CVE-2025-38121NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 77.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJul 3
Latest updateApr 18

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: avoid panic on init failure In case of an error during init, in_hw_restart will be set, but it will never get cleared. Instead, we will retry to init again, and then we will act like we are in a restart when we are actually not. This causes (among others) to a NULL pointer dereference when canceling rx_omi::finished_work, that was not even initialized, because we thought that we are in hw_restart. Set in_

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel6.146.15.3
CVEListV5linux/linux7391b2a4f7dbb7be7dd763bc87506c10f570a8d3a26ec8e16958b6dd37dac9daf5fb6978fe0cb0b8+2
debiandebian/linux

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
VulDB
Linux Kernel up to 6.15.2 wifi in_hw_restart null pointer dereference (EUVD-2025-19822 / Nessus ID 277738)2026-04-18
GHSA
GHSA-2prg-gcgc-mm7v: In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: avoid panic on init failure In case of an error during init,2025-07-03
OSV
CVE-2025-38121: In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: avoid panic on init failure In case of an error during init, i2025-07-03

📋Vendor Advisories

2
Red Hat
kernel: wifi: iwlwifi: mld: avoid panic on init failure2025-07-03
Debian
CVE-2025-38121: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwi...2025
CVE-2025-38121 — NULL Pointer Dereference in Linux | cvebase