Linux Kernel NULL Pointer Dereference Vulnerability in brcmfmac Wi-Fi Driver

Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's brcmfmac Wi-Fi driver. This issue arises when a device is removed or the kernel module is unloaded, potentially leading to a crash. The vulnerability occurs in the brcmf_txfinalize() function, where the driver attempts to update transmission statistics. If a specific condition is met, the function can receive a NULL pointer, causing a dereference error. While this vulnerability has primarily been observed when updating transmission statistics, it could potentially impact other areas where the pointer is used.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a kernel crash. However, the vulnerability could be exploited in a way that allows for arbitrary code execution, according to a reference.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in brcmfmac Wi-Fi Driver

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating