Linux Kernel NULL Pointer Dereference Vulnerability in iwlwifi Component

Vulnerability

A vulnerability in the Linux kernel's iwlwifi component can lead to a NULL pointer dereference. This issue arises during the initialization process when an error occurs. The 'in_hw_restart' flag is set but never cleared, causing the system to incorrectly assume it is in a hardware restart. As a result, when the system attempts to cancel a work item that was not properly initialized, a NULL pointer dereference occurs. The vulnerability has been addressed by modifying the initialization process to ensure the 'in_hw_restart' flag is only set when the firmware is successfully loaded and running, preventing the system from entering an erroneous retry loop.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a system crash.

Added: Jul 3, 2025, 10:56 AM

Updated: Jul 3, 2025, 10:56 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in iwlwifi Component

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating