CWE-822
AllowedUntrusted Pointer Dereference
Abstraction: Base · Status: Incomplete
The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
380 vulnerabilities reference this CWE, most recent first.
GHSA-FH5X-3CC2-P28R
Vulnerability from github – Published: 2025-02-13 00:33 – Updated: 2025-02-13 00:33Untrusted Pointer Dereference in I/O subsystem for some Intel(R) QAT software before version 2.0.5 may allow authenticated user to potentially enable information disclosure via local operating system access.
{
"affected": [],
"aliases": [
"CVE-2023-32277"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-12T22:15:29Z",
"severity": "MODERATE"
},
"details": "Untrusted Pointer Dereference in I/O subsystem for some Intel(R) QAT software before version 2.0.5 may allow authenticated user to potentially enable information disclosure via local operating system access.",
"id": "GHSA-fh5x-3cc2-p28r",
"modified": "2025-02-13T00:33:03Z",
"published": "2025-02-13T00:33:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32277"
},
{
"type": "WEB",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01124.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-FP27-2RX6-GVR6
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Untrusted pointer dereference in Windows Domain Controller allows an unauthorized attacker to deny service over a network.
{
"affected": [],
"aliases": [
"CVE-2026-50424"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:17:45Z",
"severity": "HIGH"
},
"details": "Untrusted pointer dereference in Windows Domain Controller allows an unauthorized attacker to deny service over a network.",
"id": "GHSA-fp27-2rx6-gvr6",
"modified": "2026-07-14T18:32:22Z",
"published": "2026-07-14T18:32:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50424"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50424"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FRGC-CJVX-8WC5
Vulnerability from github – Published: 2024-10-08 18:33 – Updated: 2024-10-08 18:33Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-37983"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-08T18:15:06Z",
"severity": "MODERATE"
},
"details": "Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability",
"id": "GHSA-frgc-cjvx-8wc5",
"modified": "2024-10-08T18:33:14Z",
"published": "2024-10-08T18:33:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37983"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37983"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FX4R-WQ66-F4G2
Vulnerability from github – Published: 2024-02-13 18:38 – Updated: 2024-02-13 18:38Win32k Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-21346"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-13T18:15:50Z",
"severity": "HIGH"
},
"details": "Win32k Elevation of Privilege Vulnerability",
"id": "GHSA-fx4r-wq66-f4g2",
"modified": "2024-02-13T18:38:23Z",
"published": "2024-02-13T18:38:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21346"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21346"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G5P2-QC65-F2JM
Vulnerability from github – Published: 2025-08-21 21:32 – Updated: 2025-08-21 21:32Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-55230"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-21T20:15:47Z",
"severity": "HIGH"
},
"details": "Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-g5p2-qc65-f2jm",
"modified": "2025-08-21T21:32:07Z",
"published": "2025-08-21T21:32:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55230"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55230"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G8J9-JFGW-6PQF
Vulnerability from github – Published: 2024-11-13 21:30 – Updated: 2024-11-13 21:30Untrusted pointer dereference in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2024-34023"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-13T21:15:19Z",
"severity": "MODERATE"
},
"details": "Untrusted pointer dereference in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access.",
"id": "GHSA-g8j9-jfgw-6pqf",
"modified": "2024-11-13T21:30:37Z",
"published": "2024-11-13T21:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34023"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01132.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GCFV-HRXV-4RJX
Vulnerability from github – Published: 2026-01-07 12:31 – Updated: 2026-01-07 12:31Memory corruption while preprocessing IOCTLs in sensors.
{
"affected": [],
"aliases": [
"CVE-2025-47380"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-07T12:17:04Z",
"severity": "HIGH"
},
"details": "Memory corruption while preprocessing IOCTLs in sensors.",
"id": "GHSA-gcfv-hrxv-4rjx",
"modified": "2026-01-07T12:31:24Z",
"published": "2026-01-07T12:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47380"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GF75-G3W3-83W4
Vulnerability from github – Published: 2024-12-02 12:38 – Updated: 2024-12-02 12:38Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service.
{
"affected": [],
"aliases": [
"CVE-2024-33039"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-02T11:15:07Z",
"severity": "MODERATE"
},
"details": "Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service.",
"id": "GHSA-gf75-g3w3-83w4",
"modified": "2024-12-02T12:38:27Z",
"published": "2024-12-02T12:38:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33039"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GGQM-RV53-68HR
Vulnerability from github – Published: 2025-03-03 12:30 – Updated: 2025-03-03 12:30Memory corruption while doing Escape call when user provides valid kernel address in the place of valid user buffer address.
{
"affected": [],
"aliases": [
"CVE-2024-53033"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-03T11:15:15Z",
"severity": "HIGH"
},
"details": "Memory corruption while doing Escape call when user provides valid kernel address in the place of valid user buffer address.",
"id": "GHSA-ggqm-rv53-68hr",
"modified": "2025-03-03T12:30:33Z",
"published": "2025-03-03T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53033"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GJRX-76H3-49HJ
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable.
{
"affected": [],
"aliases": [
"CVE-2017-12719"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-06T22:29:00Z",
"severity": "HIGH"
},
"details": "An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable.",
"id": "GHSA-gjrx-76h3-49hj",
"modified": "2022-05-13T01:37:44Z",
"published": "2022-05-13T01:37:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12719"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101685"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-129: Pointer Manipulation
This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.