NULL pointer dereference in Linux kernel - CVE-2025-37794
Published: May 2, 2025 / Updated: May 10, 2025
Vulnerability identifier: #VU108289
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-37794
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.
How to mitigate CVE-2025-37794
Install update from vendor's website.
Sources
- https://git.kernel.org/stable/c/305741e7e63234cbcf9b5c4e6aeca25ba0834be8
- https://git.kernel.org/stable/c/378677eb8f44621ecc9ce659f7af61e5baa94d81
- https://git.kernel.org/stable/c/5f6863dc407f25fcf23fc857f9ac51756a09ea2c
- https://git.kernel.org/stable/c/8bc34db7f771a464ff8f686b6f8d4e04963fec27
- https://git.kernel.org/stable/c/929ec2c9ad34248ef625e137b6118b6e965797d9
- https://git.kernel.org/stable/c/a8df245b5b29f6de98d016dc18e2bb35ec70b0cb
- https://git.kernel.org/stable/c/a932a5ce4eee0cbad20220f950fe7bd3534bcbc9
- https://git.kernel.org/stable/c/c74b84544dee27298a71715b3ce2c40d372b5a23
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.88