NULL Dereference Vulnerability in Linux Kernel for Unsupported 6 GHz Band
CVE-2025-38646
What is CVE-2025-38646?
A vulnerability has been identified in the Linux kernel related to the rtw89 driver, where a NULL pointer dereference may occur when a problematic packet is received on an unsupported 6 GHz frequency band. This issue arises from a software oversight, leading to the assumption that a packet has been received on a band that the chip does not actually support. Consequently, when the software proceeds under this false assumption, it fails to properly initialize necessary components for that band, resulting in a NULL pointer dereference. This can cause disruptions in network operations and potential system instability.
Affected Version(s)
Linux c6aa9a9c47252ac7b07ed6d10459027e2f2a2de0 < 892b29eab44b1803d2cad8e50f1bc2144ef478cb
Linux c6aa9a9c47252ac7b07ed6d10459027e2f2a2de0 < 77a7a48f87d673a68664bebf044214821decbfda
Linux c6aa9a9c47252ac7b07ed6d10459027e2f2a2de0