-
CVE-2025-38513
- EPSS 0.04%
- Published 16.08.2025 10:55:00
- Last modified 18.08.2025 20:16:28
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved:
wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
There is a potential NULL pointer dereference in zd_mac_tx_to_dev(). For
example, the following is possible:
T0 T1
zd_mac_tx_to_dev()
/* len == skb_queue_len(q) */
while (len > ZD_MAC_MAX_ACK_WAITERS) {
filter_ack()
spin_lock_irqsave(&q->lock, flags);
/* position == skb_queue_len(q) */
for (i=1; i<position; i++)
skb = __skb_dequeue(q)
if (mac->type == NL80211_IFTYPE_AP)
skb = __skb_dequeue(q);
spin_unlock_irqrestore(&q->lock, flags);
skb_dequeue() -> NULL
Since there is a small gap between checking skb queue length and skb being
unconditionally dequeued in zd_mac_tx_to_dev(), skb_dequeue() can return NULL.
Then the pointer is passed to zd_mac_tx_status() where it is dereferenced.
In order to avoid potential NULL pointer dereference due to situations like
above, check if skb is not NULL before passing it to zd_mac_tx_status().
Found by Linux Verification Center (linuxtesting.org) with SVACE.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
c1958270de947604cc6de05fc96dbba256b49cf0
Version
459c51ad6e1fc19e91a53798358433d3c08cd09d
Status
affected
Version <
014c34dc132015c4f918ada4982e952947ac1047
Version
459c51ad6e1fc19e91a53798358433d3c08cd09d
Status
affected
Version <
b24f65c184540dfb967479320ecf7e8c2e9220dc
Version
459c51ad6e1fc19e91a53798358433d3c08cd09d
Status
affected
Version <
adf08c96b963c7cd7ec1ee1c0c556228d9bedaae
Version
459c51ad6e1fc19e91a53798358433d3c08cd09d
Status
affected
Version <
5420de65efbeb6503bcf1d43451c9df67ad60298
Version
459c51ad6e1fc19e91a53798358433d3c08cd09d
Status
affected
Version <
fcd9c923b58e86501450b9b442ccc7ce4a8d0fda
Version
459c51ad6e1fc19e91a53798358433d3c08cd09d
Status
affected
Version <
602b4eb2f25668de15de69860ec99caf65b3684d
Version
459c51ad6e1fc19e91a53798358433d3c08cd09d
Status
affected
Version <
74b1ec9f5d627d2bdd5e5b6f3f81c23317657023
Version
459c51ad6e1fc19e91a53798358433d3c08cd09d
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
2.6.25
Status
affected
Version <
2.6.25
Version
0
Status
unaffected
Version <=
5.4.*
Version
5.4.296
Status
unaffected
Version <=
5.10.*
Version
5.10.240
Status
unaffected
Version <=
5.15.*
Version
5.15.189
Status
unaffected
Version <=
6.1.*
Version
6.1.146
Status
unaffected
Version <=
6.6.*
Version
6.6.99
Status
unaffected
Version <=
6.12.*
Version
6.12.39
Status
unaffected
Version <=
6.15.*
Version
6.15.7
Status
unaffected
Version <=
*
Version
6.16
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.088 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|