CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-JGC9-FR2G-9R52
Vulnerability from github – Published: 2026-05-01 15:30 – Updated: 2026-05-07 21:30In the Linux kernel, the following vulnerability has been resolved:
comedi: ni_atmio16d: Fix invalid clean-up after failed attach
If the driver's COMEDI "attach" handler function (atmio16d_attach())
returns an error, the COMEDI core will call the driver's "detach"
handler function (atmio16d_detach()) to clean up. This calls
reset_atmio16d() unconditionally, but depending on where the error
occurred in the attach handler, the device may not have been
sufficiently initialized to call reset_atmio16d(). It uses
dev->iobase as the I/O port base address and dev->private as the
pointer to the COMEDI device's private data structure. dev->iobase
may still be set to its initial value of 0, which would result in
undesired writes to low I/O port addresses. dev->private may still be
NULL, which would result in null pointer dereferences.
Fix atmio16d_detach() by checking that dev->private is valid
(non-null) before calling reset_atmio16d(). This implies that
dev->iobase was set correctly since that is set up before
dev->private.
{
"affected": [],
"aliases": [
"CVE-2026-31749"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-01T15:16:37Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: ni_atmio16d: Fix invalid clean-up after failed attach\n\nIf the driver\u0027s COMEDI \"attach\" handler function (`atmio16d_attach()`)\nreturns an error, the COMEDI core will call the driver\u0027s \"detach\"\nhandler function (`atmio16d_detach()`) to clean up. This calls\n`reset_atmio16d()` unconditionally, but depending on where the error\noccurred in the attach handler, the device may not have been\nsufficiently initialized to call `reset_atmio16d()`. It uses\n`dev-\u003eiobase` as the I/O port base address and `dev-\u003eprivate` as the\npointer to the COMEDI device\u0027s private data structure. `dev-\u003eiobase`\nmay still be set to its initial value of 0, which would result in\nundesired writes to low I/O port addresses. `dev-\u003eprivate` may still be\n`NULL`, which would result in null pointer dereferences.\n\nFix `atmio16d_detach()` by checking that `dev-\u003eprivate` is valid\n(non-null) before calling `reset_atmio16d()`. This implies that\n`dev-\u003eiobase` was set correctly since that is set up before\n`dev-\u003eprivate`.",
"id": "GHSA-jgc9-fr2g-9r52",
"modified": "2026-05-07T21:30:23Z",
"published": "2026-05-01T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31749"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/101ab946b79ad83b36d5cfd47de587492a80acf0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3848ae00b1642e2c98ff8cbfd2d3b38c6f53b5c3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/43c68a2c7cc35b7c2a83c285cb4ad3d472b8caa2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5d8d88c8c0eec230de8f1f60e0920a4337939a88"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/933a2d6a95f9bfb203e562c9be1dd990c735535c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a01dd339ea6ac58b0967a50085622a6017351140"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d07d97ca4f7fac467cdcf4a012690853958b7e89"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f517646e008fe99ca1800601cd011b110f8684ae"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JGF2-2XCW-5GXX
Vulnerability from github – Published: 2022-05-24 17:05 – Updated: 2023-01-20 21:30In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.
{
"affected": [],
"aliases": [
"CVE-2019-20054"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-28T05:15:00Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.",
"id": "GHSA-jgf2-2xcw-5gxx",
"modified": "2023-01-20T21:30:28Z",
"published": "2022-05-24T17:05:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20054"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=23da9588037ecdd4901db76a5b79a42b529c4ec3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89189557b47b35683a27c80ee78aef18248eefb4"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200204-0002"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JGHG-Q7GQ-JJMW
Vulnerability from github – Published: 2025-10-03 21:30 – Updated: 2025-10-08 21:30A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
{
"affected": [],
"aliases": [
"CVE-2025-44011"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-03T19:15:42Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nQsync Central 5.0.0.1 ( 2025/07/09 ) and later",
"id": "GHSA-jghg-q7gq-jjmw",
"modified": "2025-10-08T21:30:23Z",
"published": "2025-10-03T21:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-44011"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-25-34"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JGHJ-V2GG-6P22
Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-17 00:00Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-40796"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-16T15:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-jghj-v2gg-6p22",
"modified": "2022-03-17T00:00:30Z",
"published": "2022-03-17T00:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40796"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb21-100.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JGJ3-RX6G-3QHQ
Vulnerability from github – Published: 2026-03-10 21:32 – Updated: 2026-03-10 21:32Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2026-21364"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-10T19:17:13Z",
"severity": "MODERATE"
},
"details": "Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-jgj3-rx6g-3qhq",
"modified": "2026-03-10T21:32:15Z",
"published": "2026-03-10T21:32:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21364"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb26-25.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JGMW-Q22M-J3R4
Vulnerability from github – Published: 2022-05-17 02:55 – Updated: 2025-04-20 03:34The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2017-6846"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-15T14:59:00Z",
"severity": "MODERATE"
},
"details": "The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.",
"id": "GHSA-jgmw-q22m-j3r4",
"modified": "2025-04-20T03:34:08Z",
"published": "2022-05-17T02:55:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6846"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementsetnonstrokingcolorspace-graphicsstack-h"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JGVV-GHRF-G923
Vulnerability from github – Published: 2025-10-03 21:30 – Updated: 2025-10-08 21:30A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
{
"affected": [],
"aliases": [
"CVE-2025-52855"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-03T19:15:47Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.6.3195 build 20250715 and later\nQuTS hero h5.2.6.3195 build 20250715 and later",
"id": "GHSA-jgvv-ghrf-g923",
"modified": "2025-10-08T21:30:24Z",
"published": "2025-10-03T21:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52855"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-25-36"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JH37-VQ2P-5J5H
Vulnerability from github – Published: 2023-04-20 21:33 – Updated: 2024-04-04 03:37A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.
{
"affected": [],
"aliases": [
"CVE-2023-2177"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-20T21:15:08Z",
"severity": "MODERATE"
},
"details": "A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.",
"id": "GHSA-jh37-vq2p-5j5h",
"modified": "2024-04-04T03:37:34Z",
"published": "2023-04-20T21:33:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2177"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=181d8d2066c0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JH3V-8G5C-FP73
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-18 18:32In the Linux kernel, the following vulnerability has been resolved:
RDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup
The function rxe_create_qp calls rxe_qp_from_init. If some error occurs, the error handler of function rxe_qp_from_init will set both scq and rcq to NULL.
Then rxe_create_qp calls rxe_put to handle qp. In the end, rxe_qp_do_cleanup is called by rxe_put. rxe_qp_do_cleanup directly accesses scq and rcq before checking them. This will cause null-ptr-deref error.
The call graph is as below:
rxe_create_qp { ... rxe_qp_from_init { ... err1: ... qp->rcq = NULL; <---rcq is set to NULL qp->scq = NULL; <---scq is set to NULL ... }
qp_init: rxe_put{ ... rxe_qp_do_cleanup { ... atomic_dec(&qp->scq->num_wq); <--- scq is accessed ... atomic_dec(&qp->rcq->num_wq); <--- rcq is accessed } }
{
"affected": [],
"aliases": [
"CVE-2022-50135"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup\n\nThe function rxe_create_qp calls rxe_qp_from_init. If some error\noccurs, the error handler of function rxe_qp_from_init will set\nboth scq and rcq to NULL.\n\nThen rxe_create_qp calls rxe_put to handle qp. In the end,\nrxe_qp_do_cleanup is called by rxe_put. rxe_qp_do_cleanup directly\naccesses scq and rcq before checking them. This will cause\nnull-ptr-deref error.\n\nThe call graph is as below:\n\nrxe_create_qp {\n ...\n rxe_qp_from_init {\n ...\n err1:\n ...\n qp-\u003ercq = NULL; \u003c---rcq is set to NULL\n qp-\u003escq = NULL; \u003c---scq is set to NULL\n ...\n }\n\nqp_init:\n rxe_put{\n ...\n rxe_qp_do_cleanup {\n ...\n atomic_dec(\u0026qp-\u003escq-\u003enum_wq); \u003c--- scq is accessed\n ...\n atomic_dec(\u0026qp-\u003ercq-\u003enum_wq); \u003c--- rcq is accessed\n }\n}",
"id": "GHSA-jh3v-8g5c-fp73",
"modified": "2025-11-18T18:32:46Z",
"published": "2025-06-18T12:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50135"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/37da51efe6eaa0560f46803c8c436a48a2084da7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8598b9d0a364c1663c96fc0fab9df0d36c809aea"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JH4R-J37P-C5MV
Vulnerability from github – Published: 2022-05-17 04:52 – Updated: 2025-08-23 00:31Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2014-0757"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-01-31T06:15:00Z",
"severity": "MODERATE"
},
"details": "Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.",
"id": "GHSA-jh4r-j37p-c5mv",
"modified": "2025-08-23T00:31:12Z",
"published": "2022-05-17T04:52:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0757"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-030-01"
},
{
"type": "WEB",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-030-01"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/56713"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.