CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-R596-GFJ2-GC78
Vulnerability from github – Published: 2024-05-19 12:30 – Updated: 2025-01-31 15:30In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: fix null pointer access when abort scan
During cancel scan we might use vif that weren't scanning. Fix this by using the actual scanning vif.
{
"affected": [],
"aliases": [
"CVE-2024-35946"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-19T11:15:50Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix null pointer access when abort scan\n\nDuring cancel scan we might use vif that weren\u0027t scanning.\nFix this by using the actual scanning vif.",
"id": "GHSA-r596-gfj2-gc78",
"modified": "2025-01-31T15:30:42Z",
"published": "2024-05-19T12:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35946"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4f11c741908dab7dd48fa5a986b210d4fc74ca8d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7e11a2966f51695c0af0b1f976a32d64dee243b2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b34d64e9aa5505e3c84570aed5c757f1839573e8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R59M-GRJG-3VPV
Vulnerability from github – Published: 2025-08-22 18:31 – Updated: 2026-01-07 18:30In the Linux kernel, the following vulnerability has been resolved:
clk: davinci: Add NULL check in davinci_lpsc_clk_register()
devm_kasprintf() returns NULL when memory allocation fails. Currently, davinci_lpsc_clk_register() does not check for this case, which results in a NULL pointer dereference.
Add NULL check after devm_kasprintf() to prevent this issue and ensuring no resources are left allocated.
{
"affected": [],
"aliases": [
"CVE-2025-38635"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-22T16:15:37Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: davinci: Add NULL check in davinci_lpsc_clk_register()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\ndavinci_lpsc_clk_register() does not check for this case, which results\nin a NULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue and ensuring\nno resources are left allocated.",
"id": "GHSA-r59m-grjg-3vpv",
"modified": "2026-01-07T18:30:21Z",
"published": "2025-08-22T18:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38635"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/105e8115944a9f93e9412abe7bb07ed96725adf9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/13de464f445d42738fe18c9a28bab056ba3a290a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1d92608a29251278015f57f3572bc950db7519f0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/23f564326deaafacfd7adf6104755b15216d8320"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2adc945b70c4d97e9491a6c0c9f3b217a9eecfba"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6fb19cdcf040e1dec052a9032acb66cc2ad1d43f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/77e9ad7a2d0e2a771c9e0be04b9d1639413b5f13"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7843412e5927dafbb844782c56b6380564064109"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7943ed1f05f5cb7372dca2aa227f848747a98791"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R5CC-GR9F-CH8C
Vulnerability from github – Published: 2026-07-01 06:31 – Updated: 2026-07-01 12:31In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01826924; Issue ID: MSV-7301.
{
"affected": [],
"aliases": [
"CVE-2026-20457"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-01T04:17:13Z",
"severity": "MODERATE"
},
"details": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01826924; Issue ID: MSV-7301.",
"id": "GHSA-r5cc-gr9f-ch8c",
"modified": "2026-07-01T12:31:34Z",
"published": "2026-07-01T06:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20457"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2026"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R5GQ-R69X-5F8P
Vulnerability from github – Published: 2026-06-25 18:30 – Updated: 2026-07-01 21:35CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces.
{
"affected": [],
"aliases": [
"CVE-2026-9716"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T16:16:44Z",
"severity": "HIGH"
},
"details": "CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device\u2019s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces.",
"id": "GHSA-r5gq-r69x-5f8p",
"modified": "2026-07-01T21:35:53Z",
"published": "2026-06-25T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9716"
},
{
"type": "WEB",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2026-160-03.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-R5J3-CC22-8XX9
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2019-14584"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-03T20:15:00Z",
"severity": "HIGH"
},
"details": "Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.",
"id": "GHSA-r5j3-cc22-8xx9",
"modified": "2022-05-24T19:03:56Z",
"published": "2022-05-24T19:03:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14584"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889486"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-R5JP-QMJ5-W52X
Vulnerability from github – Published: 2022-05-17 02:57 – Updated: 2022-05-17 02:57All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.
{
"affected": [],
"aliases": [
"CVE-2017-0321"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-15T23:59:00Z",
"severity": "HIGH"
},
"details": "All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.",
"id": "GHSA-r5jp-qmj5-w52x",
"modified": "2022-05-17T02:57:57Z",
"published": "2022-05-17T02:57:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0321"
},
{
"type": "WEB",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R5JX-GQFH-5PMR
Vulnerability from github – Published: 2025-01-05 18:30 – Updated: 2025-01-05 18:30A vulnerability was found in IObit Protected Folder up to 13.6.0.5. It has been classified as problematic. Affected is the function 0x8001E000/0x8001E00C/0x8001E004/0x8001E010 in the library IURegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-0223"
],
"database_specific": {
"cwe_ids": [
"CWE-404",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-05T16:15:05Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in IObit Protected Folder up to 13.6.0.5. It has been classified as problematic. Affected is the function 0x8001E000/0x8001E00C/0x8001E004/0x8001E010 in the library IURegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-r5jx-gqfh-5pmr",
"modified": "2025-01-05T18:30:35Z",
"published": "2025-01-05T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0223"
},
{
"type": "WEB",
"url": "https://shareforall.notion.site/IOBit-Uninstaller-IURegistryFilter-0x8001E000-NPD-DOS-15260437bb1e80e482e0e3c9b22b58d0"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.290202"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.290202"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.466963"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-R5MW-V3MQ-JRVM
Vulnerability from github – Published: 2025-09-02 21:30 – Updated: 2025-09-02 21:30An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the name() method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check for a NULL return value from the av_get_sample_fmt_name() C function, which can be triggered by providing an unrecognized sample format.
{
"affected": [],
"aliases": [
"CVE-2025-57612"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-02T16:15:39Z",
"severity": "HIGH"
},
"details": "An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the name() method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check for a NULL return value from the av_get_sample_fmt_name() C function, which can be triggered by providing an unrecognized sample format.",
"id": "GHSA-r5mw-v3mq-jrvm",
"modified": "2025-09-02T21:30:58Z",
"published": "2025-09-02T21:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57612"
},
{
"type": "WEB",
"url": "https://github.com/meh/rust-ffmpeg/issues/192"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R5QW-5M8Q-6774
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-11 18:31In the Linux kernel, the following vulnerability has been resolved:
bridge: guard local VLAN-0 FDB helpers against NULL vlan group
When CONFIG_BRIDGE_VLAN_FILTERING is not set, br_vlan_group() and nbp_vlan_group() return NULL (br_private.h stub definitions). The BR_BOOLOPT_FDB_LOCAL_VLAN_0 toggle code is compiled unconditionally and reaches br_fdb_delete_locals_per_vlan_port() and br_fdb_insert_locals_per_vlan_port(), where the NULL vlan group pointer is dereferenced via list_for_each_entry(v, &vg->vlan_list, vlist).
The observed crash is in the delete path, triggered when creating a bridge with IFLA_BR_MULTI_BOOLOPT containing BR_BOOLOPT_FDB_LOCAL_VLAN_0 via RTM_NEWLINK. The insert helper has the same bug pattern.
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000056: 0000 [#1] KASAN NOPTI KASAN: null-ptr-deref in range [0x00000000000002b0-0x00000000000002b7] RIP: 0010:br_fdb_delete_locals_per_vlan+0x2b9/0x310 Call Trace: br_fdb_toggle_local_vlan_0+0x452/0x4c0 br_toggle_fdb_local_vlan_0+0x31/0x80 net/bridge/br.c:276 br_boolopt_toggle net/bridge/br.c:313 br_boolopt_multi_toggle net/bridge/br.c:364 br_changelink net/bridge/br_netlink.c:1542 br_dev_newlink net/bridge/br_netlink.c:1575
Add NULL checks for the vlan group pointer in both helpers, returning early when there are no VLANs to iterate. This matches the existing pattern used by other bridge FDB functions such as br_fdb_add() and br_fdb_delete().
{
"affected": [],
"aliases": [
"CVE-2026-43100"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T10:16:23Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: guard local VLAN-0 FDB helpers against NULL vlan group\n\nWhen CONFIG_BRIDGE_VLAN_FILTERING is not set, br_vlan_group() and\nnbp_vlan_group() return NULL (br_private.h stub definitions). The\nBR_BOOLOPT_FDB_LOCAL_VLAN_0 toggle code is compiled unconditionally and\nreaches br_fdb_delete_locals_per_vlan_port() and\nbr_fdb_insert_locals_per_vlan_port(), where the NULL vlan group pointer\nis dereferenced via list_for_each_entry(v, \u0026vg-\u003evlan_list, vlist).\n\nThe observed crash is in the delete path, triggered when creating a\nbridge with IFLA_BR_MULTI_BOOLOPT containing BR_BOOLOPT_FDB_LOCAL_VLAN_0\nvia RTM_NEWLINK. The insert helper has the same bug pattern.\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000056: 0000 [#1] KASAN NOPTI\n KASAN: null-ptr-deref in range [0x00000000000002b0-0x00000000000002b7]\n RIP: 0010:br_fdb_delete_locals_per_vlan+0x2b9/0x310\n Call Trace:\n br_fdb_toggle_local_vlan_0+0x452/0x4c0\n br_toggle_fdb_local_vlan_0+0x31/0x80 net/bridge/br.c:276\n br_boolopt_toggle net/bridge/br.c:313\n br_boolopt_multi_toggle net/bridge/br.c:364\n br_changelink net/bridge/br_netlink.c:1542\n br_dev_newlink net/bridge/br_netlink.c:1575\n\nAdd NULL checks for the vlan group pointer in both helpers, returning\nearly when there are no VLANs to iterate. This matches the existing\npattern used by other bridge FDB functions such as br_fdb_add() and\nbr_fdb_delete().",
"id": "GHSA-r5qw-5m8q-6774",
"modified": "2026-05-11T18:31:35Z",
"published": "2026-05-06T12:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43100"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1979645e1842cb7017525a61a0e0e0beb924d02a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ddf0ec2d600e7dad62b89692749534d7900a732a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fb612d436ff0317659e45a91c25fd7d9516f5b1b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R5W7-V3PV-7P6Q
Vulnerability from github – Published: 2022-05-14 03:25 – Updated: 2022-05-14 03:25In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, lack of address argument validation inqsee_fuse_write could lead to untrusted pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2015-9109"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-18T14:29:00Z",
"severity": "CRITICAL"
},
"details": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, lack of address argument validation inqsee_fuse_write could lead to untrusted pointer dereference.",
"id": "GHSA-r5w7-v3pv-7p6q",
"modified": "2022-05-14T03:25:48Z",
"published": "2022-05-14T03:25:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9109"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103671"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.