Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-XXJ3-2V78-2RPQ

Vulnerability from github – Published: 2025-11-07 18:30 – Updated: 2025-11-14 21:30
VLAI
Details

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-52865"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-07T16:15:38Z",
    "severity": "LOW"
  },
  "details": "A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5018 and later",
  "id": "GHSA-xxj3-2v78-2rpq",
  "modified": "2025-11-14T21:30:28Z",
  "published": "2025-11-07T18:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52865"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-25-38"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XXP9-GM8J-W4C9

Vulnerability from github – Published: 2025-02-27 21:32 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ptp: Ensure info->enable callback is always set

The ioctl and sysfs handlers unconditionally call the ->enable callback. Not all drivers implement that callback, leading to NULL dereferences. Example of affected drivers: ptp_s390.c, ptp_vclock.c and ptp_mock.c.

Instead use a dummy callback if no better was specified by the driver.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21814"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-27T20:16:03Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: Ensure info-\u003eenable callback is always set\n\nThe ioctl and sysfs handlers unconditionally call the -\u003eenable callback.\nNot all drivers implement that callback, leading to NULL dereferences.\nExample of affected drivers: ptp_s390.c, ptp_vclock.c and ptp_mock.c.\n\nInstead use a dummy callback if no better was specified by the driver.",
  "id": "GHSA-xxp9-gm8j-w4c9",
  "modified": "2026-07-14T15:31:18Z",
  "published": "2025-02-27T21:32:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21814"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1334c64a5d1de6666e0c9f984db6745083df1eb4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5d1041c76de656f9f8d5a192218039a9acf9bd00"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/755caf4ee1c615ee5717862e427124370f46b1f3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/81846070cba17125a866e8023c01d3465b153339"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8441aea46445252df5d2eed6deb6d5246fc24002"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9df3a9284f39bfd51a9f72a6a165c79e2aa5066b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fd53aa40e65f518453115b6f56183b0c201db26b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fdc1e72487781dd7705bcbe30878bee7d5d1f3e8"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XXQF-46RV-F5HW

Vulnerability from github – Published: 2022-01-11 00:01 – Updated: 2022-01-14 00:02
VLAI
Details

There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40039"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-10T14:10:00Z",
    "severity": "HIGH"
  },
  "details": "There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity.",
  "id": "GHSA-xxqf-46rv-f5hw",
  "modified": "2022-01-14T00:02:44Z",
  "published": "2022-01-11T00:01:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40039"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2022/1"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-XXQV-JC35-W8CJ

Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2024-10-24 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: nixge: fix NULL dereference

In function nixge_hw_dma_bd_release() dereference of NULL pointer priv->rx_bd_v is possible for the case of its allocation failure in nixge_hw_dma_bd_init().

Move for() loop with priv->rx_bd_v dereference under the check for its validity.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49019"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T20:15:13Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: nixge: fix NULL dereference\n\nIn function nixge_hw_dma_bd_release() dereference of NULL pointer\npriv-\u003erx_bd_v is possible for the case of its allocation failure in\nnixge_hw_dma_bd_init().\n\nMove for() loop with priv-\u003erx_bd_v dereference under the check for\nits validity.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
  "id": "GHSA-xxqv-jc35-w8cj",
  "modified": "2024-10-24T21:31:02Z",
  "published": "2024-10-21T21:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49019"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/45752af0247589e6d3dede577415bfe117b4392c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/80e82f7b440b65cf131dce10f487dc73a7046e6b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/910c0264b64ef2dad8887714a7c56c93e39a0ed3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9256db4e45e8b497b0e993cc3ed4ad08eb2389b6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9c584d6d9cfb935dce8fc81a4c26debac0a3049b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XXW5-6RCH-9WMX

Vulnerability from github – Published: 2025-08-01 09:31 – Updated: 2025-08-01 09:31
VLAI
Details

A null pointer dereference vulnerability exists in the IOMap64.sys driver of ASUS AI Suite 3. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the '

Security Update for for AI Suite 3

' section on the ASUS Security Advisory for more information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6398"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-01T09:15:33Z",
    "severity": "MODERATE"
  },
  "details": "A null pointer dereference vulnerability exists in the IOMap64.sys driver of ASUS AI Suite 3. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the \u0027\n\nSecurity Update for for AI Suite 3\n\n\u0027 section on the ASUS Security Advisory for more information.",
  "id": "GHSA-xxw5-6rch-9wmx",
  "modified": "2025-08-01T09:31:24Z",
  "published": "2025-08-01T09:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6398"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/content/security-advisory"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.