CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-V2QV-379G-FMVW
Vulnerability from github – Published: 2025-09-22 21:30 – Updated: 2025-09-22 21:30In the Linux kernel, the following vulnerability has been resolved:
media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats()
In cal_ctx_v4l2_init_formats(), devm_kzalloc() is assigned to ctx->active_fmt and there is a dereference of it after that, which could lead to NULL pointer dereference on failure of devm_kzalloc().
Fix this bug by adding a NULL check of ctx->active_fmt.
This bug was found by a static analyzer.
Builds with 'make allyesconfig' show no new warnings, and our static analyzer no longer warns about this code.
{
"affected": [],
"aliases": [
"CVE-2022-49254"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:02Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats()\n\nIn cal_ctx_v4l2_init_formats(), devm_kzalloc() is assigned to\nctx-\u003eactive_fmt and there is a dereference of it after that, which could\nlead to NULL pointer dereference on failure of devm_kzalloc().\n\nFix this bug by adding a NULL check of ctx-\u003eactive_fmt.\n\nThis bug was found by a static analyzer.\n\nBuilds with \u0027make allyesconfig\u0027 show no new warnings, and our static\nanalyzer no longer warns about this code.",
"id": "GHSA-v2qv-379g-fmvw",
"modified": "2025-09-22T21:30:16Z",
"published": "2025-09-22T21:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49254"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1381f1a629a090c251965edb56f849ad648414a4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/91e2805579ab0783eed53acc2bf9fb553e939004"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aa613ac270292e102503e9767882e39200efe608"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/abd77889851d2ead0d0c9c4d29f1808801477b00"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V2QW-7M3M-R9QX
Vulnerability from github – Published: 2023-08-11 15:30 – Updated: 2024-04-04 06:53vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method.
{
"affected": [],
"aliases": [
"CVE-2021-3236"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-11T14:15:12Z",
"severity": "MODERATE"
},
"details": "vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method.",
"id": "GHSA-v2qw-7m3m-r9qx",
"modified": "2024-04-04T06:53:29Z",
"published": "2023-08-11T15:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3236"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/issues/7674"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230915-0001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V32F-G8J8-65F7
Vulnerability from github – Published: 2024-03-13 18:31 – Updated: 2024-03-13 18:31A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition.
This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a crash of the dhcpd process. While the dhcpd process is restarting, which may take approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period and rely on the DHCPv4 server of the affected device.
Notes:
Only the dhcpd process crashes and eventually restarts automatically. The router does not reload. This vulnerability only applies to DHCPv4. DHCP version 6 (DHCPv6) is not affected.
{
"affected": [],
"aliases": [
"CVE-2024-20266"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-13T17:15:47Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition.\n\n This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a crash of the dhcpd process. While the dhcpd process is restarting, which may take approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period and rely on the DHCPv4 server of the affected device.\n\n Notes: \n\n \n Only the dhcpd process crashes and eventually restarts automatically. The router does not reload.\n This vulnerability only applies to DHCPv4. DHCP version 6 (DHCPv6) is not affected.",
"id": "GHSA-v32f-g8j8-65f7",
"modified": "2024-03-13T18:31:35Z",
"published": "2024-03-13T18:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20266"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dhcp-dos-3tgPKRdm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-V32F-P355-M49P
Vulnerability from github – Published: 2022-05-17 00:27 – Updated: 2022-05-17 00:27Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.
{
"affected": [],
"aliases": [
"CVE-2017-10917"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-05T01:29:00Z",
"severity": "CRITICAL"
},
"details": "Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.",
"id": "GHSA-v32f-p355-m49p",
"modified": "2022-05-17T00:27:17Z",
"published": "2022-05-17T00:27:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10917"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201708-03"
},
{
"type": "WEB",
"url": "https://xenbits.xen.org/xsa/advisory-221.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3969"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99157"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038731"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V32H-8F7R-3543
Vulnerability from github – Published: 2025-08-27 21:31 – Updated: 2025-11-05 00:31If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the kea-dhcp4 process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem.
This issue affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0.
{
"affected": [],
"aliases": [
"CVE-2025-40779"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-27T21:15:54Z",
"severity": "HIGH"
},
"details": "If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem.\nThis issue affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0.",
"id": "GHSA-v32h-8f7r-3543",
"modified": "2025-11-05T00:31:25Z",
"published": "2025-08-27T21:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40779"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/cve-2025-40779"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/08/27/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V32R-M6J9-4VHW
Vulnerability from github – Published: 2025-08-22 18:31 – Updated: 2025-11-26 00:30In the Linux kernel, the following vulnerability has been resolved:
Revert "drm/prime: Use dma_buf from GEM object instance"
This reverts commit f83a9b8c7fd0557b0c50784bfdc1bbe9140c9bf8.
The dma_buf field in struct drm_gem_object is not stable over the object instance's lifetime. The field becomes NULL when user space releases the final GEM handle on the buffer object. This resulted in a NULL-pointer deref.
Workarounds in commit 5307dce878d4 ("drm/gem: Acquire references on GEM handles for framebuffers") and commit f6bfc9afc751 ("drm/framebuffer: Acquire internal references on GEM handles") only solved the problem partially. They especially don't work for buffer objects without a DRM framebuffer associated.
Hence, this revert to going back to using .import_attach->dmabuf.
v3: - cc stable
{
"affected": [],
"aliases": [
"CVE-2025-38674"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-22T16:15:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/prime: Use dma_buf from GEM object instance\"\n\nThis reverts commit f83a9b8c7fd0557b0c50784bfdc1bbe9140c9bf8.\n\nThe dma_buf field in struct drm_gem_object is not stable over the\nobject instance\u0027s lifetime. The field becomes NULL when user space\nreleases the final GEM handle on the buffer object. This resulted\nin a NULL-pointer deref.\n\nWorkarounds in commit 5307dce878d4 (\"drm/gem: Acquire references on\nGEM handles for framebuffers\") and commit f6bfc9afc751 (\"drm/framebuffer:\nAcquire internal references on GEM handles\") only solved the problem\npartially. They especially don\u0027t work for buffer objects without a DRM\nframebuffer associated.\n\nHence, this revert to going back to using .import_attach-\u003edmabuf.\n\nv3:\n- cc stable",
"id": "GHSA-v32r-m6j9-4vhw",
"modified": "2025-11-26T00:30:15Z",
"published": "2025-08-22T18:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38674"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5f05d83ce689a8930a70dfa73f879604aef8cc03"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fb4ef4a52b79a22ad382bfe77332642d02aef773"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V33C-VR3G-MWH2
Vulnerability from github – Published: 2022-05-17 00:12 – Updated: 2022-05-17 00:12In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
{
"affected": [],
"aliases": [
"CVE-2017-17505"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-11T03:29:00Z",
"severity": "MODERATE"
},
"details": "In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.",
"id": "GHSA-v33c-vr3g-mwh2",
"modified": "2022-05-17T00:12:51Z",
"published": "2022-05-17T00:12:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17505"
},
{
"type": "WEB",
"url": "https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V352-44GF-8R9H
Vulnerability from github – Published: 2025-12-11 00:30 – Updated: 2025-12-11 18:30NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, and Camera Hub G3 4.1.9_0027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs.
{
"affected": [],
"aliases": [
"CVE-2025-65296"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-10T22:16:27Z",
"severity": "MODERATE"
},
"details": "NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, and Camera Hub G3 4.1.9_0027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs.",
"id": "GHSA-v352-44gf-8r9h",
"modified": "2025-12-11T18:30:43Z",
"published": "2025-12-11T00:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65296"
},
{
"type": "WEB",
"url": "https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/JSON-NULL-Dereference.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V3CW-88QX-CF5C
Vulnerability from github – Published: 2024-01-02 06:30 – Updated: 2024-01-02 06:30Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.
{
"affected": [],
"aliases": [
"CVE-2023-33036"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-02T06:15:09Z",
"severity": "HIGH"
},
"details": "Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.",
"id": "GHSA-v3cw-88qx-cf5c",
"modified": "2024-01-02T06:30:30Z",
"published": "2024-01-02T06:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33036"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V3P7-5H4W-XRJG
Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-07-29 00:00An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c.
{
"affected": [],
"aliases": [
"CVE-2021-33466"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-26T13:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c.",
"id": "GHSA-v3p7-5h4w-xrjg",
"modified": "2022-07-29T00:00:33Z",
"published": "2022-07-27T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33466"
},
{
"type": "WEB",
"url": "https://github.com/yasm/yasm/issues/172"
},
{
"type": "WEB",
"url": "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.