CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-P89J-VJGQ-2RFV
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44In read_and_discard_scanlines of jdapistd.c, there is a possible null pointer exception due to a missing NULL check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173702583
{
"affected": [],
"aliases": [
"CVE-2021-0384"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-10T17:15:00Z",
"severity": "MODERATE"
},
"details": "In read_and_discard_scanlines of jdapistd.c, there is a possible null pointer exception due to a missing NULL check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173702583",
"id": "GHSA-p89j-vjgq-2rfv",
"modified": "2022-05-24T17:44:08Z",
"published": "2022-05-24T17:44:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0384"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2021-03-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-P8G6-7V7W-4WHG
Vulnerability from github – Published: 2024-04-05 09:30 – Updated: 2026-05-12 12:31In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: Create persistent INTx handler
A vulnerability exists where the eventfd for INTx signaling can be deconfigured, which unregisters the IRQ handler but still allows eventfds to be signaled with a NULL context through the SET_IRQS ioctl or through unmask irqfd if the device interrupt is pending.
Ideally this could be solved with some additional locking; the igate mutex serializes the ioctl and config space accesses, and the interrupt handler is unregistered relative to the trigger, but the irqfd path runs asynchronous to those. The igate mutex cannot be acquired from the atomic context of the eventfd wake function. Disabling the irqfd relative to the eventfd registration is potentially incompatible with existing userspace.
As a result, the solution implemented here moves configuration of the INTx interrupt handler to track the lifetime of the INTx context object and irq_type configuration, rather than registration of a particular trigger eventfd. Synchronization is added between the ioctl path and eventfd_signal() wrapper such that the eventfd trigger can be dynamically updated relative to in-flight interrupts or irqfd callbacks.
{
"affected": [],
"aliases": [
"CVE-2024-26812"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-05T09:15:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Create persistent INTx handler\n\nA vulnerability exists where the eventfd for INTx signaling can be\ndeconfigured, which unregisters the IRQ handler but still allows\neventfds to be signaled with a NULL context through the SET_IRQS ioctl\nor through unmask irqfd if the device interrupt is pending.\n\nIdeally this could be solved with some additional locking; the igate\nmutex serializes the ioctl and config space accesses, and the interrupt\nhandler is unregistered relative to the trigger, but the irqfd path\nruns asynchronous to those. The igate mutex cannot be acquired from the\natomic context of the eventfd wake function. Disabling the irqfd\nrelative to the eventfd registration is potentially incompatible with\nexisting userspace.\n\nAs a result, the solution implemented here moves configuration of the\nINTx interrupt handler to track the lifetime of the INTx context object\nand irq_type configuration, rather than registration of a particular\ntrigger eventfd. Synchronization is added between the ioctl path and\neventfd_signal() wrapper such that the eventfd trigger can be\ndynamically updated relative to in-flight interrupts or irqfd callbacks.",
"id": "GHSA-p8g6-7v7w-4whg",
"modified": "2026-05-12T12:31:36Z",
"published": "2024-04-05T09:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26812"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0e09cf81959d9f12b75ad5c6dd53d237432ed034"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/18c198c96a815c962adc2b9b77909eec0be7df4d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/27d40bf72dd9a6600b76ad05859176ea9a1b4897"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4c089cefe30924fbe20dd1ee92774ea1f5eca834"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4cb0d7532126d23145329826c38054b4e9a05e7c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/69276a555c740acfbff13fb5769ee9c92e1c828e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7d29d4c72c1e196cce6969c98072a272d1a703b3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b18fa894d615c8527e15d96b76c7448800e13899"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P8R5-V84X-P259
Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2022-05-24 16:49In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2019-10993"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-28T21:15:00Z",
"severity": "CRITICAL"
},
"details": "In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code.",
"id": "GHSA-p8r5-v84x-p259",
"modified": "2022-05-24T16:49:00Z",
"published": "2022-05-24T16:49:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10993"
},
{
"type": "WEB",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-597"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-598"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-601"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-602"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-603"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-605"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-606"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-607"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-611"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-612"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-613"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-614"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-615"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-616"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-617"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-618"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-623"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P8RW-V5C5-234R
Vulnerability from github – Published: 2024-08-21 09:31 – Updated: 2024-09-06 15:32In the Linux kernel, the following vulnerability has been resolved:
ice: Add check for kzalloc
Add the check for the return value of kzalloc in order to avoid NULL pointer dereference. Moreover, use the goto-label to share the clean code.
{
"affected": [],
"aliases": [
"CVE-2022-48886"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-21T07:15:05Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add check for kzalloc\n\nAdd the check for the return value of kzalloc in order to avoid\nNULL pointer dereference.\nMoreover, use the goto-label to share the clean code.",
"id": "GHSA-p8rw-v5c5-234r",
"modified": "2024-09-06T15:32:56Z",
"published": "2024-08-21T09:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48886"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/40543b3d9d2c13227ecd3aa90a713c201d1d7f09"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/96a9873188552ebb2afe76033d7329a5ecabef6e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P8V4-4J5F-RG8W
Vulnerability from github – Published: 2022-01-13 00:00 – Updated: 2023-05-27 06:30A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service.
{
"affected": [],
"aliases": [
"CVE-2021-40563"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-12T22:15:00Z",
"severity": "MODERATE"
},
"details": "A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service.",
"id": "GHSA-p8v4-4j5f-rg8w",
"modified": "2023-05-27T06:30:37Z",
"published": "2022-01-13T00:00:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40563"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1892"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/5ce0c906ed8599d218036b18b78e8126a496f137"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5411"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P8VV-WC7J-9RP3
Vulnerability from github – Published: 2023-05-09 03:30 – Updated: 2024-04-04 03:53In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
{
"affected": [],
"aliases": [
"CVE-2022-48231"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-09T02:15:10Z",
"severity": "MODERATE"
},
"details": "In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.",
"id": "GHSA-p8vv-wc7j-9rp3",
"modified": "2024-04-04T03:53:55Z",
"published": "2023-05-09T03:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48231"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P8W7-VVC7-Q62H
Vulnerability from github – Published: 2024-02-23 15:30 – Updated: 2024-04-30 21:30In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix NULL pointer dereference at hibernate
During hibernate sequence the source context might not have a clk_mgr. So don't use it to look for DML2 support.
{
"affected": [],
"aliases": [
"CVE-2023-52460"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-23T15:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix NULL pointer dereference at hibernate\n\nDuring hibernate sequence the source context might not have a clk_mgr.\nSo don\u0027t use it to look for DML2 support.",
"id": "GHSA-p8w7-vvc7-q62h",
"modified": "2024-04-30T21:30:31Z",
"published": "2024-02-23T15:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52460"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6b80326efff093d037e0971831dca6ebddba9b45"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b719a9c15d52d4f56bdea8241a5d90fd9197ce99"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P8X3-XPCH-P28R
Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-17 00:01A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.
{
"affected": [],
"aliases": [
"CVE-2021-4095"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-10T17:44:00Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference was found in the Linux kernel\u0027s KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.",
"id": "GHSA-p8x3-xpch-p28r",
"modified": "2022-03-17T00:01:39Z",
"published": "2022-03-11T00:02:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4095"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031194"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIOQN7JJNN6ABIDGRSTVZA65MHRLMH2Q"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT6573CGKVK3DU2632VVO5BVM4IU7SBV"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/01/17/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P928-C9C9-QW29
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-12-12 03:31A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.
{
"affected": [],
"aliases": [
"CVE-2020-16588"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-09T21:15:00Z",
"severity": "MODERATE"
},
"details": "A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.",
"id": "GHSA-p928-c9c9-qw29",
"modified": "2022-12-12T03:31:05Z",
"published": "2022-05-24T17:35:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16588"
},
{
"type": "WEB",
"url": "https://github.com/AcademySoftwareFoundation/openexr/issues/493"
},
{
"type": "WEB",
"url": "https://github.com/AcademySoftwareFoundation/openexr/commit/74504503cff86e986bac441213c403b0ba28d58f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P92R-95QG-V4VF
Vulnerability from github – Published: 2022-12-31 00:30 – Updated: 2023-01-06 21:30NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a null-pointer dereference occurs, which may lead to denial of service.
{
"affected": [],
"aliases": [
"CVE-2022-34683"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-30T23:15:00Z",
"severity": "MODERATE"
},
"details": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a null-pointer dereference occurs, which may lead to denial of service.",
"id": "GHSA-p92r-95qg-v4vf",
"modified": "2023-01-06T21:30:40Z",
"published": "2022-12-31T00:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34683"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.