Null Pointer Dereference Vulnerability in Linux Kernel's MT76 Wireless Driver
CVE-2025-38156

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38156?

A vulnerability exists within the MT76 wireless driver of the Linux kernel that can lead to a null pointer dereference. This issue arises in the mt7996_mmio_wed_init() function which fails to check if devm_ioremap() returns NULL upon encountering an error. As a result, when this unchecked error condition occurs, it leads to potential instability or crashes within the system. It is crucial to apply the necessary patches to avoid exploitation of this flaw.

Affected Version(s)

Linux 83eafc9251d6d30574b629ac637c56d168fcbdd9 < 1072fc0ca1f8d0d5397d24853386876f937b8e63

Linux 83eafc9251d6d30574b629ac637c56d168fcbdd9

Linux 83eafc9251d6d30574b629ac637c56d168fcbdd9 < 8f30e2b059757d8711a823e4c9c023db62a1d171

References

https://git.kernel.org/stable/c/1072fc0ca1f8d0d5397d24853...

https://git.kernel.org/stable/c/af861c6dea2ef06845a5c7672...

https://git.kernel.org/stable/c/8f30e2b059757d8711a823e4c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025