Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2025-22032

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
16/04/2025
Last modified:
29/04/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: mt76: mt7921: fix kernel panic due to null pointer dereference<br /> <br /> Address a kernel panic caused by a null pointer dereference in the<br /> `mt792x_rx_get_wcid` function. The issue arises because the `deflink` structure<br /> is not properly initialized with the `sta` context. This patch ensures that the<br /> `deflink` structure is correctly linked to the `sta` context, preventing the<br /> null pointer dereference.<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000400<br /> #PF: supervisor read access in kernel mode<br /> #PF: error_code(0x0000) - not-present page<br /> PGD 0 P4D 0<br /> Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI<br /> CPU: 0 UID: 0 PID: 470 Comm: mt76-usb-rx phy Not tainted 6.12.13-gentoo-dist #1<br /> Hardware name: /AMD HUDSON-M1, BIOS 4.6.4 11/15/2011<br /> RIP: 0010:mt792x_rx_get_wcid+0x48/0x140 [mt792x_lib]<br /> RSP: 0018:ffffa147c055fd98 EFLAGS: 00010202<br /> RAX: 0000000000000000 RBX: ffff8e9ecb652000 RCX: 0000000000000000<br /> RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8e9ecb652000<br /> RBP: 0000000000000685 R08: ffff8e9ec6570000 R09: 0000000000000000<br /> R10: ffff8e9ecd2ca000 R11: ffff8e9f22a217c0 R12: 0000000038010119<br /> R13: 0000000080843801 R14: ffff8e9ec6570000 R15: ffff8e9ecb652000<br /> FS: 0000000000000000(0000) GS:ffff8e9f22a00000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 0000000000000400 CR3: 000000000d2ea000 CR4: 00000000000006f0<br /> Call Trace:<br /> <br /> ? __die_body.cold+0x19/0x27<br /> ? page_fault_oops+0x15a/0x2f0<br /> ? search_module_extables+0x19/0x60<br /> ? search_bpf_extables+0x5f/0x80<br /> ? exc_page_fault+0x7e/0x180<br /> ? asm_exc_page_fault+0x26/0x30<br /> ? mt792x_rx_get_wcid+0x48/0x140 [mt792x_lib]<br /> mt7921_queue_rx_skb+0x1c6/0xaa0 [mt7921_common]<br /> mt76u_alloc_queues+0x784/0x810 [mt76_usb]<br /> ? __pfx___mt76_worker_fn+0x10/0x10 [mt76]<br /> __mt76_worker_fn+0x4f/0x80 [mt76]<br /> kthread+0xd2/0x100<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork+0x34/0x50<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork_asm+0x1a/0x30<br /> <br /> ---[ end trace 0000000000000000 ]---

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.12.13 (including) 6.12.23 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13.2 (including) 6.13.11 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.14 (including) 6.14.2 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools