NULL pointer dereference in Linux kernel - CVE-2025-38513
Published: August 18, 2025
Vulnerability identifier: #VU114145
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38513
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the zd_mac_tx_to_dev() function in drivers/net/wireless/zydas/zd1211rw/zd_mac.c. A local user can perform a denial of service (DoS) attack.
How to mitigate CVE-2025-38513
Install update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/014c34dc132015c4f918ada4982e952947ac1047
- https://git.kernel.org/stable/c/5420de65efbeb6503bcf1d43451c9df67ad60298
- https://git.kernel.org/stable/c/602b4eb2f25668de15de69860ec99caf65b3684d
- https://git.kernel.org/stable/c/74b1ec9f5d627d2bdd5e5b6f3f81c23317657023
- https://git.kernel.org/stable/c/adf08c96b963c7cd7ec1ee1c0c556228d9bedaae
- https://git.kernel.org/stable/c/b24f65c184540dfb967479320ecf7e8c2e9220dc
- https://git.kernel.org/stable/c/c1958270de947604cc6de05fc96dbba256b49cf0
- https://git.kernel.org/stable/c/fcd9c923b58e86501450b9b442ccc7ce4a8d0fda