#VU108296 NULL pointer dereference in Linux kernel - CVE-2025-37748
Vulnerability identifier: #VU108296
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_iommu_probe() function in drivers/iommu/mtk_iommu.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.13, 6.13.1, 6.13.2, 6.13.3, 6.13.4, 6.13.5, 6.13.6, 6.13.7, 6.13.8, 6.13.9, 6.13.10, 6.13.11
External links
https://git.kernel.org/stable/c/2f75cb27bef43c8692b0f5e471e5632f6a9beb99
https://git.kernel.org/stable/c/38e8844005e6068f336a3ad45451a562a0040ca1
https://git.kernel.org/stable/c/69f9d2d37d1207c5a73dac52a4ce1361ead707f5
https://git.kernel.org/stable/c/6abd09bed43b8d83d461e0fb5b9a200a06aa8a27
https://git.kernel.org/stable/c/a0842539e8ef9386c070156103aff888e558a60c
https://git.kernel.org/stable/c/ce7d3b2f6f393fa35f0ea12861b83a1ca28b295c
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.12
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
