CWE-476— NULL Pointer Dereference
4,740 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-476page 60 of 95
- CVE-2024-34508MEDIUMCVSS 4.3EG 4.32024-05-05
dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
- CVE-2024-34719HIGHCVSS 7.8EG 8.42024-11-13
In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-34952MEDIUMCVSS 5.0EG 5.02024-05-20
taurusxin ncmdump v1.3.2 was discovered to contain a segmentation violation via the NeteaseCrypt::FixMetadata() function at /src/ncmcrypt.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted .ncm file.
- CVE-2024-35200MEDIUMCVSS 5.3EG 5.32024-05-29
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.
- CVE-2024-35215MEDIUMCVSS 6.2EG 6.22024-10-08
NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the cont…
- CVE-2024-35247MEDIUMCVSS 5.5EG 5.52024-06-24
In the Linux kernel, the following vulnerability has been resolved: fpga: region: add owner module and take its refcount The current implementation of the fpga region assumes that the low-level module registers a driver for the parent de…
- CVE-2024-35492HIGHCVSS 7.5EG 7.52024-05-29
Cesanta Mongoose commit b316989 was discovered to contain a NULL pointer dereference via the scpy function at src/fmt.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MQTT packet.
- CVE-2024-35618HIGHCVSS 7.5EG 7.52024-05-24
PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereference via the component SortedRowContainer.
- CVE-2024-35790MEDIUMCVSS 5.5EG 5.52024-05-17
In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace befo…
- CVE-2024-35796MEDIUMCVSS 5.5EG 5.52024-05-17
In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called …
- CVE-2024-35800MEDIUMCVSS 5.5EG 5.52024-05-17
In the Linux kernel, the following vulnerability has been resolved: efi: fix panic in kdump kernel Check if get_next_variable() is actually valid pointer before calling it. In kdump kernel this method is set to NULL that causes panic dur…
- CVE-2024-35842MEDIUMCVSS 5.5EG 5.52024-05-17
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: sof-common: Add NULL check for normal_link string It's not granted that all entries of struct sof_conn_stream declare a `normal_link` (a non-SOF, direct …
- CVE-2024-35846MEDIUMCVSS 5.5EG 5.52024-05-17
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also croppe…
- CVE-2024-35850MEDIUMCVSS 5.5EG 5.52024-05-17
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev setup Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev po…
- CVE-2024-35851MEDIUMCVSS 5.5EG 5.52024-05-17
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev suspend Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev …
- CVE-2024-35857MEDIUMCVSS 5.3EG 5.32024-05-17
In the Linux kernel, the following vulnerability has been resolved: icmp: prevent possible NULL dereferences from icmp_build_probe() First problem is a double call to __in_dev_get_rcu(), because the second one could return NULL. if (__i…
- CVE-2024-35874MEDIUMCVSS 5.5EG 5.52024-05-19
In the Linux kernel, the following vulnerability has been resolved: aio: Fix null ptr deref in aio_complete() wakeup list_del_init_careful() needs to be the last access to the wait queue entry - it effectively unlocks access. Previously…
- CVE-2024-35878MEDIUMCVSS 5.3EG 5.32024-05-19
In the Linux kernel, the following vulnerability has been resolved: of: module: prevent NULL pointer dereference in vsnprintf() In of_modalias(), we can get passed the str and len parameters which would cause a kernel oops in vsnprintf()…
- CVE-2024-35883MEDIUMCVSS 5.5EG 5.52024-05-19
In the Linux kernel, the following vulnerability has been resolved: spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe In function pci1xxxx_spi_probe, there is a potential null pointer that may be caused by a…
- CVE-2024-35885MEDIUMCVSS 5.5EG 5.52024-05-19
In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: stop interface during shutdown The mlxbf_gige driver intermittantly encounters a NULL pointer exception while the system is shutting down via "reboot" comman…
- CVE-2024-35891MEDIUMCVSS 5.5EG 5.52024-05-19
In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Fix potential null pointer dereference In lan8814_get_sig_rx() and lan8814_get_sig_tx() ptp_parse_header() may return NULL as ptp_header due to abnorma…
- CVE-2024-35902MEDIUMCVSS 5.5EG 5.52024-05-19
In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman adds:] Analysis: * cp is a parameter of _…
- CVE-2024-35904MEDIUMCVSS 5.5EG 5.52024-05-19
In the Linux kernel, the following vulnerability has been resolved: selinux: avoid dereference of garbage after mount failure In case kern_mount() fails and returns an error pointer return in the error branch instead of continuing and de…
- CVE-2024-35907MEDIUMCVSS 5.5EG 5.52024-05-19
In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: call request_irq() after NAPI initialized The mlxbf_gige driver encounters a NULL pointer exception in mlxbf_gige_open() when kdump is enabled. The sequence…
- CVE-2024-35916MEDIUMCVSS 5.3EG 5.32024-05-19
In the Linux kernel, the following vulnerability has been resolved: dma-buf: Fix NULL pointer dereference in sanitycheck() If due to a memory allocation failure mock_chain() returns NULL, it is passed to dma_fence_enable_sw_signaling() r…
- CVE-2024-35917MEDIUMCVSS 5.5EG 5.52024-05-19
In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Fix bpf_plt pointer arithmetic Kui-Feng Lee reported a crash on s390x triggered by the dummy_st_ops/dummy_init_ptr_arg test [1]: [<0000000000000002>] 0x2 …
- CVE-2024-35919HIGHCVSS 7.0EG 7.02024-05-19
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect encoder context list Add a lock for the ctx_list, to avoid accessing a NULL pointer within the 'vpu_enc_ipi_handler' func…
- CVE-2024-35920MEDIUMCVSS 5.5EG 5.52024-05-19
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect decoder context list Add a lock for the ctx_list, to avoid accessing a NULL pointer within the 'vpu_dec_ipi_handler' func…
- CVE-2024-35933MEDIUMCVSS 5.5EG 5.52024-05-19
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Fix null ptr deref in btintel_read_version If hci_cmd_sync_complete() is triggered and skb is NULL, then hdev->req_skb is NULL, which will cause this…
- CVE-2024-35940MEDIUMCVSS 5.5EG 5.52024-05-19
In the Linux kernel, the following vulnerability has been resolved: pstore/zone: Add a null pointer check to the psz_kmsg_read kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the alloc…
- CVE-2024-35943MEDIUMCVSS 5.5EG 5.52024-05-19
In the Linux kernel, the following vulnerability has been resolved: pmdomain: ti: Add a null pointer check to the omap_prm_domain_init devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ens…
- CVE-2024-35945MEDIUMCVSS 5.5EG 5.52024-05-19
In the Linux kernel, the following vulnerability has been resolved: net: phy: phy_device: Prevent nullptr exceptions on ISR If phydev->irq is set unconditionally, check for valid interrupt handler or fall back to polling mode to prevent …
- CVE-2024-35946MEDIUMCVSS 5.5EG 5.52024-05-19
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix null pointer access when abort scan During cancel scan we might use vif that weren't scanning. Fix this by using the actual scanning vif.
- CVE-2024-35954MEDIUMCVSS 4.7EG 4.72024-05-20
In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Avoid sg device teardown race sg_remove_sfp_usercontext() must not use sg_device_destroy() after calling scsi_device_put(). sg_device_destroy() is accessing t…
- CVE-2024-35960CRITICALCVSS 9.1EG 9.12024-05-20
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from the handle into the tree when they had a refcount of 1…
- CVE-2024-35977MEDIUMCVSS 4.7EG 4.72024-05-20
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_uart: properly fix race condition The cros_ec_uart_probe() function calls devm_serdev_device_open() before it calls serdev_device_set_client_ops…
- CVE-2024-35984MEDIUMCVSS 5.5EG 5.52024-05-20
In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Target-only modes break the assumption of …
- CVE-2024-35985MEDIUMCVSS 5.5EG 5.52024-05-20
In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf() It was possible to have pick_eevdf() return NULL, which then causes a NULL-deref. This turned out …
- CVE-2024-36008MEDIUMCVSS 5.5EG 5.52024-05-20
In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree [1]. It appears the bug exists in lates…
- CVE-2024-36011MEDIUMCVSS 5.5EG 5.52024-05-23
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hci_le_big_sync_established_evt().
- CVE-2024-36014MEDIUMCVSS 5.5EG 5.52024-05-29
In the Linux kernel, the following vulnerability has been resolved: drm/arm/malidp: fix a possible null pointer dereference In malidp_mw_connector_reset, new memory is allocated with kzalloc, but no check is performed. In order to preven…
- CVE-2024-36023MEDIUMCVSS 5.5EG 5.52024-05-30
In the Linux kernel, the following vulnerability has been resolved: Julia Lawall reported this null pointer dereference, this should fix it.
- CVE-2024-36270MEDIUMCVSS 5.5EG 5.52024-06-21
In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 […
- CVE-2024-36281MEDIUMCVSS 5.5EG 5.52024-06-21
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules rx_create no longer allocates a modify_hdr instance that needs to be cleaned up. The mlx5_mod…
- CVE-2024-36387MEDIUMCVSS 5.4EG 5.42024-07-01
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.
- CVE-2024-36424MEDIUMCVSS 5.5EG 5.52024-08-06
K7RKScan.sys in K7 Ultimate Security before 17.0.2019 allows local users to cause a denial of service (BSOD) because of a NULL pointer dereference.
- CVE-2024-36476MEDIUMCVSS 5.5EG 5.52025-01-15
In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ib_sge list' is accessible Move the declaration of the 'ib_sge list' variable outside the 'always_invalidate' block to ensure it remains accessible fo…
- CVE-2024-36478MEDIUMCVSS 5.5EG 5.52024-06-21
In the Linux kernel, the following vulnerability has been resolved: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Writing 'power' and 'submit_queues' concurrently will trigger kernel panic: Test script…
- CVE-2024-36479MEDIUMCVSS 5.5EG 5.52024-06-24
In the Linux kernel, the following vulnerability has been resolved: fpga: bridge: add owner module and take its refcount The current implementation of the fpga bridge assumes that the low-level module registers a driver for the parent de…
- CVE-2024-36489MEDIUMCVSS 5.5EG 5.52024-06-21
In the Linux kernel, the following vulnerability has been resolved: tls: fix missing memory barrier in tls_init In tls_init(), a write memory barrier is missing, and store-store reordering may cause NULL dereference in tls_{setsockopt,ge…
Map vulnerabilities like CWE-476 to your infrastructure
EchelonGraph correlates every CVE — across CWE-476 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →