CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-HQWQ-59RQ-89XH
Vulnerability from github – Published: 2025-10-22 18:30 – Updated: 2025-10-22 18:30In the Linux kernel, the following vulnerability has been resolved:
rtla: Avoid record NULL pointer dereference
Fix the following null/deref_null.cocci errors: ./tools/tracing/rtla/src/osnoise_hist.c:870:31-36: ERROR: record is NULL but dereferenced. ./tools/tracing/rtla/src/osnoise_top.c:650:31-36: ERROR: record is NULL but dereferenced. ./tools/tracing/rtla/src/timerlat_hist.c:905:31-36: ERROR: record is NULL but dereferenced. ./tools/tracing/rtla/src/timerlat_top.c:700:31-36: ERROR: record is NULL but dereferenced.
"record" is NULL before calling osnoise_init_trace_tool. Add a tag "out_free" to avoid dereferring a NULL pointer.
{
"affected": [],
"aliases": [
"CVE-2022-49423"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:18Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtla: Avoid record NULL pointer dereference\n\nFix the following null/deref_null.cocci errors:\n./tools/tracing/rtla/src/osnoise_hist.c:870:31-36: ERROR: record is NULL but dereferenced.\n./tools/tracing/rtla/src/osnoise_top.c:650:31-36: ERROR: record is NULL but dereferenced.\n./tools/tracing/rtla/src/timerlat_hist.c:905:31-36: ERROR: record is NULL but dereferenced.\n./tools/tracing/rtla/src/timerlat_top.c:700:31-36: ERROR: record is NULL but dereferenced.\n\n\"record\" is NULL before calling osnoise_init_trace_tool.\nAdd a tag \"out_free\" to avoid dereferring a NULL pointer.",
"id": "GHSA-hqwq-59rq-89xh",
"modified": "2025-10-22T18:30:30Z",
"published": "2025-10-22T18:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49423"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2a6b52ed72c822b5ee146a6a00ea66614fe02653"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b0f1c686baff74d5df10f2f46670ef4e24a75756"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HQXR-MRP6-5M6Q
Vulnerability from github – Published: 2025-10-03 21:30 – Updated: 2025-10-08 21:30A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later
{
"affected": [],
"aliases": [
"CVE-2025-47210"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-03T19:15:43Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nQsync Central 5.0.0.2 ( 2025/07/31 ) and later",
"id": "GHSA-hqxr-mrp6-5m6q",
"modified": "2025-10-08T21:30:23Z",
"published": "2025-10-03T21:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47210"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-25-35"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-HR5V-CXWR-H392
Vulnerability from github – Published: 2025-05-07 09:31 – Updated: 2025-05-07 09:31A NULL Pointer Dereference in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet.
{
"affected": [],
"aliases": [
"CVE-2025-32398"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-07T07:15:50Z",
"severity": "HIGH"
},
"details": "A NULL Pointer Dereference in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet.",
"id": "GHSA-hr5v-cxwr-h392",
"modified": "2025-05-07T09:31:17Z",
"published": "2025-05-07T09:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32398"
},
{
"type": "WEB",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-32398"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HR6C-43H9-9GHM
Vulnerability from github – Published: 2026-06-23 18:31 – Updated: 2026-06-26 21:32GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference in the gf_isom_add_track_kind() function at isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
{
"affected": [],
"aliases": [
"CVE-2025-55639"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-23T16:16:58Z",
"severity": "MODERATE"
},
"details": "GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference in the gf_isom_add_track_kind() function at isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.",
"id": "GHSA-hr6c-43h9-9ghm",
"modified": "2026-06-26T21:32:08Z",
"published": "2026-06-23T18:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55639"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/3260"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/027ce139dda498ee95df36db9f9f6f3cadce8ec9"
},
{
"type": "WEB",
"url": "https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/23/23_poc.mp4"
},
{
"type": "WEB",
"url": "https://infosec.exchange/@sigdevel/116769184815236865"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/06/26/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HR98-7GW3-84V4
Vulnerability from github – Published: 2023-06-06 06:30 – Updated: 2024-04-04 04:33In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
{
"affected": [],
"aliases": [
"CVE-2022-48443"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-06T06:15:50Z",
"severity": "MODERATE"
},
"details": "In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.",
"id": "GHSA-hr98-7gw3-84v4",
"modified": "2024-04-04T04:33:04Z",
"published": "2023-06-06T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48443"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HRJR-QH5R-RPMR
Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-05-24 19:18Null pointer dereference can occur due to lack of null check for user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
{
"affected": [],
"aliases": [
"CVE-2021-1936"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-20T07:15:00Z",
"severity": "HIGH"
},
"details": "Null pointer dereference can occur due to lack of null check for user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables",
"id": "GHSA-hrjr-qh5r-rpmr",
"modified": "2022-05-24T19:18:24Z",
"published": "2022-05-24T19:18:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1936"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-HRXC-V3Q2-VWQH
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer.
{
"affected": [],
"aliases": [
"CVE-2021-36146"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-02T22:15:00Z",
"severity": "HIGH"
},
"details": "ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer.",
"id": "GHSA-hrxc-v3q2-vwqh",
"modified": "2022-05-24T19:06:54Z",
"published": "2022-05-24T19:06:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36146"
},
{
"type": "WEB",
"url": "https://github.com/projectacrn/acrn-hypervisor/pull/6173/commits/330359921e2e4c2f3f3a10b5bab86942d63c4428"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-HRXM-P844-P59W
Vulnerability from github – Published: 2024-02-16 03:30 – Updated: 2024-08-28 18:31In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-0035"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-16T02:15:50Z",
"severity": "HIGH"
},
"details": "In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-hrxm-p844-p59w",
"modified": "2024-08-28T18:31:52Z",
"published": "2024-02-16T03:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0035"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/frameworks/base/+/7b7fff1eb5014d12200a32ff9047da396c7ab6a4"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2024-02-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HV66-WWX3-2F7R
Vulnerability from github – Published: 2022-05-17 02:57 – Updated: 2025-04-20 03:33The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2017-5665"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-01T15:59:00Z",
"severity": "MODERATE"
},
"details": "The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.",
"id": "GHSA-hv66-wwx3-2f7r",
"modified": "2025-04-20T03:33:28Z",
"published": "2022-05-17T02:57:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5665"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/01/29/mp3splt-null-pointer-dereference-in-splt_cue_export_to_file-cue-c"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95906"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HV6F-P3FQ-464P
Vulnerability from github – Published: 2025-05-05 15:30 – Updated: 2025-11-10 18:30In the Linux kernel, the following vulnerability has been resolved:
bpf: consider that tail calls invalidate packet pointers
Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence, conservatively assume that each tail call invalidates packet pointers.
Making the change in bpf_helper_changes_pkt_data() automatically makes use of check_cfg() logic that computes 'changes_pkt_data' effect for global sub-programs, such that the following program could be rejected:
int tail_call(struct __sk_buff *sk)
{
bpf_tail_call_static(sk, &jmp_table, 0);
return 0;
}
SEC("tc")
int not_safe(struct __sk_buff *sk)
{
int *p = (void *)(long)sk->data;
... make p valid ...
tail_call(sk);
*p = 42; /* this is unsafe */
...
}
The tc_bpf2bpf.c:subprog_tc() needs change: mark it as a function that can invalidate packet pointers. Otherwise, it can't be freplaced with tailcall_freplace.c:entry_freplace() that does a tail call.
{
"affected": [],
"aliases": [
"CVE-2024-58237"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-05T15:15:54Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: consider that tail calls invalidate packet pointers\n\nTail-called programs could execute any of the helpers that invalidate\npacket pointers. Hence, conservatively assume that each tail call\ninvalidates packet pointers.\n\nMaking the change in bpf_helper_changes_pkt_data() automatically makes\nuse of check_cfg() logic that computes \u0027changes_pkt_data\u0027 effect for\nglobal sub-programs, such that the following program could be\nrejected:\n\n int tail_call(struct __sk_buff *sk)\n {\n \tbpf_tail_call_static(sk, \u0026jmp_table, 0);\n \treturn 0;\n }\n\n SEC(\"tc\")\n int not_safe(struct __sk_buff *sk)\n {\n \tint *p = (void *)(long)sk-\u003edata;\n \t... make p valid ...\n \ttail_call(sk);\n \t*p = 42; /* this is unsafe */\n \t...\n }\n\nThe tc_bpf2bpf.c:subprog_tc() needs change: mark it as a function that\ncan invalidate packet pointers. Otherwise, it can\u0027t be freplaced with\ntailcall_freplace.c:entry_freplace() that does a tail call.",
"id": "GHSA-hv6f-p3fq-464p",
"modified": "2025-11-10T18:30:30Z",
"published": "2025-05-05T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58237"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1a4607ffba35bf2a630aab299e34dd3f6e658d70"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1c2244437f9ad3dd91215f920401a14f2542dbfc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f1692ee23dcaaddc24ba407b269707ee5df1301f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.