CWE-476— NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.— MITRE CWE catalog
4,963 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-476page 81 of 100
- CVE-2025-38301MEDIUMCVSS 5.5EG 5.52025-07-10
In the Linux kernel, the following vulnerability has been resolved: nvmem: zynqmp_nvmem: unbreak driver after cleanup Commit 29be47fcd6a0 ("nvmem: zynqmp_nvmem: zynqmp_nvmem_probe cleanup") changed the driver to expect the device pointer…
- CVE-2025-38304MEDIUMCVSS 5.5EG 5.52025-07-10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix NULL pointer deference on eir_get_service_data The len parameter is considered optional so it can be NULL so it cannot be used for skipping to next entry …
- CVE-2025-38307MEDIUMCVSS 5.5EG 5.52025-07-10
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Verify content returned by parse_int_array() The first element of the returned array stores its length. If it is 0, any manipulation beyond the element…
- CVE-2025-38308MEDIUMCVSS 5.5EG 5.52025-07-10
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix possible null-ptr-deref when initing hw Search result of avs_dai_find_path_template() shall be verified before being used. As 'template' is already…
- CVE-2025-38316MEDIUMCVSS 5.5EG 5.52025-07-10
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: avoid NULL pointer dereference in mt7996_set_monitor() The function mt7996_set_monitor() dereferences phy before the NULL sanity check. Fix this to …
- CVE-2025-38319MEDIUMCVSS 5.5EG 5.52025-07-10
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table The function atomctrl_initialize_mc_reg_table() and atomctrl_initialize_mc_reg_tab…
- CVE-2025-38328MEDIUMCVSS 5.5EG 5.52025-07-10
In the Linux kernel, the following vulnerability has been resolved: jffs2: check jffs2_prealloc_raw_node_refs() result in few other places Fuzzing hit another invalid pointer dereference due to the lack of checking whether jffs2_prealloc…
- CVE-2025-38337MEDIUMCVSS 5.5EG 5.52025-07-10
In the Linux kernel, the following vulnerability has been resolved: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() Since handle->h_transaction may be a NULL pointer, so we should change it to call is_handle_abort…
- CVE-2025-38362MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null pointer check for get_first_active_display() The function mod_hdcp_hdcp1_enable_encryption() calls the function get_first_active_display(), but…
- CVE-2025-38363MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Fix a possible null pointer dereference In tegra_crtc_reset(), new memory is allocated with kzalloc(), but no check is performed. Before calling __drm_atomic_…
- CVE-2025-38364CVSS 0.0EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Temporarily clear the preallocation flag when explicitly requesting allocations. Pre-existing allocations ar…
- CVE-2025-38368MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe() The returned value, pfsm->miscdev.name, from devm_kasprintf() could be NULL. A pointer check is added …
- CVE-2025-38371MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Disable interrupts before resetting the GPU Currently, an interrupt can be triggered during a GPU reset, which can lead to GPU hangs and NULL pointer dereferenc…
- CVE-2025-38381MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt() The cs40l50_upload_owt() function allocates memory via kmalloc() without checking for alloc…
- CVE-2025-38387MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert The obj_event may be loaded immediately after inserted, then if the list_head is not initialized then we m…
- CVE-2025-38398MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: spi: spi-qpic-snand: reallocate BAM transactions Using the mtd_nandbiterrs module for testing the driver occasionally results in weird things like below. 1. swiotlb map…
- CVE-2025-38399MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() The function core_scsi3_decode_spec_i_port(), in its error code path, unconditionally calls…
- CVE-2025-38402MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: idpf: return 0 size for RSS key if not supported Returning -EOPNOTSUPP from function returning u32 is leading to cast and invalid size value as a result. -EOPNOTSUPP as…
- CVE-2025-38408MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: genirq/irq_sim: Initialize work context pointers properly Initialize `ops` member's pointers properly by using kzalloc() instead of kmalloc() when allocating the simulat…
- CVE-2025-38420MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: do not ping device which has failed to load firmware Syzkaller reports [1, 2] crashes caused by an attempts to ping the device which has failed to load f…
- CVE-2025-38433MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: riscv: fix runtime constant support for nommu kernels the `__runtime_fixup_32` function does not handle the case where `val` is zero correctly (as might occur when patch…
- CVE-2025-38442MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: block: reject bs > ps block devices when THP is disabled If THP is disabled and when a block device with logical block size > page size is present, the following null pt…
- CVE-2025-38450MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() Add a NULL check for msta->vif before accessing its members to prevent a kernel pa…
- CVE-2025-38452MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe() Add check for the return value of rcar_gen4_ptp_alloc() to prevent potential null pointer dereference.
- CVE-2025-38454MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp() Use pr_warn() instead of dev_warn() when 'pdev' is NULL to avoid a potential NULL pointer deref…
- CVE-2025-38455MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight Reject migration of SEV{-ES} state if either the source or destination VM is actively creati…
- CVE-2025-38458MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() atmarpd_dev_ops does not implement the send method, which may cause crash as bellow. BUG: kernel NULL pointer d…
- CVE-2025-38460MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix potential null-ptr-deref in to_atmarpd(). atmarpd is protected by RTNL since commit f3a0592b37b8 ("[ATM]: clip causes unregister hang"). However, it is n…
- CVE-2025-38467MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling If there's support for another console device (such as a TTY serial), the kernel occasionally panics duri…
- CVE-2025-38468CVSS 0.0EG 5.52025-07-28
In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree htb_lookup_leaf has a BUG_ON that can trigger with the following: tc qdisc del dev lo root tc qdi…
- CVE-2025-38473MEDIUMCVSS 5.5EG 5.52025-07-28
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() syzbot reported null-ptr-deref in l2cap_sock_resume_cb(). [0] l2cap_sock_resume_cb() has a similar problem that …
- CVE-2025-38475MEDIUMCVSS 5.5EG 5.52025-07-28
In the Linux kernel, the following vulnerability has been resolved: smc: Fix various oops due to inet_sock type confusion. syzbot reported weird splats [0][1] in cipso_v4_sock_setattr() while freeing inet_sk(sk)->inet_opt. The address w…
- CVE-2025-38487MEDIUMCVSS 5.5EG 5.52025-07-28
In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Mitigate e.g. the following: # echo 1e789080.lpc-snoop > /sys/bus/platform/drivers/aspeed-lpc-sno…
- CVE-2025-38489MEDIUMCVSS 5.5EG 5.52025-07-28
In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again Commit 7ded842b356d ("s390/bpf: Fix bpf_plt pointer arithmetic") has accidentally removed the critical pie…
- CVE-2025-38510MEDIUMCVSS 5.5EG 5.52025-08-16
In the Linux kernel, the following vulnerability has been resolved: kasan: remove kasan_find_vm_area() to prevent possible deadlock find_vm_area() couldn't be called in atomic_context. If find_vm_area() is called to reports vm area info…
- CVE-2025-38513MEDIUMCVSS 5.5EG 5.52025-08-16
In the Linux kernel, the following vulnerability has been resolved: wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() There is a potential NULL pointer dereference in zd_mac_tx_to_dev(). For example, the follow…
- CVE-2025-38516MEDIUMCVSS 5.5EG 5.52025-08-16
In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: msm: mark certain pins as invalid for interrupts On some platforms, the UFS-reset pin has no interrupt logic in TLMM but is nevertheless registered as a G…
- CVE-2025-38517MEDIUMCVSS 5.5EG 5.52025-08-16
In the Linux kernel, the following vulnerability has been resolved: lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() alloc_tag_top_users() attempts to lock alloc_tag_cttype->mod_lock even when the alloc_tag_cttype…
- CVE-2025-38522MEDIUMCVSS 5.5EG 5.52025-08-16
In the Linux kernel, the following vulnerability has been resolved: sched/ext: Prevent update_locked_rq() calls with NULL rq Avoid invoking update_locked_rq() when the runqueue (rq) pointer is NULL in the SCX_CALL_OP and SCX_CALL_OP_RET …
- CVE-2025-38526MEDIUMCVSS 5.5EG 5.52025-08-16
In the Linux kernel, the following vulnerability has been resolved: ice: add NULL check in eswitch lag check The function ice_lag_is_switchdev_running() is being called from outside of the LAG event handler code. This results in the lag…
- CVE-2025-38541MEDIUMCVSS 5.5EG 5.52025-08-16
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() devm_kasprintf() returns NULL on error. Currently, mt7925_thermal_init() does not check for this case, wh…
- CVE-2025-38543MEDIUMCVSS 5.5EG 5.52025-08-16
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: nvdec: Fix dma_alloc_coherent error check Check for NULL return value with dma_alloc_coherent, in line with Robin's fix for vic.c in 'drm/tegra: vic: Fix DMA …
- CVE-2025-38557MEDIUMCVSS 5.5EG 5.52025-08-19
In the Linux kernel, the following vulnerability has been resolved: HID: apple: validate feature-report field count to prevent NULL pointer dereference A malicious HID device with quirk APPLE_MAGIC_BACKLIGHT can trigger a NULL pointer de…
- CVE-2025-38558MEDIUMCVSS 5.5EG 5.52025-08-19
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Initialize frame-based format color matching descriptor Fix NULL pointer crash in uvcg_framebased_make due to uninitialized color matching descriptor f…
- CVE-2025-38559MEDIUMCVSS 5.5EG 5.52025-08-19
In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmt: fix a crashlog NULL pointer access Usage of the intel_pmt_read() for binary sysfs, requires a pcidev. The current use of the endpoint value is on…
- CVE-2025-38562MEDIUMCVSS 5.5EG 5.52025-08-19
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generate_encryptionkey If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in …
- CVE-2025-38569MEDIUMCVSS 5.5EG 5.52025-08-19
In the Linux kernel, the following vulnerability has been resolved: benet: fix BUG when creating VFs benet crashes as soon as SRIOV VFs are created: kernel BUG at mm/vmalloc.c:3457! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU…
- CVE-2025-38581MEDIUMCVSS 5.5EG 5.52025-08-19
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix crash when rebind ccp device for ccp.ko When CONFIG_CRYPTO_DEV_CCP_DEBUGFS is enabled, rebinding the ccp device causes the following crash: $ echo '00…
- CVE-2025-38583MEDIUMCVSS 5.5EG 5.52025-08-19
In the Linux kernel, the following vulnerability has been resolved: clk: xilinx: vcu: unregister pll_post only if registered correctly If registration of pll_post is failed, it will be set to NULL or ERR, unregistering same will fail wit…
- CVE-2025-38586MEDIUMCVSS 5.5EG 5.52025-08-19
In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix fp initialization for exception boundary In the ARM64 BPF JIT when prog->aux->exception_boundary is set for a BPF program, find_used_callee_regs() is not…
Map vulnerabilities like CWE-476 to your infrastructure
EchelonGraph correlates every CVE — across CWE-476 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →