-
CVE-2025-38513
- EPSS 0.04%
- Veröffentlicht 16.08.2025 10:55:00
- Zuletzt bearbeitet 18.08.2025 20:16:28
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved:
wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
There is a potential NULL pointer dereference in zd_mac_tx_to_dev(). For
example, the following is possible:
T0 T1
zd_mac_tx_to_dev()
/* len == skb_queue_len(q) */
while (len > ZD_MAC_MAX_ACK_WAITERS) {
filter_ack()
spin_lock_irqsave(&q->lock, flags);
/* position == skb_queue_len(q) */
for (i=1; i<position; i++)
skb = __skb_dequeue(q)
if (mac->type == NL80211_IFTYPE_AP)
skb = __skb_dequeue(q);
spin_unlock_irqrestore(&q->lock, flags);
skb_dequeue() -> NULL
Since there is a small gap between checking skb queue length and skb being
unconditionally dequeued in zd_mac_tx_to_dev(), skb_dequeue() can return NULL.
Then the pointer is passed to zd_mac_tx_status() where it is dereferenced.
In order to avoid potential NULL pointer dereference due to situations like
above, check if skb is not NULL before passing it to zd_mac_tx_status().
Found by Linux Verification Center (linuxtesting.org) with SVACE.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
c1958270de947604cc6de05fc96dbba256b49cf0
Version
459c51ad6e1fc19e91a53798358433d3c08cd09d
Status
affected
Version <
014c34dc132015c4f918ada4982e952947ac1047
Version
459c51ad6e1fc19e91a53798358433d3c08cd09d
Status
affected
Version <
b24f65c184540dfb967479320ecf7e8c2e9220dc
Version
459c51ad6e1fc19e91a53798358433d3c08cd09d
Status
affected
Version <
adf08c96b963c7cd7ec1ee1c0c556228d9bedaae
Version
459c51ad6e1fc19e91a53798358433d3c08cd09d
Status
affected
Version <
5420de65efbeb6503bcf1d43451c9df67ad60298
Version
459c51ad6e1fc19e91a53798358433d3c08cd09d
Status
affected
Version <
fcd9c923b58e86501450b9b442ccc7ce4a8d0fda
Version
459c51ad6e1fc19e91a53798358433d3c08cd09d
Status
affected
Version <
602b4eb2f25668de15de69860ec99caf65b3684d
Version
459c51ad6e1fc19e91a53798358433d3c08cd09d
Status
affected
Version <
74b1ec9f5d627d2bdd5e5b6f3f81c23317657023
Version
459c51ad6e1fc19e91a53798358433d3c08cd09d
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
2.6.25
Status
affected
Version <
2.6.25
Version
0
Status
unaffected
Version <=
5.4.*
Version
5.4.296
Status
unaffected
Version <=
5.10.*
Version
5.10.240
Status
unaffected
Version <=
5.15.*
Version
5.15.189
Status
unaffected
Version <=
6.1.*
Version
6.1.146
Status
unaffected
Version <=
6.6.*
Version
6.6.99
Status
unaffected
Version <=
6.12.*
Version
6.12.39
Status
unaffected
Version <=
6.15.*
Version
6.15.7
Status
unaffected
Version <=
*
Version
6.16
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.088 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|