CWE-476— NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.— MITRE CWE catalog
4,955 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-476page 43 of 100
- CVE-2022-50003MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: ice: xsk: prohibit usage of non-balanced queue id Fix the following scenario: 1. ethtool -L $IFACE rx 8 tx 96 2. xdpsock -q 10 -t -z Above refers to a case where user w…
- CVE-2022-50004MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix metadata dst->dev xmit null pointer dereference When we try to transmit an skb with metadata_dst attached (i.e. dst->dev == NULL) through xfrm interfac…
- CVE-2022-50009MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null-ptr-deref in f2fs_get_dnode_of_data There is issue as follows when test f2fs atomic write: F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superb…
- CVE-2022-50015MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot It is not yet clear, but it is possible to create a firmware so broken that it will send a reply…
- CVE-2022-50016MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot It is not yet clear, but it is possible to create a firmware so broken that it will send a reply mes…
- CVE-2022-50024MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-axi-dmac: do not print NULL LLI during error During debugging we have seen an issue where axi_chan_dump_lli() is passed a NULL LLI pointer which ends up ca…
- CVE-2022-50047MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6060: prevent crash on an unused port If the port isn't a CPU port nor a user port, 'cpu_dp' is a null pointer and a crash happened on dereferencing it in…
- CVE-2022-50049MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: ASoC: DPCM: Don't pick up BE without substream When DPCM tries to add valid BE connections at dpcm_add_paths(), it doesn't check whether the picked BE actually supports …
- CVE-2022-50054MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: iavf: Fix NULL pointer dereference in iavf_get_link_ksettings Fix possible NULL pointer dereference, due to freeing of adapter->vf_res in iavf_init_get_resources. Previo…
- CVE-2022-50056MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix missing i_op in ntfs_read_mft There is null pointer dereference because i_op == NULL. The bug happens because we don't initialize i_op for records in $Exte…
- CVE-2022-50057MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr If ntfs_fill_super() wasn't called then sbi->sb will be equal to NULL. Code should check this ptr before dereferencing. S…
- CVE-2022-50058MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: vdpa_sim_blk: set number of address spaces and virtqueue groups Commit bda324fd037a ("vdpasim: control virtqueue support") added two new fields (nas, ngroups) to vdpasim…
- CVE-2022-50063MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: suppress non-changes to the tagging protocol The way in which dsa_tree_change_tag_proto() works is that when dsa_tree_notify() fails, it doesn't know wh…
- CVE-2022-50068MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix dummy res NULL ptr deref bug Check the bo->resource value before accessing the resource mem_type. v2: Fix commit description unwrapped warning <log snip> …
- CVE-2022-50069MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: BPF: Fix potential bad pointer dereference in bpf_sys_bpf() The bpf_sys_bpf() helper function allows an eBPF program to load another eBPF program from within the kernel.…
- CVE-2022-50073MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null Fixes a NULL pointer derefence bug triggered from tap driver. When tap_get_user calls…
- CVE-2022-50075MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Have event probes be consistent with kprobes and uprobes Currently, if a symbol "@" is attempted to be used with an event probe (eprobes), it will cause…
- CVE-2022-50078MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Do not allow eprobes to use $stack, or % for regs While playing with event probes (eprobes), I tried to see what would happen if I attempted to retrieve…
- CVE-2022-50080MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: tee: add overflow check in register_shm_helper() With special lengths supplied by user space, register_shm_helper() has an integer overflow when calculating the number o…
- CVE-2022-50091MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: locking/csd_lock: Change csdlock_debug from early_param to __setup The csdlock_debug kernel-boot parameter is parsed by the early_param() function csdlock_debug(). If s…
- CVE-2022-50132MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() If 'ep' is NULL, result of ep_to_cdns3_ep(ep) is invalid pointer …
- CVE-2022-50133MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: usb: xhci_plat_remove: avoid NULL dereference Since commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a ("usb: host: xhci-plat: omit shared hcd if either root hub has no por…
- CVE-2022-50135MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup The function rxe_create_qp calls rxe_qp_from_init. If some error occurs, the error handler of function rxe_…
- CVE-2022-50144MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: soundwire: revisit driver bind/unbind and callbacks In the SoundWire probe, we store a pointer from the driver ops into the 'slave' structure. This can lead to kernel oo…
- CVE-2022-50145MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: Add multithread support for a DMA channel When we get a DMA channel and try to use it in multiple threads it will cause oops and hanging the system. …
- CVE-2022-50148MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: kernfs: fix potential NULL dereference in __kernfs_remove When lockdep is enabled, lockdep_assert_held_write would cause potential NULL pointer dereference. Fix the fol…
- CVE-2022-50181MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cache_ent' could be set NULL inside virtio_gpu_cmd_get_capset() and it will lead to a NULL dereference by a la…
- CVE-2022-50206MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: arm64: fix oops in concurrently setting insn_emulation sysctls emulation_proc_handler() changes table->data for proc_dointvec_minmax and can generate the following Oops …
- CVE-2022-50218MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fix the warning in isl29028_remove() The driver use the non-managed form of the register function in isl29028_remove(). To keep the release order a…
- CVE-2022-50244MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() If device_register() fails in cxl_pci_afu|adapter(), the device is not added, device_unregister() can not …
- CVE-2022-50262MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate BOOT record_size When the NTFS BOOT record_size field < 0, it represents a shift value. However, there is no sanity check on the shift result and the …
- CVE-2022-50266MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix check for probe enabled in kill_kprobe() In kill_kprobe(), the check whether disarm_kprobe_ftrace() needs to be called always fails. This is because before …
- CVE-2022-50267MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: mmc: rtsx_pci: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() wil…
- CVE-2022-50268MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: mmc: moxart: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will …
- CVE-2022-50272MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() Wei Chen reports a kernel bug as blew: general protection fault, probably for non-canonical address KASA…
- CVE-2022-50276MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: power: supply: fix null pointer dereferencing in power_supply_get_battery_info when kmalloc() fail to allocate memory in kasprintf(), propname will be NULL, strcmp() cal…
- CVE-2022-50277MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: ext4: don't allow journal inode to have encrypt flag Mounting a filesystem whose journal inode has the encrypt flag causes a NULL dereference in fscrypt_limit_io_blocks(…
- CVE-2022-50280MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: pnode: terminate at peers of source The propagate_mnt() function handles mount propagation when creating mounts and propagates the source mount tree @source_mnt to all a…
- CVE-2022-50295MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: io_uring/msg_ring: Fix NULL pointer dereference in io_msg_send_fd() Syzkaller produced the below call trace: BUG: KASAN: null-ptr-deref in io_msg_ring+0x3cb/0x9f0 Wri…
- CVE-2022-50308MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Add checks for devm_kcalloc As the devm_kcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference.
- CVE-2022-50317MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: megachips: Fix a null pointer dereference bug When removing the module we will get the following warning: [ 31.911505] i2c-core: driver [stdp2690-ge-b850v…
- CVE-2022-50327MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value The return value of acpi_fetch_acpi_dev() could be NULL, which would cause a NULL pointer dereference to …
- CVE-2022-50334MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() Syzkaller reports a null-ptr-deref bug as follows: ====================================================== KASAN:…
- CVE-2022-50336MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add null pointer check to attr_load_runs_vcn Some metadata files are handled before MFT. This adds a null pointer check for some corner cases that could lead t…
- CVE-2022-50344MEDIUMCVSS 5.5EG 5.52025-09-16
In the Linux kernel, the following vulnerability has been resolved: ext4: fix null-ptr-deref in ext4_write_info I caught a null-ptr-deref bug as follows: ================================================================== KASAN: null-ptr-…
- CVE-2022-50347MEDIUMCVSS 5.5EG 5.52025-09-16
In the Linux kernel, the following vulnerability has been resolved: mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host…
- CVE-2022-50353MEDIUMCVSS 5.5EG 5.52025-09-17
In the Linux kernel, the following vulnerability has been resolved: mmc: wmt-sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() wi…
- CVE-2022-50354MEDIUMCVSS 5.5EG 5.52025-09-17
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfd_process_device_init_vm error handling Should only destroy the ib_mem and let process cleanup worker to free the outstanding BOs. Reset the pointer in…
- CVE-2022-50356MEDIUMCVSS 5.5EG 5.52025-09-17
In the Linux kernel, the following vulnerability has been resolved: net: sched: sfb: fix null pointer access issue when sfb_init() fails When the default qdisc is sfb, if the qdisc of dev_queue fails to be inited during mqprio_init(), sf…
- CVE-2022-50359MEDIUMCVSS 5.5EG 5.52025-09-17
In the Linux kernel, the following vulnerability has been resolved: media: cx88: Fix a null-ptr-deref bug in buffer_prepare() When the driver calls cx88_risc_buffer() to prepare the buffer, the function call may fail, resulting in a empt…
Map vulnerabilities like CWE-476 to your infrastructure
EchelonGraph correlates every CVE — across CWE-476 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →