NULL Pointer Dereference Vulnerability in Linux Kernel WiFi Driver for Raspberry Pi by Broadcom
CVE-2025-40321

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-40321?

A NULL pointer dereference vulnerability in the brcmfmac driver of the Linux kernel causes a crash during Action frame transmission in standalone AP mode. When managed by hostapd without P2P interfaces initialized, the driver attempts to send an Action frame using an uninitialized P2P vif pointer. This leads to a failure where the system cannot handle the dereference, resulting in a kernel crash. The issue is addressed by ensuring the correct vif corresponding to the wireless device is utilized for firmware communication, preventing such crashes during Action frame transmission.

Affected Version(s)

Linux 18e2f61db3b708e0a22ccc403cb6ab2203d6faab

Linux 18e2f61db3b708e0a22ccc403cb6ab2203d6faab < 55f60a72a178909ece4e32987e4c642ba57e1cf4

References

https://git.kernel.org/stable/c/c863b9c7b4e9af0b7931cb791...

https://git.kernel.org/stable/c/e1fc9afcce9139791260f9625...

https://git.kernel.org/stable/c/55f60a72a178909ece4e32987...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Apr 16, 2025

JSON