CVE-2025-38513

wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() There is a potential NULL pointer dereference in zd_mac_tx_to_dev(). For example, the following is possible: T0 T1 zd_mac_tx_to_dev() /* len == skb_queue_len(q) */ while (len > ZD_MAC_MAX_ACK_WAITERS) { filter_ack() spin_lock_irqsave(&q->lock, flags); /* position == skb_queue_len(q) */ for (i=1; i<position; i++) skb = __skb_dequeue(q) if (mac->type == NL80211_IFTYPE_AP) skb = __skb_dequeue(q); spin_unlock_irqrestore(&q->lock, flags); skb_dequeue() -> NULL Since there is a small gap between checking skb queue length and skb being unconditionally dequeued in zd_mac_tx_to_dev(), skb_dequeue() can return NULL. Then the pointer is passed to zd_mac_tx_status() where it is dereferenced. In order to avoid potential NULL pointer dereference due to situations like above, check if skb is not NULL before passing it to zd_mac_tx_status(). Found by Linux Verification Center (linuxtesting.org) with SVACE.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/c1958270de947604cc6de05fc96dbba256b49cf0
https://git.kernel.org/stable/c/014c34dc132015c4f918ada4982e952947ac1047
https://git.kernel.org/stable/c/b24f65c184540dfb967479320ecf7e8c2e9220dc
https://git.kernel.org/stable/c/adf08c96b963c7cd7ec1ee1c0c556228d9bedaae
https://git.kernel.org/stable/c/5420de65efbeb6503bcf1d43451c9df67ad60298
https://git.kernel.org/stable/c/fcd9c923b58e86501450b9b442ccc7ce4a8d0fda
https://git.kernel.org/stable/c/602b4eb2f25668de15de69860ec99caf65b3684d
https://git.kernel.org/stable/c/74b1ec9f5d627d2bdd5e5b6f3f81c23317657023

Frequently Asked Questions

What is the severity of CVE-2025-38513?
CVE-2025-38513 has not yet been assigned a CVSS score.
How to fix CVE-2025-38513?
To fix CVE-2025-38513, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38513 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38513 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38513?
CVE-2025-38513 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.