Primary

Context

Linux Kernel WiFi Subsystem Null Pointer Dereference Vulnerability in Carl9170 Driver

Vulnerability

Patched

A null pointer dereference vulnerability has been identified in the Linux kernel's WiFi subsystem, specifically within the carl9170 driver. This issue arises when the system attempts to ping a device that has failed to load its firmware. Such a device does not complete the hardware registration process, which means an internal work queue is not yet available. As a result, any attempt to queue work for the device leads to a null pointer dereference, causing a crash.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a crash of the affected system.

Added: Jul 25, 2025, 4:43 PM

Updated: Jul 25, 2025, 4:43 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel WiFi Subsystem Null Pointer Dereference Vulnerability in Carl9170 Driver

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating