CVE-2025-38121

MEDIUM

Linux Kernel - NULL Pointer Dereference

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: avoid panic on init failure In case of an error during init, in_hw_restart will be set, but it will never get cleared. Instead, we will retry to init again, and then we will act like we are in a restart when we are actually not. This causes (among others) to a NULL pointer dereference when canceling rx_omi::finished_work, that was not even initialized, because we thought that we are in hw_restart. Set in_hw_restart to true only if the fw is running, then we know that FW was loaded successfully and we are not going to the retry loop.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/a26ec8e16958b6dd37dac9daf5fb6978fe0cb0b8

Patch

https://git.kernel.org/stable/c/960c7e6d388034d219dafffa6da0a5c2ccd5ff30

Scores

CVSS v3 5.5

EPSS 0.0014

EPSS Percentile 3.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (8)

linux/Kernel 6.14.0 - 6.15.3linux

Linux/Linux < 6.14

Linux/Linux 6.14

Linux/Linux 6.15.3 - 6.15.*

Linux/Linux 6.16

Linux/Linux 7391b2a4f7dbb7be7dd763bc87506c10f570a8d3 - 960c7e6d388034d219dafffa6da0a5c2ccd5ff30

Linux/Linux 7391b2a4f7dbb7be7dd763bc87506c10f570a8d3 - a26ec8e16958b6dd37dac9daf5fb6978fe0cb0b8

linux/linux_kernel 6.14 - 6.15.3

Published Jul 03, 2025

Tracked Since Feb 18, 2026