Volerion logoVolerion
Volerion logoVolerion

Linux Kernel WiFi MT76 MT7925 NULL Pointer Dereference Vulnerability in Thermal Initialization

Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's WiFi MT76 MT7925 driver. The issue arises in the 'mt7925_thermal_init' function, which fails to check for errors from the 'devm_kasprintf' function. This oversight can lead to a NULL pointer dereference. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a crash or undefined behavior in the kernel.

Reproduction

The vulnerability can be reproduced by loading the WiFi MT76 MT7925 driver version 1.0 or prior, and initializing the thermal management feature. The 'mt7925_thermal_init' function will be called, which does not properly handle errors from 'devm_kasprintf', leading to a NULL pointer dereference.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.

Added: Aug 16, 2025, 12:32 PM
Updated: Aug 16, 2025, 12:32 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
0.3
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.