CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-Q7F5-H647-X236
Vulnerability from github – Published: 2025-08-11 06:30 – Updated: 2025-08-11 06:30in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2025-26690"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-11T04:15:35Z",
"severity": "LOW"
},
"details": "in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.",
"id": "GHSA-q7f5-h647-x236",
"modified": "2025-08-11T06:30:30Z",
"published": "2025-08-11T06:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26690"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-07.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-Q7MH-RC36-3J7H
Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-20 18:31In the Linux kernel, the following vulnerability has been resolved:
xhci: Fix NULL pointer dereference when reading portli debugfs files
Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files
Oops is caused when there are more port registers counted in xhci->max_ports than ports reported by Supported Protocol capabilities. This is possible if max_ports is more than maximum port number, or if there are gaps between ports of different speeds the 'Supported Protocol' capabilities.
In such cases port->rhub will be NULL so we can't reach xhci behind it. Add an explicit NULL check for this case, and print portli in hex without dereferencing port->rhub.
{
"affected": [],
"aliases": [
"CVE-2026-43431"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T15:16:55Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix NULL pointer dereference when reading portli debugfs files\n\nMichal reported and debgged a NULL pointer dereference bug in the\nrecently added portli debugfs files\n\nOops is caused when there are more port registers counted in\nxhci-\u003emax_ports than ports reported by Supported Protocol capabilities.\nThis is possible if max_ports is more than maximum port number, or\nif there are gaps between ports of different speeds the \u0027Supported\nProtocol\u0027 capabilities.\n\nIn such cases port-\u003erhub will be NULL so we can\u0027t reach xhci behind it.\nAdd an explicit NULL check for this case, and print portli in hex\nwithout dereferencing port-\u003erhub.",
"id": "GHSA-q7mh-rc36-3j7h",
"modified": "2026-05-20T18:31:30Z",
"published": "2026-05-08T15:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43431"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9c8bef223c6e991276188d30d74bdb2cbd8be652"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ae4ff9dead5efa2025eddfcdb29411432bf40a7c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q7P3-P33M-X74M
Vulnerability from github – Published: 2022-05-14 01:42 – Updated: 2022-05-14 01:42libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file, a different vulnerability than CVE-2018-7866.
{
"affected": [],
"aliases": [
"CVE-2018-20426"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-24T05:29:00Z",
"severity": "HIGH"
},
"details": "libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file, a different vulnerability than CVE-2018-7866.",
"id": "GHSA-q7p3-p33m-x74m",
"modified": "2022-05-14T01:42:55Z",
"published": "2022-05-14T01:42:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20426"
},
{
"type": "WEB",
"url": "https://github.com/libming/libming/issues/162"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q7RH-Q4X3-VHQ2
Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error.
{
"affected": [],
"aliases": [
"CVE-2011-3637"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-05-17T11:00:00Z",
"severity": "MODERATE"
},
"details": "The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error.",
"id": "GHSA-q7rh-q4x3-vhq2",
"modified": "2022-05-13T01:25:04Z",
"published": "2022-05-13T01:25:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3637"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/76597cd31470fa130784c78fadb4dab2e624a723"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=747848"
},
{
"type": "WEB",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=76597cd31470fa130784c78fadb4dab2e624a723"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=76597cd31470fa130784c78fadb4dab2e624a723"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/02/06/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q7W2-9623-FVVJ
Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2022-05-24 16:59Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
{
"affected": [],
"aliases": [
"CVE-2019-8205"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-17T21:15:00Z",
"severity": "CRITICAL"
},
"details": "Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",
"id": "GHSA-q7w2-9623-fvvj",
"modified": "2022-05-24T16:59:23Z",
"published": "2022-05-24T16:59:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8205"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-49.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-Q823-7V63-V327
Vulnerability from github – Published: 2025-10-22 18:30 – Updated: 2025-10-22 18:30In the Linux kernel, the following vulnerability has been resolved:
drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected
There is a possibility for mdp5_get_global_state to return -EDEADLK when acquiring the modeset lock, but currently global_state in mdp5_mixer_release doesn't check for if an error is returned.
To avoid a NULL dereference error, let's have mdp5_mixer_release check if an error is returned and propagate that error.
Patchwork: https://patchwork.freedesktop.org/patch/485181/
{
"affected": [],
"aliases": [
"CVE-2022-49488"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected\n\nThere is a possibility for mdp5_get_global_state to return\n-EDEADLK when acquiring the modeset lock, but currently global_state in\nmdp5_mixer_release doesn\u0027t check for if an error is returned.\n\nTo avoid a NULL dereference error, let\u0027s have mdp5_mixer_release\ncheck if an error is returned and propagate that error.\n\nPatchwork: https://patchwork.freedesktop.org/patch/485181/",
"id": "GHSA-q823-7v63-v327",
"modified": "2025-10-22T18:30:31Z",
"published": "2025-10-22T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49488"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/09bdeedc1fc53e64b8282e1de67752c69e43bdba"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1a5d1474026ea4f1a6f931075ca2adb884af39cf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/22d8424913b1348c6324916745fadaeea5273f0e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/46e5ce63924a96af452c4fc5ee0bb3b241e1b9f4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/47e393061049aff6818d1b9fdca7351411a23fc2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/883f1d52a57bf51e1d7a80c432345e2c6222477e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca75f6f7c6f89365e40f10f641b15981b1f07c31"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q837-4WVG-JX7G
Vulnerability from github – Published: 2024-04-14 15:30 – Updated: 2024-04-14 15:30In malidp_mw_connector_reset, new memory is allocated with kzalloc, but no check is performed. In order to prevent null pointer dereferencing, ensure that mw_state is checked before calling __drm_atomic_helper_connector_reset.
{
"affected": [],
"aliases": [
"CVE-2024-24863"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-14T13:15:49Z",
"severity": "MODERATE"
},
"details": "In malidp_mw_connector_reset, new memory is allocated with kzalloc, but \nno check is performed. In order to prevent null pointer dereferencing, \nensure that mw_state is checked before calling \n__drm_atomic_helper_connector_reset.\n\n",
"id": "GHSA-q837-4wvg-jx7g",
"modified": "2024-04-14T15:30:32Z",
"published": "2024-04-14T15:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24863"
},
{
"type": "WEB",
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8750"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q86V-48Q4-7HR6
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
{
"affected": [],
"aliases": [
"CVE-2018-18873"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-31T16:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.",
"id": "GHSA-q86v-48q4-7hr6",
"modified": "2022-05-13T01:16:06Z",
"published": "2022-05-13T01:16:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18873"
},
{
"type": "WEB",
"url": "https://github.com/mdadams/jasper/issues/184"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201908-03"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q8CF-83HQ-3865
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-13 18:31In the Linux kernel, the following vulnerability has been resolved:
vdpa_sim_blk: set number of address spaces and virtqueue groups
Commit bda324fd037a ("vdpasim: control virtqueue support") added two new fields (nas, ngroups) to vdpasim_dev_attr, but we forgot to initialize them for vdpa_sim_blk.
When creating a new vdpa_sim_blk device this causes the kernel to panic in this way: $ vdpa dev add mgmtdev vdpasim_blk name blk0 BUG: kernel NULL pointer dereference, address: 0000000000000030 ... RIP: 0010:vhost_iotlb_add_range_ctx+0x41/0x220 [vhost_iotlb] ... Call Trace: vhost_iotlb_add_range+0x11/0x800 [vhost_iotlb] vdpasim_map_range+0x91/0xd0 [vdpa_sim] vdpasim_alloc_coherent+0x56/0x90 [vdpa_sim] ...
This happens because vdpasim->iommu[0] is not initialized when dev_attr.nas is 0.
Let's fix this issue by initializing both (nas, ngroups) to 1 for vdpa_sim_blk.
{
"affected": [],
"aliases": [
"CVE-2022-50058"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:34Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa_sim_blk: set number of address spaces and virtqueue groups\n\nCommit bda324fd037a (\"vdpasim: control virtqueue support\") added two\nnew fields (nas, ngroups) to vdpasim_dev_attr, but we forgot to\ninitialize them for vdpa_sim_blk.\n\nWhen creating a new vdpa_sim_blk device this causes the kernel\nto panic in this way:\n \u00a0 \u00a0$ vdpa dev add mgmtdev vdpasim_blk name blk0\n \u00a0 \u00a0BUG: kernel NULL pointer dereference, address: 0000000000000030\n \u00a0 \u00a0...\n \u00a0 \u00a0RIP: 0010:vhost_iotlb_add_range_ctx+0x41/0x220 [vhost_iotlb]\n \u00a0 \u00a0...\n \u00a0 \u00a0Call Trace:\n \u00a0 \u00a0 \u003cTASK\u003e\n \u00a0 \u00a0 vhost_iotlb_add_range+0x11/0x800 [vhost_iotlb]\n \u00a0 \u00a0 vdpasim_map_range+0x91/0xd0 [vdpa_sim]\n \u00a0 \u00a0 vdpasim_alloc_coherent+0x56/0x90 [vdpa_sim]\n \u00a0 \u00a0 ...\n\nThis happens because vdpasim-\u003eiommu[0] is not initialized when\ndev_attr.nas is 0.\n\nLet\u0027s fix this issue by initializing both (nas, ngroups) to 1 for\nvdpa_sim_blk.",
"id": "GHSA-q8cf-83hq-3865",
"modified": "2025-11-13T18:31:00Z",
"published": "2025-06-18T12:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50058"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/19cd4a5471b8eaa4bd161b0fdb4567f2fc88d809"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a291c7d289fac2cb13fb2614a9a251afbbd86ce9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q8CR-FF8R-CV2J
Vulnerability from github – Published: 2022-04-19 00:00 – Updated: 2022-04-27 00:00NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system.
{
"affected": [],
"aliases": [
"CVE-2022-1382"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-18T01:15:00Z",
"severity": "HIGH"
},
"details": "NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system.",
"id": "GHSA-q8cr-ff8r-cv2j",
"modified": "2022-04-27T00:00:27Z",
"published": "2022-04-19T00:00:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1382"
},
{
"type": "WEB",
"url": "https://github.com/radareorg/radare2/commit/48f0ea79f99174fb0a62cb2354e13496ce5b7c44"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/d8b6d239-6d7b-4783-b26b-5be848c01aa1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.