SB2025082053 - NULL pointer dereference in Linux kernel iwlwifi dvm driver
Published: August 20, 2025
Security Bulletin ID
SB2025082053
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-38602)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iwl_bg_restart(), iwl_setup_deferred_work(), iwl_op_mode_dvm_start() and iwl_cancel_deferred_work() functions in drivers/net/wireless/intel/iwlwifi/dvm/main.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/6663c52608d8d8727bf1911e6d9218069ba1c85e
- https://git.kernel.org/stable/c/70a1b527eaea9430b1bd87de59f3b9f6bd225701
- https://git.kernel.org/stable/c/7dd6350307af6521b6240b295c93b7eec4daebe6
- https://git.kernel.org/stable/c/90a0d9f339960448a3acc1437a46730f975efd6a
- https://git.kernel.org/stable/c/c0e43c3f6c0a79381b468574c241065998412b7c
- https://git.kernel.org/stable/c/ca980f1911a7144d451d1c31298ab8507c6bd88f