Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-Q7F5-H647-X236

Vulnerability from github – Published: 2025-08-11 06:30 – Updated: 2025-08-11 06:30
VLAI
Details

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-26690"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-11T04:15:35Z",
    "severity": "LOW"
  },
  "details": "in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.",
  "id": "GHSA-q7f5-h647-x236",
  "modified": "2025-08-11T06:30:30Z",
  "published": "2025-08-11T06:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26690"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-07.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q7MH-RC36-3J7H

Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-20 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

xhci: Fix NULL pointer dereference when reading portli debugfs files

Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files

Oops is caused when there are more port registers counted in xhci->max_ports than ports reported by Supported Protocol capabilities. This is possible if max_ports is more than maximum port number, or if there are gaps between ports of different speeds the 'Supported Protocol' capabilities.

In such cases port->rhub will be NULL so we can't reach xhci behind it. Add an explicit NULL check for this case, and print portli in hex without dereferencing port->rhub.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43431"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-08T15:16:55Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix NULL pointer dereference when reading portli debugfs files\n\nMichal reported and debgged a NULL pointer dereference bug in the\nrecently added portli debugfs files\n\nOops is caused when there are more port registers counted in\nxhci-\u003emax_ports than ports reported by Supported Protocol capabilities.\nThis is possible if max_ports is more than maximum port number, or\nif there are gaps between ports of different speeds the \u0027Supported\nProtocol\u0027 capabilities.\n\nIn such cases port-\u003erhub will be NULL so we can\u0027t reach xhci behind it.\nAdd an explicit NULL check for this case, and print portli in hex\nwithout dereferencing port-\u003erhub.",
  "id": "GHSA-q7mh-rc36-3j7h",
  "modified": "2026-05-20T18:31:30Z",
  "published": "2026-05-08T15:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43431"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9c8bef223c6e991276188d30d74bdb2cbd8be652"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ae4ff9dead5efa2025eddfcdb29411432bf40a7c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q7P3-P33M-X74M

Vulnerability from github – Published: 2022-05-14 01:42 – Updated: 2022-05-14 01:42
VLAI
Details

libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file, a different vulnerability than CVE-2018-7866.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20426"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-24T05:29:00Z",
    "severity": "HIGH"
  },
  "details": "libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file, a different vulnerability than CVE-2018-7866.",
  "id": "GHSA-q7p3-p33m-x74m",
  "modified": "2022-05-14T01:42:55Z",
  "published": "2022-05-14T01:42:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20426"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libming/libming/issues/162"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q7RH-Q4X3-VHQ2

Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25
VLAI
Details

The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-3637"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-05-17T11:00:00Z",
    "severity": "MODERATE"
  },
  "details": "The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error.",
  "id": "GHSA-q7rh-q4x3-vhq2",
  "modified": "2022-05-13T01:25:04Z",
  "published": "2022-05-13T01:25:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3637"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/76597cd31470fa130784c78fadb4dab2e624a723"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747848"
    },
    {
      "type": "WEB",
      "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=76597cd31470fa130784c78fadb4dab2e624a723"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=76597cd31470fa130784c78fadb4dab2e624a723"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/02/06/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q7W2-9623-FVVJ

Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2022-05-24 16:59
VLAI
Details

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-8205"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-17T21:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",
  "id": "GHSA-q7w2-9623-fvvj",
  "modified": "2022-05-24T16:59:23Z",
  "published": "2022-05-24T16:59:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8205"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-49.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-Q823-7V63-V327

Vulnerability from github – Published: 2025-10-22 18:30 – Updated: 2025-10-22 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected

There is a possibility for mdp5_get_global_state to return -EDEADLK when acquiring the modeset lock, but currently global_state in mdp5_mixer_release doesn't check for if an error is returned.

To avoid a NULL dereference error, let's have mdp5_mixer_release check if an error is returned and propagate that error.

Patchwork: https://patchwork.freedesktop.org/patch/485181/

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49488"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:24Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected\n\nThere is a possibility for mdp5_get_global_state to return\n-EDEADLK when acquiring the modeset lock, but currently global_state in\nmdp5_mixer_release doesn\u0027t check for if an error is returned.\n\nTo avoid a NULL dereference error, let\u0027s have mdp5_mixer_release\ncheck if an error is returned and propagate that error.\n\nPatchwork: https://patchwork.freedesktop.org/patch/485181/",
  "id": "GHSA-q823-7v63-v327",
  "modified": "2025-10-22T18:30:31Z",
  "published": "2025-10-22T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49488"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/09bdeedc1fc53e64b8282e1de67752c69e43bdba"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1a5d1474026ea4f1a6f931075ca2adb884af39cf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/22d8424913b1348c6324916745fadaeea5273f0e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/46e5ce63924a96af452c4fc5ee0bb3b241e1b9f4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/47e393061049aff6818d1b9fdca7351411a23fc2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/883f1d52a57bf51e1d7a80c432345e2c6222477e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ca75f6f7c6f89365e40f10f641b15981b1f07c31"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q837-4WVG-JX7G

Vulnerability from github – Published: 2024-04-14 15:30 – Updated: 2024-04-14 15:30
VLAI
Details

In malidp_mw_connector_reset, new memory is allocated with kzalloc, but no check is performed. In order to prevent null pointer dereferencing, ensure that mw_state is checked before calling __drm_atomic_helper_connector_reset.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-24863"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-14T13:15:49Z",
    "severity": "MODERATE"
  },
  "details": "In malidp_mw_connector_reset, new memory is allocated with kzalloc, but \nno check is performed. In order to prevent null pointer dereferencing, \nensure that mw_state is checked before calling \n__drm_atomic_helper_connector_reset.\n\n",
  "id": "GHSA-q837-4wvg-jx7g",
  "modified": "2024-04-14T15:30:32Z",
  "published": "2024-04-14T15:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24863"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8750"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q86V-48Q4-7HR6

Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16
VLAI
Details

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-18873"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-31T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.",
  "id": "GHSA-q86v-48q4-7hr6",
  "modified": "2022-05-13T01:16:06Z",
  "published": "2022-05-13T01:16:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18873"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mdadams/jasper/issues/184"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201908-03"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q8CF-83HQ-3865

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-13 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

vdpa_sim_blk: set number of address spaces and virtqueue groups

Commit bda324fd037a ("vdpasim: control virtqueue support") added two new fields (nas, ngroups) to vdpasim_dev_attr, but we forgot to initialize them for vdpa_sim_blk.

When creating a new vdpa_sim_blk device this causes the kernel to panic in this way:    $ vdpa dev add mgmtdev vdpasim_blk name blk0    BUG: kernel NULL pointer dereference, address: 0000000000000030    ...    RIP: 0010:vhost_iotlb_add_range_ctx+0x41/0x220 [vhost_iotlb]    ...    Call Trace:         vhost_iotlb_add_range+0x11/0x800 [vhost_iotlb]     vdpasim_map_range+0x91/0xd0 [vdpa_sim]     vdpasim_alloc_coherent+0x56/0x90 [vdpa_sim]     ...

This happens because vdpasim->iommu[0] is not initialized when dev_attr.nas is 0.

Let's fix this issue by initializing both (nas, ngroups) to 1 for vdpa_sim_blk.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50058"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:34Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa_sim_blk: set number of address spaces and virtqueue groups\n\nCommit bda324fd037a (\"vdpasim: control virtqueue support\") added two\nnew fields (nas, ngroups) to vdpasim_dev_attr, but we forgot to\ninitialize them for vdpa_sim_blk.\n\nWhen creating a new vdpa_sim_blk device this causes the kernel\nto panic in this way:\n \u00a0 \u00a0$ vdpa dev add mgmtdev vdpasim_blk name blk0\n \u00a0 \u00a0BUG: kernel NULL pointer dereference, address: 0000000000000030\n \u00a0 \u00a0...\n \u00a0 \u00a0RIP: 0010:vhost_iotlb_add_range_ctx+0x41/0x220 [vhost_iotlb]\n \u00a0 \u00a0...\n \u00a0 \u00a0Call Trace:\n \u00a0 \u00a0 \u003cTASK\u003e\n \u00a0 \u00a0 vhost_iotlb_add_range+0x11/0x800 [vhost_iotlb]\n \u00a0 \u00a0 vdpasim_map_range+0x91/0xd0 [vdpa_sim]\n \u00a0 \u00a0 vdpasim_alloc_coherent+0x56/0x90 [vdpa_sim]\n \u00a0 \u00a0 ...\n\nThis happens because vdpasim-\u003eiommu[0] is not initialized when\ndev_attr.nas is 0.\n\nLet\u0027s fix this issue by initializing both (nas, ngroups) to 1 for\nvdpa_sim_blk.",
  "id": "GHSA-q8cf-83hq-3865",
  "modified": "2025-11-13T18:31:00Z",
  "published": "2025-06-18T12:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50058"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/19cd4a5471b8eaa4bd161b0fdb4567f2fc88d809"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a291c7d289fac2cb13fb2614a9a251afbbd86ce9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q8CR-FF8R-CV2J

Vulnerability from github – Published: 2022-04-19 00:00 – Updated: 2022-04-27 00:00
VLAI
Details

NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1382"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-18T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system.",
  "id": "GHSA-q8cr-ff8r-cv2j",
  "modified": "2022-04-27T00:00:27Z",
  "published": "2022-04-19T00:00:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1382"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radareorg/radare2/commit/48f0ea79f99174fb0a62cb2354e13496ce5b7c44"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/d8b6d239-6d7b-4783-b26b-5be848c01aa1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.