Null Pointer Dereference Vulnerability in Linux Kernel WiFi Driver by Vendor Linux
CVE-2025-40066

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-40066?

A vulnerability exists within the Linux kernel's WiFi driver, specifically in the mt76 module. This flaw occurs in the mt7996 component during the initialization of station links. If a NULL pointer is not correctly handled before executing the initialization routine, it could lead to a dereference error, potentially causing system instability. The vulnerability has been addressed by ensuring the phy pointer is validated prior to invoking the initialization function, significantly enhancing system reliability and security.

Affected Version(s)

Linux dd82a9e02c054052b5899872c1f32805428f6131 < 2e671536c1c3c7bcad95d408a4ab42e2e54d1882

Linux dd82a9e02c054052b5899872c1f32805428f6131

Linux 6.15

References

https://git.kernel.org/stable/c/2e671536c1c3c7bcad95d408a...

https://git.kernel.org/stable/c/fe5fffadc6c77c56f122cf104...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Apr 16, 2025

JSON