Null Pointer Dereference in Linux Kernel Affects Wireless Driver Functionality
CVE-2025-38541

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 August 2025

What is CVE-2025-38541?

In the Linux kernel, a null pointer dereference vulnerability exists within the mt7925 wireless driver initialization process. The issue arises during the execution of mt7925_thermal_init(), where it fails to verify the output of devm_kasprintf(). If devm_kasprintf() returns NULL due to an error, the subsequent dereference leads to a system crash. Implementing a NULL check after this function call is crucial to prevent disruptions in wireless functionality and maintain system stability.

Affected Version(s)

Linux 396e41a74a88654f23e36c46d2995752c91654a5 < 1bbdf4213711bb6dc365e7628430a63dd3280794

Linux 396e41a74a88654f23e36c46d2995752c91654a5 < 2e99e9b34ece0b6d3e82cb757e9f60fa414da999

Linux 396e41a74a88654f23e36c46d2995752c91654a5 < 03ee8f73801a8f46d83dfc2bf73fb9ffa5a21602

References

https://git.kernel.org/stable/c/1bbdf4213711bb6dc365e7628...

https://git.kernel.org/stable/c/2e99e9b34ece0b6d3e82cb757...

https://git.kernel.org/stable/c/03ee8f73801a8f46d83dfc2bf...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Apr 16, 2025