net either use maybe_get_net() - which returns NULL for a dying namespace with zero refcount - or access net->user_ns which remains valid throughout the entire ops_undo_list sequence.
[ Jason: added __net_exit and __read_mostly annotations that were missing. ]
{
"affected": [],
"aliases": [
"CVE-2026-31579"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-24T15:16:32Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit\n\nwg_netns_pre_exit() manually acquires rtnl_lock() inside the\npernet .pre_exit callback. This causes a hung task when another\nthread holds rtnl_mutex - the cleanup_net workqueue (or the\nsetup_net failure rollback path) blocks indefinitely in\nwg_netns_pre_exit() waiting to acquire the lock.\n\nConvert to .exit_rtnl, introduced in commit 7a60d91c690b (\"net:\nAdd -\u003eexit_rtnl() hook to struct pernet_operations.\"), where the\nframework already holds RTNL and batches all callbacks under a\nsingle rtnl_lock()/rtnl_unlock() pair, eliminating the contention\nwindow.\n\nThe rcu_assign_pointer(wg-\u003ecreating_net, NULL) is safe to move\nfrom .pre_exit to .exit_rtnl (which runs after synchronize_rcu())\nbecause all RCU readers of creating_net either use maybe_get_net()\n- which returns NULL for a dying namespace with zero refcount - or\naccess net-\u003euser_ns which remains valid throughout the entire\nops_undo_list sequence.\n\n[ Jason: added __net_exit and __read_mostly annotations that were missing. ]",
"id": "GHSA-h53c-6597-vmfw",
"modified": "2026-04-27T21:30:47Z",
"published": "2026-04-24T15:32:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31579"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1c52ef00e391144334f10995985c2f256d4be982"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/60a25ef8dacb3566b1a8c4de00572a498e2a3bf9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9a9e69155b2091b8297afaf1533b8d68a3096841"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a1d0f6cbb962af29586e3e65a4bced1a5e39221f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H53P-2GG5-7VFM
Vulnerability from github – Published: 2022-05-17 02:58 – Updated: 2025-04-20 03:32slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.
{
"affected": [],
"aliases": [
"CVE-2016-6866"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-15T19:59:00Z",
"severity": "HIGH"
},
"details": "slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.",
"id": "GHSA-h53p-2gg5-7vfm",
"modified": "2025-04-20T03:32:56Z",
"published": "2022-05-17T02:58:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6866"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FYPV6QQPPYBL3Z2BYNYEJB67FSC55OR"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZPEJQNVODYSI4WQXM5GQKXRO7TPK2VG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FYPV6QQPPYBL3Z2BYNYEJB67FSC55OR"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZPEJQNVODYSI4WQXM5GQKXRO7TPK2VG"
},
{
"type": "WEB",
"url": "http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29"
},
{
"type": "WEB",
"url": "http://s1m0n.dft-labs.eu/files/slock/slock.txt"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/22"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/24"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/92546"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H53V-FF66-979G
Vulnerability from github – Published: 2025-03-18 21:31 – Updated: 2025-09-29 12:30In the Linux kernel, the following vulnerability has been resolved:
media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com
On the case tmp_dcim=1, the index of buffer is miscalculated. This generate a NULL pointer dereference later.
So let's fix the calcul and add a check to prevent this to reappear.
{
"affected": [],
"aliases": [
"CVE-2021-47645"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T06:37:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com\n\nOn the case tmp_dcim=1, the index of buffer is miscalculated.\nThis generate a NULL pointer dereference later.\n\nSo let\u0027s fix the calcul and add a check to prevent this to reappear.",
"id": "GHSA-h53v-ff66-979g",
"modified": "2025-09-29T12:30:26Z",
"published": "2025-03-18T21:31:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47645"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/20811bbe685ca3eddd34b0c750860427d7030910"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/20db2ed1e2f9fcd417fa67853e5154f0c2537d6c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7e76f3ed7ab2ae026c6ef9cc23096a7554af8c52"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8dce4b265a5357731058f69645840dabc718c687"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bafec1a6ba4b187a7fcdcfce0faebdc623d4ef8e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e3b86f4e558cea9eed71d894df2f19b10d60a207"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H53W-84FJ-6MJW
Vulnerability from github – Published: 2025-01-22 00:33 – Updated: 2025-01-22 15:32A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP S1Setup Request packet missing an expected Global eNB ID field.
{
"affected": [],
"aliases": [
"CVE-2023-37035"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-21T23:15:10Z",
"severity": "MODERATE"
},
"details": "A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma \u003c= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `S1Setup Request` packet missing an expected `Global eNB ID` field.",
"id": "GHSA-h53w-84fj-6mjw",
"modified": "2025-01-22T15:32:34Z",
"published": "2025-01-22T00:33:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37035"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H542-CV7W-QH66
Vulnerability from github – Published: 2022-05-14 02:58 – Updated: 2022-05-14 02:58An issue was discovered in libthulac.so in THULAC through 2018-02-25. A NULL pointer dereference can occur in the BasicModel class in include/cb_model.h.
{
"affected": [],
"aliases": [
"CVE-2018-14562"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-23T14:29:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in libthulac.so in THULAC through 2018-02-25. A NULL pointer dereference can occur in the BasicModel class in include/cb_model.h.",
"id": "GHSA-h542-cv7w-qh66",
"modified": "2022-05-14T02:58:56Z",
"published": "2022-05-14T02:58:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14562"
},
{
"type": "WEB",
"url": "https://github.com/thunlp/THULAC/issues/35#issue-342148638"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H578-VXQV-P5M6
Vulnerability from github – Published: 2025-08-29 18:30 – Updated: 2025-09-18 15:30A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later
{
"affected": [],
"aliases": [
"CVE-2025-29874"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-29T17:15:34Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.4907 and later",
"id": "GHSA-h578-vxqv-p5m6",
"modified": "2025-09-18T15:30:23Z",
"published": "2025-08-29T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29874"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-25-19"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.