CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-Q5WJ-CXQ5-M47H
Vulnerability from github – Published: 2025-04-01 18:30 – Updated: 2025-04-10 18:32In the Linux kernel, the following vulnerability has been resolved:
arm: pgtable: fix NULL pointer dereference issue
When update_mmu_cache_range() is called by update_mmu_cache(), the vmf parameter is NULL, which will cause a NULL pointer dereference issue in adjust_pte():
Unable to handle kernel NULL pointer dereference at virtual address 00000030 when read Hardware name: Atmel AT91SAM9 PC is at update_mmu_cache_range+0x1e0/0x278 LR is at pte_offset_map_rw_nolock+0x18/0x2c Call trace: update_mmu_cache_range from remove_migration_pte+0x29c/0x2ec remove_migration_pte from rmap_walk_file+0xcc/0x130 rmap_walk_file from remove_migration_ptes+0x90/0xa4 remove_migration_ptes from migrate_pages_batch+0x6d4/0x858 migrate_pages_batch from migrate_pages+0x188/0x488 migrate_pages from compact_zone+0x56c/0x954 compact_zone from compact_node+0x90/0xf0 compact_node from kcompactd+0x1d4/0x204 kcompactd from kthread+0x120/0x12c kthread from ret_from_fork+0x14/0x38 Exception stack(0xc0d8bfb0 to 0xc0d8bff8)
To fix it, do not rely on whether 'ptl' is equal to decide whether to hold the pte lock, but decide it by whether CONFIG_SPLIT_PTE_PTLOCKS is enabled. In addition, if two vmas map to the same PTE page, there is no need to hold the pte lock again, otherwise a deadlock will occur. Just add the need_lock parameter to let adjust_pte() know this information.
{
"affected": [],
"aliases": [
"CVE-2025-21933"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-01T16:15:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\narm: pgtable: fix NULL pointer dereference issue\n\nWhen update_mmu_cache_range() is called by update_mmu_cache(), the vmf\nparameter is NULL, which will cause a NULL pointer dereference issue in\nadjust_pte():\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000030 when read\nHardware name: Atmel AT91SAM9\nPC is at update_mmu_cache_range+0x1e0/0x278\nLR is at pte_offset_map_rw_nolock+0x18/0x2c\nCall trace:\n update_mmu_cache_range from remove_migration_pte+0x29c/0x2ec\n remove_migration_pte from rmap_walk_file+0xcc/0x130\n rmap_walk_file from remove_migration_ptes+0x90/0xa4\n remove_migration_ptes from migrate_pages_batch+0x6d4/0x858\n migrate_pages_batch from migrate_pages+0x188/0x488\n migrate_pages from compact_zone+0x56c/0x954\n compact_zone from compact_node+0x90/0xf0\n compact_node from kcompactd+0x1d4/0x204\n kcompactd from kthread+0x120/0x12c\n kthread from ret_from_fork+0x14/0x38\nException stack(0xc0d8bfb0 to 0xc0d8bff8)\n\nTo fix it, do not rely on whether \u0027ptl\u0027 is equal to decide whether to hold\nthe pte lock, but decide it by whether CONFIG_SPLIT_PTE_PTLOCKS is\nenabled. In addition, if two vmas map to the same PTE page, there is no\nneed to hold the pte lock again, otherwise a deadlock will occur. Just\nadd the need_lock parameter to let adjust_pte() know this information.",
"id": "GHSA-q5wj-cxq5-m47h",
"modified": "2025-04-10T18:32:00Z",
"published": "2025-04-01T18:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21933"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/91d011efe30aedde067ce6d218d521cf99b162e5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a564ccfe300fa6a065beda06ab7f3c140d6b4d63"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q5WR-HR4C-4MFV
Vulnerability from github – Published: 2025-10-07 18:31 – Updated: 2026-02-05 15:31In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: mlme: fix null-ptr deref on failed assoc
If association to an AP without a link 0 fails, then we crash in tracing because it assumes that either ap_mld_addr or link 0 BSS is valid, since we clear sdata->vif.valid_links and then don't add the ap_mld_addr to the struct.
Since we clear also sdata->vif.cfg.ap_addr, keep a local copy of it and assign it earlier, before clearing valid_links, to fix this.
{
"affected": [],
"aliases": [
"CVE-2022-50533"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-07T16:15:37Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: mlme: fix null-ptr deref on failed assoc\n\nIf association to an AP without a link 0 fails, then we crash in\ntracing because it assumes that either ap_mld_addr or link 0 BSS\nis valid, since we clear sdata-\u003evif.valid_links and then don\u0027t\nadd the ap_mld_addr to the struct.\n\nSince we clear also sdata-\u003evif.cfg.ap_addr, keep a local copy of\nit and assign it earlier, before clearing valid_links, to fix\nthis.",
"id": "GHSA-q5wr-hr4c-4mfv",
"modified": "2026-02-05T15:31:08Z",
"published": "2025-10-07T18:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50533"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/78a6a43aaf87180ec7425a2a90468e1b4d09a1ec"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bb7743955a929e44b308cc3f63f8cc03873c1bee"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c695dfba8dfb82dc7ace4f22be088916cbf621ca"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q5X5-W35J-J2WV
Vulnerability from github – Published: 2022-05-17 03:21 – Updated: 2022-05-17 03:21An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2016-9629"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-12T02:59:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"id": "GHSA-q5x5-w35j-j2wv",
"modified": "2022-05-17T03:21:44Z",
"published": "2022-05-17T03:21:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9629"
},
{
"type": "WEB",
"url": "https://github.com/tats/w3m/issues/40"
},
{
"type": "WEB",
"url": "https://github.com/tats/w3m/blob/master/ChangeLog"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/11/24/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q5X8-3VM4-XRH9
Vulnerability from github – Published: 2024-02-13 18:38 – Updated: 2024-02-13 18:38{
"affected": [],
"aliases": [
"CVE-2024-21404"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-13T18:15:59Z",
"severity": "HIGH"
},
"details": ".NET Denial of Service Vulnerability",
"id": "GHSA-q5x8-3vm4-xrh9",
"modified": "2024-02-13T18:38:24Z",
"published": "2024-02-13T18:38:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21404"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21404"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q5XG-CGPW-7479
Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2024-11-20 18:32In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check UnboundedRequestEnabled's value
CalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled is a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus if (p->UnboundedRequestEnabled) checks its address, not bool value.
This fixes 1 REVERSE_INULL issue reported by Coverity.
{
"affected": [],
"aliases": [
"CVE-2024-46778"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T08:15:05Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check UnboundedRequestEnabled\u0027s value\n\nCalculateSwathAndDETConfiguration_params_st\u0027s UnboundedRequestEnabled\nis a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus\nif (p-\u003eUnboundedRequestEnabled) checks its address, not bool value.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.",
"id": "GHSA-q5xg-cgpw-7479",
"modified": "2024-11-20T18:32:15Z",
"published": "2024-09-18T09:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46778"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4e2b49a85e7974d21364798c5d4aa8070aa864d9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7b38c7852093385d0605aa3c8a2efd6edd1edfd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q626-923J-FG7R
Vulnerability from github – Published: 2025-03-18 21:32 – Updated: 2025-03-18 21:32In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()
In amdgpu_dm_connector_add_common_modes(), amdgpu_dm_create_common_mode() is assigned to mode and is passed to drm_mode_probed_add() directly after that. drm_mode_probed_add() passes &mode->head to list_add_tail(), and there is a dereference of it in list_add_tail() without recoveries, which could lead to NULL pointer dereference on failure of amdgpu_dm_create_common_mode().
Fix this by adding a NULL check of mode.
This bug was found by a static analyzer.
Builds with 'make allyesconfig' show no new warnings, and our static analyzer no longer warns about this code.
{
"affected": [],
"aliases": [
"CVE-2022-49232"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:00Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()\n\nIn amdgpu_dm_connector_add_common_modes(), amdgpu_dm_create_common_mode()\nis assigned to mode and is passed to drm_mode_probed_add() directly after\nthat. drm_mode_probed_add() passes \u0026mode-\u003ehead to list_add_tail(), and\nthere is a dereference of it in list_add_tail() without recoveries, which\ncould lead to NULL pointer dereference on failure of\namdgpu_dm_create_common_mode().\n\nFix this by adding a NULL check of mode.\n\nThis bug was found by a static analyzer.\n\nBuilds with \u0027make allyesconfig\u0027 show no new warnings,\nand our static analyzer no longer warns about this code.",
"id": "GHSA-q626-923j-fg7r",
"modified": "2025-03-18T21:32:00Z",
"published": "2025-03-18T21:32:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49232"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/19a7eba284790cfbba2945deb2363cf03ce41648"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2c729dec8c1e3e2892fde5ce8181553860914e74"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/57f4ad5e286fe4599c8fc63cf89f85f9eec7f9c9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/588a70177df3b1777484267584ef38ab2ca899a2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/639b3b9def0a6a3f316a195d705d14113236e89c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bdc7429708a0772d90c208975694f7c2133b1202"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f4eaa999fec78dec2a9c2d797438e05cbffb125b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q62J-4Q9V-XGM7
Vulnerability from github – Published: 2022-05-24 17:21 – Updated: 2022-11-21 15:30A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.
{
"affected": [],
"aliases": [
"CVE-2020-12866"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-24T13:15:00Z",
"severity": "LOW"
},
"details": "A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.",
"id": "GHSA-q62j-4q9v-xgm7",
"modified": "2022-11-21T15:30:22Z",
"published": "2022-05-24T17:21:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12866"
},
{
"type": "WEB",
"url": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html"
},
{
"type": "ADVISORY",
"url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4470-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q62Q-9VGF-P9J3
Vulnerability from github – Published: 2022-05-24 17:23 – Updated: 2022-12-03 15:30A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
{
"affected": [],
"aliases": [
"CVE-2020-3481"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-07-20T18:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",
"id": "GHSA-q62q-9vgf-p9j3",
"modified": "2022-12-03T15:30:27Z",
"published": "2022-05-24T17:23:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3481"
},
{
"type": "WEB",
"url": "https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-23"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4435-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4435-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q63G-PX5V-R7JV
Vulnerability from github – Published: 2026-06-03 18:33 – Updated: 2026-06-09 21:32In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: Add missing NULL check for alloc_workqueue()
alloc_workqueue() can return NULL on memory allocation failure. Without proper error checking, this may lead to a NULL pointer dereference when queue_work() is later called with the NULL workqueue pointer in epf_ntb_epc_init().
Add a NULL check immediately after alloc_workqueue() and return -ENOMEM on failure to prevent the driver from loading with an invalid workqueue pointer.
{
"affected": [],
"aliases": [
"CVE-2025-71313"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-03T18:16:19Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Add missing NULL check for alloc_workqueue()\n\nalloc_workqueue() can return NULL on memory allocation failure. Without\nproper error checking, this may lead to a NULL pointer dereference when\nqueue_work() is later called with the NULL workqueue pointer in\nepf_ntb_epc_init().\n\nAdd a NULL check immediately after alloc_workqueue() and return -ENOMEM on\nfailure to prevent the driver from loading with an invalid workqueue\npointer.",
"id": "GHSA-q63g-px5v-r7jv",
"modified": "2026-06-09T21:32:20Z",
"published": "2026-06-03T18:33:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71313"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/03f336a869b3a3f119d3ae52ac9723739c7fb7b6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/314eab6740bcda504ef978be599f805de05ce6de"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q6C3-CW35-V2GH
Vulnerability from github – Published: 2022-07-23 00:00 – Updated: 2022-07-30 00:00Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. This vulnerability allows attackers to cause a Denial of Service (DOS) via a crafted binary file.
{
"affected": [],
"aliases": [
"CVE-2022-34520"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-22T15:15:00Z",
"severity": "MODERATE"
},
"details": "Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. This vulnerability allows attackers to cause a Denial of Service (DOS) via a crafted binary file.",
"id": "GHSA-q6c3-cw35-v2gh",
"modified": "2022-07-30T00:00:43Z",
"published": "2022-07-23T00:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34520"
},
{
"type": "WEB",
"url": "https://github.com/radareorg/radare2/issues/20354"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.