CVE-2025-38294
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-11-19
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's ath12k wireless driver. When the function ath12k_mac_assign_vif_to_vdev() fails, the code incorrectly tries to access a radio handle (ar) from the link VIF handle (arvif) for debug logging. However, in the failure scenario, the radio handle is NULL, leading to a NULL pointer access. The fix involves avoiding this NULL access by using a hardware debug logging helper function instead.
How can this vulnerability impact me? :
The vulnerability can cause a NULL pointer dereference in the Linux kernel's wireless driver, which may lead to system instability or crashes when the affected function fails. This could disrupt wireless network functionality on affected devices.