CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
GHSA-M6M4-PPMJ-PPV3
Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2022-05-13 01:17The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.
{
"affected": [],
"aliases": [
"CVE-2014-2678"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-04-01T06:35:00Z",
"severity": "MODERATE"
},
"details": "The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.",
"id": "GHSA-m6m4-ppmj-ppv3",
"modified": "2022-05-13T01:17:56Z",
"published": "2022-05-13T01:17:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2678"
},
{
"type": "WEB",
"url": "https://lkml.org/lkml/2014/3/29/188"
},
{
"type": "WEB",
"url": "http://linux.oracle.com/errata/ELSA-2014-0926-1.html"
},
{
"type": "WEB",
"url": "http://linux.oracle.com/errata/ELSA-2014-0926.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131276.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59386"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60130"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60471"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2014/03/31/10"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/66543"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-M6Q7-6HRV-F732
Vulnerability from github – Published: 2025-03-17 21:30 – Updated: 2025-03-17 21:30In the Linux kernel, the following vulnerability has been resolved:
net: sparx5: switchdev: fix possible NULL pointer dereference
As the possible failure of the allocation, devm_kzalloc() may return NULL pointer. Therefore, it should be better to check the 'db' in order to prevent the dereference of NULL pointer.
{
"affected": [],
"aliases": [
"CVE-2022-49184"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:55Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sparx5: switchdev: fix possible NULL pointer dereference\n\nAs the possible failure of the allocation, devm_kzalloc() may return NULL\npointer.\nTherefore, it should be better to check the \u0027db\u0027 in order to prevent\nthe dereference of NULL pointer.",
"id": "GHSA-m6q7-6hrv-f732",
"modified": "2025-03-17T21:30:31Z",
"published": "2025-03-17T21:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49184"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0906f3a3df07835e37077d8971aac65347f2ed57"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b375ea083fa649092cd016ac1f89a2d1fd8f8e8b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c346791877e6ce923bb21e34b30c6f99326aa5a8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e7e1fff76c4c57688dc7d53a3b6212182d5628d0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M6QQ-C4RP-76FQ
Vulnerability from github – Published: 2022-05-17 00:12 – Updated: 2022-05-17 00:12K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002570 DeviceIoControl request.
{
"affected": [],
"aliases": [
"CVE-2017-17464"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-08T05:29:00Z",
"severity": "CRITICAL"
},
"details": "K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002570 DeviceIoControl request.",
"id": "GHSA-m6qq-c4rp-76fq",
"modified": "2022-05-17T00:12:30Z",
"published": "2022-05-17T00:12:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17464"
},
{
"type": "WEB",
"url": "https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/K7-Antivirus/K7Anti_Nullptr_Dereference_0x95002570"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M6R3-9WWQ-X2MJ
Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2024-04-04 07:06A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.
{
"affected": [],
"aliases": [
"CVE-2022-28070"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-22T19:16:22Z",
"severity": "HIGH"
},
"details": "A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.",
"id": "GHSA-m6r3-9wwq-x2mj",
"modified": "2024-04-04T07:06:59Z",
"published": "2023-08-22T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28070"
},
{
"type": "WEB",
"url": "https://github.com/radareorg/radare2/commit/4aff1bb00224de4f5bc118f987dfd5d2fe3450d0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M6RJ-HX92-C739
Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put).
{
"affected": [],
"aliases": [
"CVE-2018-1000800"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-06T17:29:00Z",
"severity": "CRITICAL"
},
"details": "zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put).",
"id": "GHSA-m6rj-hx92-c739",
"modified": "2022-05-13T01:26:35Z",
"published": "2022-05-13T01:26:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000800"
},
{
"type": "WEB",
"url": "https://github.com/zephyrproject-rtos/zephyr/issues/7638"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M6WQ-66P2-C8PC
Vulnerability from github – Published: 2025-12-08 22:20 – Updated: 2025-12-17 01:09Summary
A vulnerability exists in Babylon’s BLS vote extension processing where a malicious active validator can submit a VoteExtension with the block_hash field omitted from the protobuf serialization. Because protobuf fields are optional, unmarshalling succeeds but leaves BlockHash as nil. Babylon then dereferences this nil pointer in consensus-critical code paths (notably VerifyVoteExtension, and also proposal-time vote verification), causing a runtime panic.
Impact
Intermittent validator crashes at epoch boundaries, which would slow down the creation of the epoch boundary block.
Finder
Vulnerability discovered by:
- @GrumpyLaurie55348
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/babylonlabs-io/babylon/v4"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.2.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/babylonlabs-io/babylon/v3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.0.0-snapshot.250805a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/babylonlabs-io/babylon/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.3.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/babylonlabs-io/babylon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-08T22:20:24Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\n\nA vulnerability exists in Babylon\u2019s BLS vote extension processing where a malicious active validator can submit a VoteExtension with the `block_hash` field omitted from the protobuf serialization. Because protobuf fields are optional, unmarshalling succeeds but leaves `BlockHash` as nil. Babylon then dereferences this nil pointer in consensus-critical code paths (notably `VerifyVoteExtension`, and also proposal-time vote verification), causing a runtime panic.\n\n### Impact\n\nIntermittent validator crashes at epoch boundaries, which would slow down the creation of the epoch boundary block.\n\n### Finder \n\nVulnerability discovered by:\n\n- @GrumpyLaurie55348",
"id": "GHSA-m6wq-66p2-c8pc",
"modified": "2025-12-17T01:09:11Z",
"published": "2025-12-08T22:20:24Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/babylonlabs-io/babylon/security/advisories/GHSA-m6wq-66p2-c8pc"
},
{
"type": "WEB",
"url": "https://github.com/babylonlabs-io/babylon/commit/f79ad58c1d5bcab3451cb7a47c91e713935917d7"
},
{
"type": "PACKAGE",
"url": "https://github.com/babylonlabs-io/babylon"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers"
}
GHSA-M6X5-R2X6-WG47
Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2023-03-03 15:30An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.
{
"affected": [],
"aliases": [
"CVE-2019-15218"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-19T22:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.",
"id": "GHSA-m6x5-r2x6-wg47",
"modified": "2023-03-03T15:30:19Z",
"published": "2022-05-24T16:53:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15218"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31e0456de5be379b10fea0fa94a681057114a96e"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190905-0002"
},
{
"type": "WEB",
"url": "https://syzkaller.appspot.com/bug?id=4a5d7c8c2b6dbedb5b7218c6d7e8666bd2387517"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4115-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4118-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4147-1"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/08/20/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/08/22/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/08/22/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/08/22/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/08/22/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M73J-97V7-6695
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP.
{
"affected": [],
"aliases": [
"CVE-2010-4342"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-12-30T19:00:00Z",
"severity": "HIGH"
},
"details": "The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP.",
"id": "GHSA-m73j-97v7-6695",
"modified": "2022-05-13T01:23:55Z",
"published": "2022-05-13T01:23:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4342"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e085e76cbe558b79b54cbab772f61185879bc64"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4e085e76cbe558b79b54cbab772f61185879bc64"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=linux-netdev\u0026m=129185496013580\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=linux-netdev\u0026m=129186011218615\u0026w=2"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2010/12/09/1"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2010/12/09/2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43291"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc6"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/45321"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0375"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-M73X-6GVH-9839
Vulnerability from github – Published: 2024-12-07 00:31 – Updated: 2024-12-12 03:33Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner().
{
"affected": [],
"aliases": [
"CVE-2024-44855"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-06T22:15:21Z",
"severity": "HIGH"
},
"details": "Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner().",
"id": "GHSA-m73x-6gvh-9839",
"modified": "2024-12-12T03:33:00Z",
"published": "2024-12-07T00:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44855"
},
{
"type": "WEB",
"url": "https://github.com/open-navigation/navigation2/issues/4466"
},
{
"type": "WEB",
"url": "https://github.com/ros-navigation/navigation2/pull/4463"
},
{
"type": "WEB",
"url": "https://github.com/GoesM/ROS-CVE-CNVDs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M75C-J939-X6C2
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
ALSA: pcm: Add sanity NULL check for the default mmap fault handler
A driver might allow the mmap access before initializing its runtime->dma_area properly. Add a proper NULL check before passing to virt_to_page() for avoiding a panic.
{
"affected": [],
"aliases": [
"CVE-2024-53180"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T14:15:25Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Add sanity NULL check for the default mmap fault handler\n\nA driver might allow the mmap access before initializing its\nruntime-\u003edma_area properly. Add a proper NULL check before passing to\nvirt_to_page() for avoiding a panic.",
"id": "GHSA-m75c-j939-x6c2",
"modified": "2025-11-03T21:31:47Z",
"published": "2024-12-27T15:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53180"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0c4c9bf5eab7bee6b606f2abb0993e933b5831a0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/832efbb74b1578e3737d593a204d42af8bd1b81b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8799f4332a9fd812eadfbc32fc5104d6292f754f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bc200027ee92fba84f1826494735ed675f3aa911"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d2913a07d9037fe7aed4b7e680684163eaed6bc4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f0ce9e24eff1678c16276f9717f26a78202506a2"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.